Fix redirect uri error message

[fomalhautb]

---

[!IMPORTANT] Update error message for invalid redirect URIs in OAuth callback handler and adjust tests accordingly.

• Behavior:
  • In route.tsx, change error handling for invalid redirect URIs to throw StatusError with message: "Invalid redirect URI. You might have set the wrong redirect URI in the OAuth provider settings. (Please copy the redirect URI from the Stack Auth dashboard and paste it into the OAuth provider's dashboard)".
• Tests:
  • Update callback.test.ts to expect new error message for untrusted redirect URL case.

^{This description was created by for 00c68bc708de42a1b5ea808108ced722b7af2d72. You can customize this summary. It will automatically update as commits are pushed.}

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
stack-backend	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 2, 2025 1:13am
stack-dashboard	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 2, 2025 1:13am
stack-demo	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 2, 2025 1:13am
stack-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 2, 2025 1:13am

[recurseml[bot]]

✨ No issues found! Your code is sparkling clean! ✨

🗒️ View all ignored comments in this repo

• The constraint 'TokenStoreType extends string' is too restrictive. It should likely be 'TokenStoreType extends string | object' to match the condition check in line 113 where TokenStoreType is checked against {}
• Return type mismatch - the interface declares useUsers() returning ServerUser[] but the Team interface that this extends declares useUsers() returning TeamUser[]
• There is a syntax error in the super constructor call due to the ellipsis operator used incorrectly. Objects aren't being merged correctly. This syntax usage can lead to runtime errors when trying to pass the merged object to 'super()'. Verify that the intended alterations to the object occur before or outside of the super() call if needed.
• Throwing an error when no active span is found is too aggressive. The log function should gracefully fallback to console.log or another logging mechanism when there's no active span, since not all execution contexts will have an active span. This makes the code less resilient and could break functionality in non-traced environments.

📚 Relevant Docs

• Function sets backendContext with a new configuration but doesn't pass 'defaultProjectKeys'. Since defaultProjectKeys is required in the type definition and cannot be updated (throws error if tried to set), this will cause a type error.
• The schema is using array syntax for pick() which is incorrect for Yup schemas. The pick() method in Yup expects individual arguments, not an array. Should be changed to: emailConfigSchema.pick('type', 'host', 'port', 'username', 'sender_name', 'sender_email')

📚 Relevant Docs

• Creating a refresh token with current timestamp as expiration means it expires immediately. Should set a future date for token expiration.
• The 'tools' object is initialized as an empty object, even though 'tools' is presumably expected to contain tool definitions. This could cause the server capabilities to lack necessary tool configurations, thus potentially impacting functionalities that depend on certain tool setups.

📚 Relevant Docs

• 'STACK_SECRET_SERVER_KEY' is potentially being included in every request header without checking its existence again here. Although it's checked during initialization, this could lead to security issues as it's exposed in all communications where the header is logged or captured.

📚 Relevant Docs

• When adding 'use client' directive at the beginning, it doesn't check if file.text already contains the 'use client' directive. This could lead to duplicate 'use client' directives if the file already has one.

📚 Relevant Docs

[fomalhautb]

Why?

This is "wrong redirect url" for the inner oauth, not the outer oauth. The known error is for the other oauth