Customising status code returned from hooks

We’re using client credentials hooks and want to reject authorisation on certain conditions. It appears that we can do this in the hook by simply passing back a string as the first argument to the callback, which appears as the error description when consumers call /oauth/token endpoint. However, this returns a status code of 500. In our case a 403 is probably a better choice.

Is there a way to control the returned status code?

It seems passing back an error like new UnauthorizedError('some error') like some of the rule examples still returns a 500 status code but a worse error description of Script generated an unhandled asynchronous exception.

Also some more examples or documentation around hooks would be awesome.

This is not currently supported in Hooks, however it’s worth noting that Hooks is still a beta feature. In order to categorize your request more efficiently, can you please post your request in the Ideas section of the community:

As we develop Hooks further towards being, we will also be adding new samples and documentation for you to refer to.