Announcement Announcement Module
Collapse
No announcement yet.
SocialAuthenticationFilter - denied access from OAUTH provider Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SocialAuthenticationFilter - denied access from OAUTH provider

    Hi There,

    Quick question, can the SocialAuthenticationFilter handle when the user clicks 'No Thanks' when asked the question on whether to provide the application permission (I think not)?

    Looking at the code, I expect not & by using Google (failure callback URL =
    Code:
    /signin/google?error=access_denied
    ) it simply gets into a loop when pressing 'no thanks' (app->google->no thanks->app->google->etc...)

    Should it work, as would like to send them back to a login page with an error message?

    Thanks,

    Ian.

  • #2
    Good catch. Spring Social should be able to handle the error in the callback more gracefully.

    The challenge in doing this has always been that each provider handles declined authorizations differently and while the OAuth 2 spec was unfinished, it was unclear how the spec would address this. But now that the OAuth 2 spec is final and section 4.1.2.1 addresses this clearly, Spring Social should be ready to handle it. (And hopefully all OAuth 2 providers will follow the spec.)

    I've created https://jira.springsource.org/browse/SOCIAL-358 to track this. I've got a few other items in my work queue before I'll get to this, though. In the meantime, one possible workaround solution is to create a filter that sits in front of everything else and handles this kind of error callback in whatever way you see fit.

    Comment

    Working...
    X