chore: change error type to 400 if id token processing fails

[jonas-jonas]

Related issue(s)

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[aeneasr]

tests failing :(

[jonas-jonas]

Hmmm, returning 400 instead of 500 causes the error handler to add the error to the flow UI, which changes the whole flow of the flow. Technically, this could be considered breaking as well, though I'd argue that the 400 case must be handled by clients anyway, so the impact is low.

However, it does make the tests awkward because of #4381 (there is no way to get the flow ID that was used and to fetch the flow to assert the error message is correct).

Sidenote: I also think, not all the possible errors are 400, but rather an expected 500 (e.g. mis config/mis use of the API).

All in all, a bit more work to get the tests over the line, I think.

[aeneasr]

Tests are failing otherwise LGTM

[aeneasr]

I think there is another PR to add misconfiguration errors in Ory Hydra by Patrik, we can probably just use that status code here as well.

[aeneasr]

This one: #3248

[aeneasr]

ory/herodot#135