Provide more useful error responses to clients

[bradyvercher]

Aside from sending the appropriate status code, RFC 5849 is pretty vague about reporting errors to clients, however Section 3.2 does say more information may be provided in the response body. Currently, a plain text message is provided, but it doesn't allow clients to handle the errors very gracefully since they can't distinguish between types of errors. There also isn't any sort of reporting mechanism for the Authorization Endpoint callback redirect, which can lead to a few dead ends.

The OAuth 2.0 spec provides better guidelines for reporting errors to clients, which might be worth adopting for a better client and end-user experience.

These are the relevant sections for error responses:

• Section 4.1.2.1 - Authorization Endpoint (errors included in the query string)
• Section 5.2 - Access Token Endpoint (errors included in the response body; could be adapted for the Request Token Endpoint)

I checked out how Twitter handles errors and they seem to use JSON in the body for the Request Endpoint, and plain text in the body for the Access Endpoint :confused:

[rmccue]

:+1:, we should use the same style of errors as the REST API here.

[bradyvercher]

Sounds good. I don't mind taking a look into this when I get a chance. Do you want to keep the error codes the same or change those up? Maybe change the prefix to rest?