Open jesseduffield opened 1 month ago
Yeah, the OmniAuth callback route doesn't currently have any validation error handling, since it doesn't really have a form associated (the form is external).
Not sure what would be the correct reaction to the error throw. We could decide to render the login form, but the login form won't work automatically when the URL is different from the login route. We could also redirect with a generic error flash message, but I feel like that would hide the validation error from the developer.
What is your use case for having validation errors on OmniAuth login/registration?
I see. I'm working on this in development at the moment so that's colouring the experience: seeing the big red rails screen explaining the error and the stack trace just strikes me as wrong: but I'm aware this won't show up on prod.
As for the use case, I'm using omniauth for my admin configuration, but I don't want to allow the creation of accounts via omniauth: only logins. And the logins that do happen, I've got some extra validation in there just to make extra sure that the user is the admin I think they are. Admin accounts are created directly in the console rather than through a UI.
When I throw an error in before_login (or before_omniauth_create_account), I get an uncaught throw error (effectively a 500 error). I expect that instead I'd get a sanitised error surfaced to the user. I don't believe I need to be explicitly catching these errors.
Test:
Error:
Rodauth App:
Let me know if I'm missing something. Thanks