Dealing with access denied in ProviderSignInController

[aarons88]

What's the best way scenario to handle the scenario where a user is redirected to the provider to authorise the application but they choose to not authorise?

I'm using the ProviderSignInController currently and when this happens it throws an error (sorry can't find the error just yet). Just wondering if this scenario is supported or if I'll have to subclass and roll by own.

Thanks!

Aaron

[habuma]

Thanks for pointing this out. Many providers redirect back to the callback URL when the user denies authorization. This is certainly how Twitter, Facebook, LinkedIn, and Google (OAuth 2) behaves. But since ProviderSignInController didn't have any handler methods to handle GET requests for /signin/{providerId} where there isn't either a code parameter or an oauth_token paramer, you'd get an HTTP 405 response when that callback happened.

I just pushed a new snapshot built with an improvement to ProviderSignInController to handle that callback by redirecting to the sign in page ("/signin" by default, but configurable through ProviderSignInController.setSignInUrl() ). That seemed to be the most appropriate response in this case as it would once again offer the user an opportunity to sign in to the application through other means (another provider or username/password).

Try it out and let me know how it works for you.

[aarons88]

Thanks, works great.

Also, great framework its been really useful for us. So thanks for all your efforts (and to the wider team!).