Skip to content

Commit fe4617e

Browse files
committed
fixup! fix!: normalise InvalidArgumentError to server_error on the wire
1 parent b439424 commit fe4617e

2 files changed

Lines changed: 41 additions & 2 deletions

File tree

docs/api/errors/invalid-argument-error.md

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,26 @@
11
<a name="InvalidArgumentError"></a>
22

33
## InvalidArgumentError
4-
"An argument to a function or constructor is missing or of wrong type"
4+
Thrown when an argument to a function or constructor is missing or of the
5+
wrong type — i.e. a programming or configuration error in the code that
6+
integrates this library (for example, a missing server option, or a `model`
7+
that does not implement a required method).
8+
9+
`InvalidArgumentError` is **not** an OAuth 2.0 protocol error: its
10+
`invalid_argument` code (HTTP 500) is not one of the error codes defined by
11+
RFC 6749 and must never be sent to an OAuth client. How it surfaces therefore
12+
depends on *when* it is raised:
13+
14+
- **At construction / configuration time** (missing options, a `model` missing
15+
a required method, or `request`/`response` not being instances of this
16+
library's `Request`/`Response`) it is thrown to your code unchanged, before
17+
any response is produced — so you can catch it while wiring up the server.
18+
- **While handling a request** (for example, when a `model` returns malformed
19+
token data) the `token` and `authorize` handlers normalise it to a
20+
`ServerError` (`server_error`) before the response reaches the client,
21+
preserving the original error as `.inner`. So when you `catch` errors from
22+
`OAuth2Server#token` or `OAuth2Server#authorize`, expect a `ServerError`
23+
(inspect its `.inner`) for these cases — not an `InvalidArgumentError`.
524

625
**Kind**: global class
726
<a name="new_InvalidArgumentError_new"></a>

lib/errors/invalid-argument-error.js

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,28 @@
77
const OAuthError = require('./oauth-error');
88

99
/**
10+
* Thrown when an argument to a function or constructor is missing or of the
11+
* wrong type — i.e. a programming or configuration error in the code that
12+
* integrates this library (for example, a missing server option, or a `model`
13+
* that does not implement a required method).
14+
*
15+
* `InvalidArgumentError` is **not** an OAuth 2.0 protocol error: its
16+
* `invalid_argument` code (HTTP 500) is not one of the error codes defined by
17+
* RFC 6749 and must never be sent to an OAuth client. How it surfaces therefore
18+
* depends on *when* it is raised:
19+
*
20+
* - **At construction / configuration time** (missing options, a `model` missing
21+
* a required method, or `request`/`response` not being instances of this
22+
* library's `Request`/`Response`) it is thrown to your code unchanged, before
23+
* any response is produced — so you can catch it while wiring up the server.
24+
* - **While handling a request** (for example, when a `model` returns malformed
25+
* token data) the `token` and `authorize` handlers normalise it to a
26+
* `ServerError` (`server_error`) before the response reaches the client,
27+
* preserving the original error as `.inner`. So when you `catch` errors from
28+
* `OAuth2Server#token` or `OAuth2Server#authorize`, expect a `ServerError`
29+
* (inspect its `.inner`) for these cases — not an `InvalidArgumentError`.
30+
*
1031
* @class
11-
* @classDesc "An argument to a function or constructor is missing or of wrong type"
1232
*/
1333

1434
class InvalidArgumentError extends OAuthError {

0 commit comments

Comments
 (0)