fix: OAuth errors are not handled properly due to an internal exception on the error handling code (#35852)

.changeset/three-parrots-lie.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixes an issue where rocket.chat would not properly log OAuth errors nor remove the credential with the error from the internal list

apps/meteor/app/2fa/server/loginHandler.ts

@@ -85,7 +85,7 @@ OAuth._retrievePendingCredential = async function (key, ...args): Promise<string
 	}
 
 	if (isCredentialWithError(pendingCredential.credential)) {
-		OAuth._pendingCredentials.remove({
+		await OAuth._pendingCredentials.removeAsync({
 			_id: pendingCredential._id,
 		});
 		return recreateError(pendingCredential.credential.error);

apps/meteor/definition/externals/meteor/oauth.d.ts

@@ -2,6 +2,12 @@ declare module 'meteor/oauth' {
 	import type { IRocketChatRecord } from '@rocket.chat/core-typings';
 	import type { Mongo } from 'meteor/mongo';
 
+	// These functions may only be used on the client's Mongo.Collection
+	type MeteorServerMongoCollection<T extends MongoNpmModule.Document, U = T> = Omit<
+		Mongo.Collection<T, U>,
+		'remove' | 'findOne' | 'insert' | 'update' | 'upsert'
+	>;
+
 	interface IOauthCredentials extends IRocketChatRecord {
 		key: string;
 		credentialSecret: string;
@@ -17,7 +23,8 @@ declare module 'meteor/oauth' {
 		function openSecret(secret: string): string;
 		function retrieveCredential(credentialToken: string, credentialSecret: string);
 		function _retrieveCredentialSecret(credentialToken: string): string | null;
-		const _pendingCredentials: Mongo.Collection<IOauthCredentials>;
+		// luckily we don't have any reference to this collection on the client code, so let's type it according to what can be used on the server
+		const _pendingCredentials: MeteorServerMongoCollection<IOauthCredentials>;
 		const _storageTokenPrefix: string;
 
 		function launchLogin(options: {