From 498576dd9765fceaf12b017b575f2be09c7fab23 Mon Sep 17 00:00:00 2001
From: Mika Vakula <7551056+mvakula@users.noreply.github.com>
Date: Wed, 16 Nov 2022 13:55:17 +0200
Subject: [PATCH 1/2] Don't swallow error if error and error_description are
 provided

---
 lib/strategy.js     |  3 +++
 test/oauth2.test.js | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/lib/strategy.js b/lib/strategy.js
index b05aacc..2bd5c2e 100644
--- a/lib/strategy.js
+++ b/lib/strategy.js
@@ -175,6 +175,9 @@ OAuth2Strategy.prototype.authenticate = function(req, options) {
       self._oauth2.getOAuthAccessToken(code, params,
         function(err, accessToken, refreshToken, params) {
           if (err) { return self.error(self._createOAuthError('Failed to obtain access token', err)); }
+          if (!accessToken && params && params.error && params.error_description) {
+            return self.error(new TokenError(params.error_description, params.error, params.error_uri));
+          }
           if (!accessToken) { return self.error(new Error('Failed to obtain access token')); }
 
           self._loadUserProfile(accessToken, function(err, profile) {
diff --git a/test/oauth2.test.js b/test/oauth2.test.js
index 36552b6..d36ea62 100644
--- a/test/oauth2.test.js
+++ b/test/oauth2.test.js
@@ -1175,6 +1175,50 @@ describe('OAuth2Strategy', function() {
         expect(err.oauthError).to.be.undefined;
       });
     }); // that errors due to token request error, in node-oauth object literal form with OAuth 2.0-compatible body
+
+    describe('that does not error but has result body with error due to token request error, in node-oauth object literal form with OAuth 2.0-compatible body', function() {
+      var strategy = new OAuth2Strategy({
+        authorizationURL: 'https://www.example.com/oauth2/authorize',
+        tokenURL: 'https://www.example.com/oauth2/token',
+        clientID: 'ABC123',
+        clientSecret: 'secret',
+        callbackURL: 'https://www.example.net/auth/example/callback',
+      },
+      function(accessToken, refreshToken, params, profile, done) {
+        return done(new Error('verify callback should not be called'));
+      });
+
+      strategy._oauth2.getOAuthAccessToken = function(code, options, callback) {
+        return callback(null, undefined, undefined, {
+          error: "redirect_uri_mismatch",
+          error_description: "The redirect_uri MUST match the registered callback URL for this application.",
+          error_uri: "/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/#redirect-uri-mismatch2"
+        })
+      }
+
+
+      var err;
+
+      before(function(done) {
+        chai.passport.use(strategy)
+          .error(function(e) {
+            err = e;
+            done();
+          })
+          .req(function(req) {
+            req.query = {};
+            req.query.code = 'SplxlOBeZQQYbYS6WxSbIA';
+          })
+          .authenticate();
+      });
+
+      it('should error', function() {
+        expect(err).to.be.an.instanceof(TokenError)
+        expect(err.message).to.equal('The redirect_uri MUST match the registered callback URL for this application.');
+        expect(err.code).to.equal('redirect_uri_mismatch');
+        expect(err.oauthError).to.be.undefined;
+      });
+    }); // that errors due to token request error, in node-oauth object literal form with OAuth 2.0-compatible body
     
     describe('that errors due to token request error, in node-oauth object literal form with JSON body', function() {
       var strategy = new OAuth2Strategy({

From d9235b5f5f10c3d226abd0ddaf8c8d2157c3e038 Mon Sep 17 00:00:00 2001
From: Mika Vakula <7551056+mvakula@users.noreply.github.com>
Date: Wed, 16 Nov 2022 14:05:30 +0200
Subject: [PATCH 2/2] Update test name

---
 test/oauth2.test.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/oauth2.test.js b/test/oauth2.test.js
index d36ea62..ce38e4c 100644
--- a/test/oauth2.test.js
+++ b/test/oauth2.test.js
@@ -1176,7 +1176,7 @@ describe('OAuth2Strategy', function() {
       });
     }); // that errors due to token request error, in node-oauth object literal form with OAuth 2.0-compatible body
 
-    describe('that does not error but has result body with error due to token request error, in node-oauth object literal form with OAuth 2.0-compatible body', function() {
+    describe('that does not error but has result body with error due to token request error, in parsed node-oauth object form with OAuth 2.0-compatible body', function() {
       var strategy = new OAuth2Strategy({
         authorizationURL: 'https://www.example.com/oauth2/authorize',
         tokenURL: 'https://www.example.com/oauth2/token',