I'm trying to implement OAuth login. After a user is redirected to login-provider and suggested to share his data, he can refuse. The question is where shall I be redirected and how do I know that user refused to share his data?
1 回答
From the OAuth 2.0 draft:
4.1.2.1. Error Response
If the request fails due to a missing, invalid, or mismatching
redirection URI, or if the client identifier is missing or invalid,
the authorization server SHOULD inform the resource owner of the
error, and MUST NOT automatically redirect the user-agent to the
invalid redirection URI.If the resource owner denies the access request or if the request
fails for reasons other than a missing or invalid redirection URI,
the authorization server informs the client by adding the following
parameters to the query component of the redirection URI using the
"application/x-www-form-urlencoded" format, per Appendix B:
The draft indicates what the error code will be depending on why the token was not granted.