From 0e16a67634cd82b94260f1796f0287b1541496e0 Mon Sep 17 00:00:00 2001
From: Eduardo Gomes <egomes@cloudflare.com>
Date: Thu, 27 Nov 2025 19:42:59 +0100
Subject: [PATCH] Add invalid_target oauth error (rfc 8707)

---
 src/server/auth/errors.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/server/auth/errors.ts b/src/server/auth/errors.ts
index e6871a19b..dff413e38 100644
--- a/src/server/auth/errors.ts
+++ b/src/server/auth/errors.ts
@@ -163,6 +163,14 @@ export class InsufficientScopeError extends OAuthError {
     static errorCode = 'insufficient_scope';
 }
 
+/**
+ * Invalid target error - The requested resource is invalid, missing, unknown, or malformed.
+ * (Custom error for resource indicators - RFC 8707)
+ */
+export class InvalidTargetError extends OAuthError {
+    static errorCode = 'invalid_target';
+}
+
 /**
  * A utility class for defining one-off error codes
  */
@@ -199,5 +207,6 @@ export const OAUTH_ERRORS = {
     [MethodNotAllowedError.errorCode]: MethodNotAllowedError,
     [TooManyRequestsError.errorCode]: TooManyRequestsError,
     [InvalidClientMetadataError.errorCode]: InvalidClientMetadataError,
-    [InsufficientScopeError.errorCode]: InsufficientScopeError
+    [InsufficientScopeError.errorCode]: InsufficientScopeError,
+    [InvalidTargetError.errorCode]: InvalidTargetError
 } as const;