The base Oauth2 callback doesn't account for the user denying access at the provider stage

[colingourlay]

The callback implementation always assumes that the code query param will always exist and can be fed into getTokens, and tokens in turn will exist and be fed into getUserProfile:

sk-auth/src/providers/oauth2.base.ts

Lines 69 to 73 in 731eabd

	const code = query.get("code");
	const redirect = this.getStateValue(query, "redirect");
	const tokens = await this.getTokens(code!, this.getCallbackUri(auth, host));
	let user = await this.getUserProfile(tokens);

In my particular use case, I implemented login with GitHub, but if I choose to cancel, rather than share my account with the app, I'm redirected to /api/auth/callback/github?error=access_denied&error_description=The+user+has+denied+your+application+access.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23access-denied&state=cmVkaXJlY3Q9Lw%3D%3D.

No code param exists, so the callback page 500s. I'm not sure if error and error_description are unique to GitHub, but perhaps we can use them to handle this situation more gracefully?

[Dan6erbond]

Hey there, yes, this is true. SK-Auth is still in development and error-handling is on the TODO. Will keep you updated!