search

lipp / login-with

Stateless login-with microservice for OAuth
https://login-with.com
MIT License
2.33k stars 144 forks source link

Reddit strategy doesn't redirect to failure URL on declined auth request #33

Closed vitosamson closed 7 years ago

vitosamson commented 7 years ago

To reproduce:

  1. Go to https://login-with.com/login
  2. Login with Reddit
  3. Hit the "decline" button on the reddit auth request page

You'll get redirected to https://auth.login-with.com/reddit/callback with {"error":null,"user":false}

This is happening because in routes.js here, both error and user are falsy and so it falls through to the res.json at the end.

A solution here would probably be to change line 34 to if (error || !user) - would you accept a PR for that? I'm not sure if this is happening for other providers, I've only tested with reddit.

lipp commented 7 years ago

👍 Sure, PR is very welcomed! I think if (error || !user) totally makes sense. Should have a meaningful error of course...

vitosamson commented 7 years ago

https://github.com/lipp/login-with/pull/34

vitosamson commented 7 years ago

Hey, any chance we can get a version bump and updated docker image pushed out with this?

lipp commented 7 years ago

Sure... tomorrow... promise