swagger:route PUT /admin/oauth2/auth/requests/login/reject oAuth2 rejectOAuth2LoginRequest # Reject OAuth 2.0 Login Request When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider to authenticate the subject and then tell the Ory OAuth2 Service abou
(w http.ResponseWriter, r *http.Request)
| 547 | // Extensions: |
| 548 | // x-ory-ratelimit-bucket: hydra-admin-low |
| 549 | func (h *Handler) rejectOAuth2LoginRequest(w http.ResponseWriter, r *http.Request) { |
| 550 | var err error |
| 551 | ctx, span := h.r.Tracer(r.Context()).Tracer().Start(r.Context(), "consent.rejectOAuth2LoginRequest") |
| 552 | defer otelx.End(span, &err) |
| 553 | |
| 554 | challenge := cmp.Or( |
| 555 | r.URL.Query().Get("login_challenge"), |
| 556 | r.URL.Query().Get("challenge"), |
| 557 | ) |
| 558 | |
| 559 | if challenge == "" { |
| 560 | h.r.Writer().WriteError(w, r, errors.WithStack(fosite.ErrInvalidRequest.WithHint(`Query parameter 'challenge' is not defined but should have been.`))) |
| 561 | return |
| 562 | } |
| 563 | |
| 564 | var payload flow.RequestDeniedError |
| 565 | if err := json.NewDecoder(r.Body).Decode(&payload); err != nil { |
| 566 | h.r.Writer().WriteError(w, r, errors.WithStack(fosite.ErrInvalidRequest.WithWrap(err).WithHintf("Unable to decode body because: %s", err))) |
| 567 | return |
| 568 | } |
| 569 | |
| 570 | payload.Valid = true |
| 571 | payload.SetDefaults(flow.LoginRequestDeniedErrorName) |
| 572 | f, err := flow.DecodeFromLoginChallenge(ctx, h.r, challenge) |
| 573 | if err != nil { |
| 574 | h.r.Writer().WriteError(w, r, err) |
| 575 | return |
| 576 | } |
| 577 | |
| 578 | if err := f.HandleLoginError(&payload); err != nil { |
| 579 | h.r.Writer().WriteError(w, r, errors.WithStack(err)) |
| 580 | return |
| 581 | } |
| 582 | |
| 583 | verifier, err := f.ToLoginVerifier(ctx, h.r) |
| 584 | if err != nil { |
| 585 | h.r.Writer().WriteError(w, r, err) |
| 586 | return |
| 587 | } |
| 588 | |
| 589 | ru, err := url.Parse(f.RequestURL) |
| 590 | if err != nil { |
| 591 | h.r.Writer().WriteError(w, r, err) |
| 592 | return |
| 593 | } |
| 594 | |
| 595 | events.Trace(ctx, events.LoginRejected, events.WithClientID(f.Client.GetID()), events.WithSubject(f.Subject)) |
| 596 | |
| 597 | h.r.Writer().Write(w, r, &flow.OAuth2RedirectTo{ |
| 598 | RedirectTo: urlx.SetQuery(ru, url.Values{"login_verifier": {verifier}}).String(), |
| 599 | }) |
| 600 | } |
| 601 | |
| 602 | // Get OAuth 2.0 Consent Request |
| 603 | // |
nothing calls this directly
no test coverage detected