From 1bc9dc30f6e43517af2887df3d3e954ed5e19437 Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@cloudron.io>
Date: Fri, 17 Oct 2025 23:43:17 +0200
Subject: [PATCH] Render oidc error page instead of showing a httperror if
 interaction is invalid

Fixes #862
---
 src/oidcserver.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/oidcserver.js b/src/oidcserver.js
index 0c4933a13..579f144e5 100644
--- a/src/oidcserver.js
+++ b/src/oidcserver.js
@@ -291,9 +291,9 @@ async function renderError(error) {
     return ejs.render(TEMPLATE_ERROR, data);
 }
 
-async function renderInteractionPage(req, res, next) {
+async function renderInteractionPage(req, res) {
     const [detailsError, details] = await safe(gOidcProvider.interactionDetails(req, res));
-    if (detailsError) return next(new HttpError(detailsError.statusCode, detailsError.error_description));
+    if (detailsError) return res.send(await renderError(new Error('Invalid session')));
 
     const { uid, prompt, params, session } = details;
 
@@ -409,7 +409,8 @@ async function interactionLogin(req, res, next) {
 }
 
 async function interactionConfirm(req, res, next) {
-    const interactionDetails = await gOidcProvider.interactionDetails(req, res);
+    const [detailsError, interactionDetails] = await safe(gOidcProvider.interactionDetails(req, res));
+    if (detailsError) return next(new HttpError(detailsError.statusCode, detailsError.error_description));
     const { grantId, uid, prompt: { name, details }, params, session: { accountId }, lastSubmission } = interactionDetails;
 
     debug(`route interaction confirm post uid:${uid} prompt.name:${name} accountId:${accountId}`);