Hey ,
I’m not quite sure this oauth login behaviour is intended.
- The oauth middleware explicitly saves errors that occur when handling a request to the pendingCredentials collection, so they can be retrieved by login calls trying to retrieve those credentials.
- The accounts oauth login handler retrieves this error and returns it.
- But Accounts.oauth.tryLoginAfterPopupClosed simply returns if it can not retrieve the secret, which is the case when the request could not be handled because of an error.
Should it not rather be something like:
if (!credentialSecret && shouldRetry) {
retry...
return;
}
tryLogin
This would to retrieve an error after the retry, if there was one, instead of simply closing the modal without any effect. This sounds more like the intended behaviour considering all the error handling code on the server to make this possible. Are there reasons not to do so?
I’m also a little curious why this rather complex way of handling an error is even necessary. Why is the error stored in the db, instead of adding it to the config that is passed down via html to the client. If the secret can be passed down and handled like this, why not an error?