Doorkeeper with Omniauth - How to handle the case where a user does not authorize?

Question

I'm using Doorkeeper and Omniauth. The client redirects to my authorization end point, which redirects to the login page. The user is asked to authenticate with Facebook, after which he is logged in and the flow returns to Doorkeeper.

My problem is that if the user choose not to sign in, the flow never returns to Doorkeeper. I would expect that the flow will return to Doorkeeper, which will return an error to the client.

How should I do this?

Answer 1

It's not really a problem. It's a users active choice not to connect and do something else.

Workarounds depend on wether or not you redirected within the current tab, a new tab or new window. If you replaced your tab/window, he's simply not in your app anymore. If in new tabs, your web page is still open, or that of your oauth consumer. Those pages should have the ability to click a button to try connect again, if the user really wants it.

You could do javascript setTimeout, if your page is still up in a tab, but what purpose would it serve?

It sounds like you've simply been over-thinking this :) What did you end up with?