fix: log error messages when OAuth fails.

api/server/routes/oauth.js

@@ -28,6 +28,18 @@ const oauthHandler = async (req, res) => {
   }
 };
 
+router.get(
+  '/error',
+  (req, res) => {
+    // A single error message is pushed by passport when authentication fails.
+    logger.error(
+      'Error in OAuth authentication:',
+      { message: req.session.messages.pop() }
+    );
+    res.redirect(`${domains.client}/login`);
+  },
+);
+
 /**
  * Google Routes
  */
@@ -42,7 +54,7 @@ router.get(
 router.get(
   '/google/callback',
   passport.authenticate('google', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
     scope: ['openid', 'profile', 'email'],
@@ -62,7 +74,7 @@ router.get(
 router.get(
   '/facebook/callback',
   passport.authenticate('facebook', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
     scope: ['public_profile'],
@@ -81,7 +93,7 @@ router.get(
 router.get(
   '/openid/callback',
   passport.authenticate('openid', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
   }),
@@ -99,7 +111,7 @@ router.get(
 router.get(
   '/github/callback',
   passport.authenticate('github', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
     scope: ['user:email', 'read:user'],
@@ -117,7 +129,7 @@ router.get(
 router.get(
   '/discord/callback',
   passport.authenticate('discord', {
-    failureRedirect: `${domains.client}/login`,
+    failureRedirect: `${domains.client}/oauth/error`,
     failureMessage: true,
     session: false,
     scope: ['identify', 'email'],