25 lines
752 B
JavaScript
25 lines
752 B
JavaScript
var separator;
|
|
|
|
// TODO check that we appropriately use '#' for implicit and '?' for code
|
|
// (server-side) in an OAuth2 backwards-compatible way
|
|
if ('token' === scope.appQuery.response_type) {
|
|
separator = '#';
|
|
}
|
|
else if ('code' === scope.appQuery.response_type) {
|
|
separator = '?';
|
|
}
|
|
else {
|
|
separator = '#';
|
|
}
|
|
|
|
if (scope.pendingScope.length && !opts.allow) {
|
|
redirectUri += separator + Oauth3.querystringify({
|
|
error: 'access_denied'
|
|
, error_description: 'None of the permissions were accepted'
|
|
, error_uri: 'https://oauth3.org/docs/errors#access_denied'
|
|
, state: scope.appQuery.state
|
|
});
|
|
$window.location.href = redirectUri;
|
|
return;
|
|
}
|