Home/ Questions/Q 8250573
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T23:56:15+00:00

I’m trying to implement OAuth login. After a user is redirected to login-provider and

  • 0

I’m trying to implement OAuth login. After a user is redirected to login-provider and suggested to share his data, he can refuse. The question is where shall I be redirected and how do I know that user refused to share his data?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    From the OAuth 2.0 draft:

    4.1.2.1. Error Response

    If the request fails due to a missing, invalid, or mismatching
    redirection URI, or if the client identifier is missing or invalid,
    the authorization server SHOULD inform the resource owner of the
    error, and MUST NOT automatically redirect the user-agent to the
    invalid redirection URI.

    If the resource owner denies the access request or if the request
    fails for reasons other than a missing or invalid redirection URI,
    the authorization server informs the client by adding the following
    parameters to the query component of the redirection URI using the
    "application/x-www-form-urlencoded" format, per Appendix B:

    The draft indicates what the error code will be depending on why the token was not granted.

    • 0