Skip to content

feat: reject the consent request when the user denies access#183

Merged
ardetrick merged 1 commit into
mainfrom
feat/consent-deny
Jul 6, 2026
Merged

feat: reject the consent request when the user denies access#183
ardetrick merged 1 commit into
mainfrom
feat/consent-deny

Conversation

@ardetrick

Copy link
Copy Markdown
Owner

The consent screen has always rendered a Deny access button, but submitting it accepted the request anyway. Denying now calls Hydra's rejectOAuth2ConsentRequest with access_denied, and the app follows Hydra's real error redirect back to the client. The two submit buttons get distinct names so the controller knows which was clicked, the reject path mirrors the accept path's record/mapper shape, and a new Playwright test drives the full story — login, deny, and the browser landing on the client callback with error=access_denied and no code. Checks off "Allow rejecting on consent screen" from the README task list.

🤖 Generated with Claude Code

@ardetrick ardetrick enabled auto-merge (squash) July 6, 2026 02:58
@ardetrick ardetrick disabled auto-merge July 6, 2026 02:58
@ardetrick ardetrick merged commit b5778f1 into main Jul 6, 2026
1 check passed
@ardetrick ardetrick deleted the feat/consent-deny branch July 6, 2026 02:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant