From 09d475b423c0fad6935a936211fc802928a450c6 Mon Sep 17 00:00:00 2001
From: Rachit Naithani <81706961+racnan@users.noreply.github.com>
Date: Wed, 10 Sep 2025 13:30:01 +0530
Subject: [PATCH] fix(users): add bad request for openidconnect (#9244)

---
 crates/router/src/services/openidconnect.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/crates/router/src/services/openidconnect.rs b/crates/router/src/services/openidconnect.rs
index ca20b021a5..69b890d657 100644
--- a/crates/router/src/services/openidconnect.rs
+++ b/crates/router/src/services/openidconnect.rs
@@ -76,7 +76,14 @@ pub async fn get_user_email_from_oidc_provider(
         .exchange_code(oidc::AuthorizationCode::new(authorization_code.expose()))
         .request_async(|req| get_oidc_reqwest_client(state, req))
         .await
-        .change_context(UserErrors::InternalServerError)
+        .map_err(|e| match e {
+            oidc::RequestTokenError::ServerResponse(resp)
+                if resp.error() == &oidc_core::CoreErrorResponseType::InvalidGrant =>
+            {
+                UserErrors::SSOFailed
+            }
+            _ => UserErrors::InternalServerError,
+        })
         .attach_printable("Failed to exchange code and fetch oidc token")?;
 
     // Fetch id token from response