backend/feature/auth/src/application/error/auth_error.rs

@@ -1,6 +1,7 @@
 #[derive(Debug, PartialEq)]
 pub enum AuthError {
     OidcError(String),
+    InvalidState,
     InvalidNonce,
     InvalidAuthCode,
     InvalidIdToken,

backend/feature/auth/src/application/use_case/exchange_auth_code_use_case.rs

@@ -38,7 +38,7 @@ impl ExchangeAuthCodeUseCase for ExchangeAuthCodeUseCaseImpl {
         expected_nonce: &str,
     ) -> Result<User, AuthError> {
         if received_state != expected_state {
-            return Err(AuthError::InvalidNonce);
+            return Err(AuthError::InvalidState);
         }
 
         self.auth_repository

backend/feature/auth/src/framework/web/auth_web_routes.rs

@@ -80,9 +80,10 @@ async fn oidc_callback_handler(
                 .finish()
         }
         Err(e) => match e {
-            AuthError::InvalidAuthCode | AuthError::InvalidIdToken | AuthError::InvalidNonce => {
+            AuthError::InvalidAuthCode
-                HttpResponse::BadRequest().finish()
+            | AuthError::InvalidIdToken
-            }
+            | AuthError::InvalidNonce
+            | AuthError::InvalidState => HttpResponse::BadRequest().finish(),
             _ => {
                 log::error!("{e:?}");
                 HttpResponse::InternalServerError().finish()