This project has moved. For the latest updates, please go here.
1

Closed

Request to Identity provider is attempted even if authorization code is null, logging an error.

description

Looking at GoogleOAuth2AuthenticationHandler.AuthenticateCoreAsync(), if there is no 'code' parameter in the query string, a request is still made to googles endpoint attempting to exchange it for an access token. Google simply returns a 400 Bad request, which is then logged as an error.

This is a common case, as google redirects to the return url without the authorization code if the user doesn't give permission to the app.

I don't think this should be logged as an error, it would be better to log it at the info level with a more informative message.
Closed Mar 2 at 9:50 PM by mgirgin

comments

mldrummer wrote Aug 5, 2015 at 8:46 PM

Cool, thanks