Improve error handling when user denies access

[konrad-garus]

When using the OAuth middleware, on the provider's page the user can still decide to deny access. When it happens, the callback usually indicates this in some way.

For example, I have a handler like:

app.get('/auth/jira/callback', 
  passport.authenticate('jira', { failureRedirect: '/' }));

When user denies access, JIRA redirects to a URL like:

http://localhost:3000/auth/jira/callback?oauth_token=bsh5IDDUwMUzEXDXwAzktzo9lmoALm7W&oauth_verifier=denied

Now, the passport-oath middleware doesn't do the best job handling it. It doesn't treat it as login failure, doesn't redirect or anything, just crashes loudly and unrecoverably. It ends up with an HTTP 500 error, with response body containing stacktrace like:

InternalOAuthError: Failed to obtain access token
   at Strategy.OAuthStrategy._createOAuthError (/home/konrad/myapp/node_modules/passport-oauth1/lib/strategy.js:353:17)
   at /home/konrad/myapp/node_modules/passport-oauth1/lib/strategy.js:152:41
   at /home/konrad/myapp/node_modules/oauth/lib/oauth.js:465:22
   at passBackControl (/home/konrad/myapp/node_modules/oauth/lib/oauth.js:397:13)
   at IncomingMessage.<anonymous> (/home/konrad/myapp/node_modules/oauth/lib/oauth.js:409:9)
   at emitNone (events.js:72:20)
   at IncomingMessage.emit (events.js:166:7)
   at endReadableNT (_stream_readable.js:903:12)
   at doNTCallback2 (node.js:439:9)
   at process._tickCallback (node.js:353:17)

It seems that the only way to handle it passing callback function to passport.authenticate().

[jaredhanson]

There's no standard way in OAuth 1.0 to indicate a denial of authorization by the user. As such, each provider (if they even redirect back), have different status codes. It's up to provider-specific strategies to implement this logic. For example, see Twitter here: https://github.com/jaredhanson/passport-twitter/blob/master/lib/strategy.js#L73-L88

Please file this request on the strategy you use to connect with JIRA.