oauth 2.0 - OAuth2: How to send "deny" request to OAuth2 server? -


when user needs approve request authenticate using oauth2, typically given "approve" , "cancel" buttons.

what should send when users clicks "cancel" ?

as developer, send oauth server make deny request when user clicks "cancel" ?

i tried using grant type of "deny", didn't work. know send approval, can't seem see should send oauth server respond redirect_uri error case when user cancels.

i've reviewed spec , nice oauth2 simplified article, haven't been able see it.


note: don't see explicitly detailed anywhere. assumed app supposed manage itself? example, instead of posting oauth2 server in case, app posts it's own redirect_uri instead?

{redirect-url}?error=access_denied&error_description=the+user+clicked+deny 

if so, seems little strange, implementing clients have work construct url error code , reason.

see https://tools.ietf.org/html/rfc6749#section-4.1.2.1

if resource owner denies access request or if request fails reasons other missing or invalid redirection uri, authorization server informs client adding following parameters query component of redirection uri using "application/x-www-form-urlencoded" format

example:

http/1.1 302 found location: https://client.example.com/cb?error=access_denied&state=xyz 

to redirect in php:

<?php http_redirect("https://client.example.com/cb", array("error" => "access_denied", "state" => "xyz", "error_description" => "the user clicked deny"), true, http_redirect_found); ?> 

Comments

Popular posts from this blog

shopping cart - Page redirect not working PHP -

php - How to modify a menu to show sub-menus -

python - Installing PyDev in eclipse is failed -