From 27ab8b4d2ea815a2bac432e7393adf19429135f9 Mon Sep 17 00:00:00 2001
From: mrw1593 <botahamec@outlook.com>
Date: Sun, 18 Jun 2023 19:00:16 -0400
Subject: A couple more errors

---
 src/api/oauth.rs | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'src/api/oauth.rs')

diff --git a/src/api/oauth.rs b/src/api/oauth.rs
index 353f287..5d1f12a 100644
--- a/src/api/oauth.rs
+++ b/src/api/oauth.rs
@@ -236,7 +236,7 @@ async fn authorize(
 				.append_header((header::LOCATION, redirect_uri.as_str()))
 				.finish()
 		}
-		_ => todo!("unsupported response type"),
+		_ => AuthorizeError::invalid_scope(redirect_uri, state).error_response(),
 	}
 }
 
@@ -460,6 +460,14 @@ impl TokenError {
 		}
 	}
 
+	fn mismatch_client_id() -> Self {
+		Self {
+			status_code: StatusCode::UNAUTHORIZED,
+			error: TokenErrorType::InvalidClient,
+			error_description: Box::from("The client ID in the Authorization header is not the same as the client ID in the request body"),
+		}
+	}
+
 	fn incorrect_client_secret() -> Self {
 		Self {
 			status_code: StatusCode::UNAUTHORIZED,
@@ -570,7 +578,7 @@ async fn token(
 				};
 
 				if authorization.username() != client_alias.deref() {
-					todo!("bad username")
+					return TokenError::mismatch_client_id().error_response();
 				}
 				if !hash.check_password(authorization.password()).unwrap() {
 					return TokenError::incorrect_client_secret().error_response();
-- 
cgit v1.2.3