📜 refactor: Log Error Messages when OAuth Fails (#5337)

api/server/routes/oauth.js

@@ -28,6 +28,12 @@ const oauthHandler = async (req, res) => {
   }
 };
 
+router.get('/error', (req, res) => {
+  // A single error message is pushed by passport when authentication fails.
+  logger.error('Error in OAuth authentication:', { message: req.session.messages.pop() });
+  res.redirect(`${domains.client}/login`);
+});
+
 /**
  * Google Routes
  */
@@ -42,7 +48,7 @@ router.get(
 router.get(
   '/google/callback',
   passport.authenticate('google', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
     scope: ['openid', 'profile', 'email'],
@@ -62,7 +68,7 @@ router.get(
 router.get(
   '/facebook/callback',
   passport.authenticate('facebook', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
     scope: ['public_profile'],
@@ -81,7 +87,7 @@ router.get(
 router.get(
   '/openid/callback',
   passport.authenticate('openid', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
   }),
@@ -99,7 +105,7 @@ router.get(
 router.get(
   '/github/callback',
   passport.authenticate('github', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
     scope: ['user:email', 'read:user'],
@@ -117,7 +123,7 @@ router.get(
 router.get(
   '/discord/callback',
   passport.authenticate('discord', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
     scope: ['identify', 'email'],