fix(oauth): fix OAuth callback error page closing before error is visible

[hassan254-prog]

Describe the problem and your solution

• previously, if an error happened during authorization, the callback page stayed hidden or disappeared too quickly, so users couldn’t see the error message. This change fixes that and also displays the query parameters, since error details can be returned here, making it easier to debug issues.

Screen.Recording.2026-01-21.at.13.14.56.mov

This is the flow that displays the error after the changes.

Screen.Recording.2026-01-29.at.11.51.21.mov

---

It also ensures both the error message and serialized query parameters are HTML-escaped before rendering so the callback page shows them safely without introducing injection risks.

Affected Areas

• packages/server/lib/utils/html.ts
• packages/server/lib/controllers/oauth.controller.ts

---

This summary was automatically generated by @propel-code-bot

[my-senior-dev-pr-review]

🤖 My Senior Dev — Analysis Complete

👤 For @hassan254-prog

📁 Expert in docs (390 edits) • ⚡ 31st PR this month

View your contributor analytics →

---

📊 2 files reviewed • 3 need attention

⚠️ Needs Attention:

• packages/server/lib/controllers/oauth.controller.ts — Critical changes in OAuth error handling logic can impact user authentication and error reporting.

---

🚀 Open Interactive Review →

The full interface unlocks features not available in GitHub:

• 💬 AI Chat — Ask questions on any file, get context-aware answers
• 🔍 Smart Hovers — See symbol definitions and usage without leaving the diff
• 📚 Code Archeology — Understand how files evolved over time (/archeology)
• 🎯 Learning Insights — See how this PR compares to similar changes

---

💬 Chat here: @my-senior-dev explain this change — or try @chaos-monkey @security-auditor @optimizer @skeptic @junior-dev

📖 View all 12 personas & slash commands

You can interact with me by mentioning @my-senior-dev in any comment:

In PR comments or on any line of code:

• Ask questions about the code or PR
• Request explanations of specific changes
• Get suggestions for improvements

Slash commands:

• /help — Show all available commands
• /archeology — See the history and evolution of changed files
• /profile — Performance analysis and suggestions
• /expertise — Find who knows this code best
• /personas — List all available AI personas

AI Personas (mention to get their perspective):

Persona	Focus
@chaos-monkey 🐵	Edge cases & failure scenarios
@skeptic 🤨	Challenge assumptions
@optimizer ⚡	Performance & efficiency
@security-auditor 🔒	Security vulnerabilities
@accessibility-advocate ♿	Inclusive design
@junior-dev 🌱	Simple explanations
@tech-debt-collector 💳	Code quality & shortcuts
@ux-champion 🎨	User experience
@devops-engineer 🚀	Deployment & scaling
@documentation-nazi 📚	Documentation gaps
@legacy-whisperer 🏛️	Working with existing code
@test-driven-purist ✅	Testing & TDD

For the best experience, view this PR on myseniordev.com — includes AI chat, file annotations, and interactive reviews.

[TBonnin]

not sure I follow what the problem is. Can you add more details to the PR description? Thank you

[TBonnin]

are we sure we want to expose the underlying error to the end user? I understand it is useful for debugging but I am not sure it should be surfaced in the popup instead of adding the error info to the Nango logs for the customer to access? @bastienbeurier

[hassan254-prog]

are we sure we want to expose the underlying error to the end user? I understand it is useful for debugging but I am not sure it should be surfaced in the popup instead of adding the error info to the Nango logs for the customer to access? @bastienbeurier

@bastienbeurier, wdyt?

[bastienbeurier]

are we sure we want to expose the underlying error to the end user? I understand it is useful for debugging but I am not sure it should be surfaced in the popup instead of adding the error info to the Nango logs for the customer to access? @bastienbeurier

@bastienbeurier, wdyt?

@hassan254-prog I don't understand from the video how the error surfaces!

[hassan254-prog]

are we sure we want to expose the underlying error to the end user? I understand it is useful for debugging but I am not sure it should be surfaced in the popup instead of adding the error info to the Nango logs for the customer to access? @bastienbeurier

@bastienbeurier, wdyt?

@hassan254-prog I don't understand from the video how the error surfaces!

@bastienbeurier, sorry, I've updated the pr description, this was left in Slack before.

[bastienbeurier]

are we sure we want to expose the underlying error to the end user? I understand it is useful for debugging but I am not sure it should be surfaced in the popup instead of adding the error info to the Nango logs for the customer to access? @bastienbeurier

@bastienbeurier, wdyt?

@hassan254-prog I don't understand from the video how the error surfaces!

@bastienbeurier, sorry, I've updated the pr description, this was left in Slack before.

Thanks, I think the design is too scrappy to ship this like this. I'll get back shortly with a more polished design.