API: Accept "redirect_uris" as both array and string

src/Module/Api/Mastodon/Apps.php

@@ -44,6 +44,10 @@ class Apps extends BaseApi
 	 */
 	protected function post(array $request = [])
 	{
+		if (!empty($request['redirect_uris']) && is_array($request['redirect_uris'])) {
+			$request['redirect_uris'] = $request['redirect_uris'][0];
+		}
+
 		$request = $this->getRequest([
 			'client_name'   => '',
 			'redirect_uris' => '',
@@ -58,6 +62,10 @@ class Apps extends BaseApi
 			if (!empty($postrequest) && is_array($postrequest)) {
 				$request = array_merge($request, $postrequest);
 			}
+
+			if (!empty($request['redirect_uris']) && is_array($request['redirect_uris'])) {
+				$request['redirect_uris'] = $request['redirect_uris'][0];
+			}	
 		}
 
 		if (empty($request['client_name']) || empty($request['redirect_uris'])) {

src/Module/OAuth/Token.php

@@ -32,7 +32,7 @@ use Friendica\Util\DateTimeFormat;
 use Psr\Http\Message\ResponseInterface;
 
 /**
- * @see https://docs.joinmastodon.org/spec/oauth/
+ * @see https://docs.joinmastodon.org/methods/oauth/#token
  * @see https://aaronparecki.com/oauth-2-simplified/
  */
 class Token extends BaseApi
@@ -69,13 +69,13 @@ class Token extends BaseApi
 		}
 
 		if (empty($request['client_id']) || empty($request['client_secret'])) {
-			Logger::warning('Incomplete request data', ['request' => $_REQUEST]);
-			DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Incomplete request data'));
+			Logger::warning('Incomplete request data', ['request' => $request]);
+			DI::mstdnError()->Unauthorized('invalid_client', DI::l10n()->t('Incomplete request data'));
 		}
 
 		$application = OAuth::getApplication($request['client_id'], $request['client_secret'], $request['redirect_uri']);
 		if (empty($application)) {
-			DI::mstdnError()->UnprocessableEntity();
+			DI::mstdnError()->Unauthorized('invalid_client', DI::l10n()->t('Invalid data or unknown client'));
 		}
 
 		if ($request['grant_type'] == 'client_credentials') {