oauth 2.0 - OAuth2: How to send "deny" request to OAuth2 server? -
when user needs approve request authenticate using oauth2, typically given "approve" , "cancel" buttons.
what should send when users clicks "cancel" ?
as developer, send oauth server make deny request when user clicks "cancel" ?
i tried using grant type of "deny", didn't work. know send approval, can't seem see should send oauth server respond redirect_uri error case when user cancels.
i've reviewed spec , nice oauth2 simplified article, haven't been able see it.
note: don't see explicitly detailed anywhere. assumed app supposed manage itself? example, instead of posting oauth2 server in case, app posts it's own redirect_uri instead?
{redirect-url}?error=access_denied&error_description=the+user+clicked+deny if so, seems little strange, implementing clients have work construct url error code , reason.
see https://tools.ietf.org/html/rfc6749#section-4.1.2.1
if resource owner denies access request or if request fails reasons other missing or invalid redirection uri, authorization server informs client adding following parameters query component of redirection uri using "application/x-www-form-urlencoded" format
example:
http/1.1 302 found location: https://client.example.com/cb?error=access_denied&state=xyz to redirect in php:
<?php http_redirect("https://client.example.com/cb", array("error" => "access_denied", "state" => "xyz", "error_description" => "the user clicked deny"), true, http_redirect_found); ?>
Comments
Post a Comment