Improve error validation for Microsoft EntraID provider errors before decoding token

[kwilcz]

☕️ Reasoning

Microsoft Entra ID & Entra External ID are returning OAuth errors in the response body for token requests.
See: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#error-response-1

The change made in this PR will allow developers to at least know what is the real source of the issue instead of misguiding to the incorrect JWT token.

Before:

After:

🧢 Checklist

• Documentation
• Tests
• Ready to be merged

🎫 Affected issues

Not fixed, but related due to increased difficulty to review errors:

#12702
#12186
#12187
#12560
#12400

📌 Resources

• Security guidelines
• Contributing guidelines
• Code of conduct
• Contributing to Open Source

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
auth-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 15, 2025 1:54pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
next-auth-docs	⬜️ Ignored (Inspect)	Visit Preview		Apr 15, 2025 1:54pm

[vercel]

@kwilcz is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.