# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1684410083 -7200
# Node ID d0b93105b2896a3ee920d9c27d35c092ffb39b3b
# Parent  e4382f6e356427e119475ec4e0ec7d4ad261df40
mod_http_oauth2: Don't return redirects or HTML from token endpoint

These are used by the client, not the user, so makes more sense to
return JSON directly instead of a redirect or HTML error page when .

diff -r e4382f6e3564 -r d0b93105b289 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 13:27:27 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 13:41:23 2023 +0200
@@ -664,7 +664,7 @@
 	event.response.headers.content_type = "application/json";
 	local params = http.formdecode(event.request.body);
 	if not params then
-		return error_response(event.request, oauth_error("invalid_request"));
+		return oauth_error("invalid_request");
 	end
 
 	if credentials and credentials.type == "basic" then
@@ -676,7 +676,7 @@
 	local grant_type = params.grant_type
 	local grant_handler = grant_type_handlers[grant_type];
 	if not grant_handler then
-		return error_response(event.request, oauth_error("unsupported_grant_type"));
+		return oauth_error("invalid_request");
 	end
 	return grant_handler(params);
 end