Update error message handling for OIDC

client/src/components/Login/LoginForm.test.ts

@@ -110,7 +110,7 @@ describe("LoginForm", () => {
         const provider_label = "Provider";
 
         const originalLocation = window.location;
-        jest.spyOn(window, "location", "get").mockImplementation(() => ({
+        const locationSpy = jest.spyOn(window, "location", "get").mockImplementation(() => ({
             ...originalLocation,
             search: `?connect_external_email=${external_email}&connect_external_provider=${provider_id}&connect_external_label=${provider_label}`,
         }));
@@ -150,5 +150,21 @@ describe("LoginForm", () => {
         const postedURL = axiosMock.history.post?.[0]?.url;
         expect(postedURL).toBe("/user/login");
         await flushPromises();
+
+        locationSpy.mockRestore();
+    });
+
+    it("renders message from query params", async () => {
+        const originalUrl = window.location.href;
+        window.history.replaceState(null, "", "/login/start?message=auth-error&status=info");
+
+        const wrapper = await mountLoginForm();
+
+        const alert = wrapper.find(".alert");
+        expect(alert.exists()).toBe(true);
+        expect(alert.text()).toContain("auth-error");
+        expect(alert.classes()).toContain("alert-info");
+
+        window.history.replaceState(null, "", originalUrl);
     });
 });

client/src/components/Login/LoginForm.vue

@@ -55,8 +55,10 @@ const login = ref("");
 const password = ref(null);
 const passwordState = ref<boolean | null>(null);
 const loading = ref(false);
-const messageText = ref("");
-const messageVariant = ref<"info" | "danger">("info");
+const networkMessage = urlParams.get("message") || "";
+const messageText = ref(networkMessage);
+const statusParam = urlParams.get("status");
+const messageVariant = ref<"info" | "danger">(statusParam === "info" ? "info" : "danger");
 const connectExternalEmail = ref(urlParams.get("connect_external_email"));
 const connectExternalLabel = ref(urlParams.get("connect_external_label"));
 const connectExternalProvider = ref(urlParams.get("connect_external_provider"));

lib/galaxy/webapps/galaxy/controllers/authnz.py

@@ -116,11 +116,17 @@ def callback(self, trans, provider, idphint=None, **kwargs):
                 "Error handling authentication callback from `{}` identity provider for user `{}` login request."
                 " Error message: {}".format(provider, user, kwargs.get("error", "None"))
             )
-            return trans.show_error_message(
-                f"Failed to handle authentication callback from {provider}. "
-                "Please try again, and if the problem persists, contact "
-                "the Galaxy instance admin"
-            )
+            error_description = kwargs.get("error_description")
+            if error_description:
+                error_msg = error_description
+            else:
+                error_msg = (
+                    f"Failed to handle authentication callback from {provider}. "
+                    "Please try again, and if the problem persists, contact "
+                    "the Galaxy instance admin."
+                )
+            redirect_to = trans.url_builder("/login/start", message=error_msg, status="danger")
+            return trans.response.send_redirect(redirect_to)
         try:
             success, message, (redirect_url, user) = trans.app.authnz_manager.callback(
                 provider,