-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: OAuth redirect should gracefully handle user explicit cancellation #4177
Comments
I don't think I'm also not sure that I understand what is the desired behavior here. Could you elaborate a little more with your expected flow? |
Will have to be researched better but based on OAuth2 possible errors it seems that in case of an error there should be |
Hi, Thanks for looking into this in such short notice
It's mainly an UX thing, currently the user is shown that error message on the popup, and they get confused (YKWIM!). Me an you know that we can close that popup and press the login button again, in fact even not closing it and just pressing the button would refresh the popup to start over. Ah you are right, but
Is exactly what I would be looking for here. My follow up question is, would closing the modal and focus back onto the main window from the subscription be viable? Happy to test this if you'd like. |
Hm, on second read I think I understand what do you mean. Yes, it should be doable to use the realtime subscription as long as the error request has also the I think it maybe also a good idea to have a generic OAuth2 failure HTML screen and redirect to it instead of the json response (similar to the current success one) because there are some situations where calling I'll leave it for tomorrow to think a little more on it. |
Thank you, it's not urgent at all, but a really good nice to have. |
The OAuth2 redirect error handling was updated in the Now instead of returning a json response we are redirecting to a generic error HTML page that will attempt to autoclose the OAuth2 window. If it fails (eg. doesn't satisfy the
The SDKs will be also updated sometime later this weekend to handle the |
Thank you @ganigeorgiev much appreciated 🙇 If you'd like me to address the SDK's let me know. I'd be honoured to contribute with this, or any other little bit, to take some workload of you, especially these least important features. |
Hi,
I'm not sure how this works with other providers, but with Facebook, if the user presses Cancel instead of continuing:
The oauth2-redirect throws this error:
Which causes some confusion to users, they're expecting to be able to reauth and try again.
The params passed by Facebook to the redirect do include
error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied
Would it be reasonable for the redirect handler:
pocketbase/apis/record_auth.go
Line 661 in 9419d19
to check for
error_reason=user_denied
and emit a close event of the modal via the realtime subscription?Happy to research more and observe how other providers do user cancellation to have a generic solution for the handler.
Let me know your thoughts?
Thank you,
The text was updated successfully, but these errors were encountered: