Why, when I'm requesting /oauth/dialog and selecting either of the options I get redirected to the same URL with different hash values? It's not a bug per-se, just an observation I made while developing an app.
Add a comment |
1 Answer
This is just how OAuth 2.0 indicates rejection, you get different values on the redirect (either in the hash for the implicit client side flow, or in proper query string parameters for the explicit server side flow).
Instead of code or access_token (depending on the flow the app is using) you get error and error_description. When a user rejects you get error=access_denied.
- but shouldn't it return different status code (sorry if it already does) or get redirected to different URL (
login_failureinstead oflogin_success)?Eimantas– Eimantas2011-12-11 19:57:08 +00:00Commented Dec 11, 2011 at 19:57 - 1@Eimantas - nope, not if it's a compliant OAuth 2.0 implementation. Responses should be 302's (redirects) or 200s (pages displayed as normal to users saying an error was encountered).Kevin Montrose– Kevin Montrose2011-12-11 21:11:18 +00:00Commented Dec 11, 2011 at 21:11