This is an issue derives from the following discussion:
https://aspnetwebstack.codeplex.com/discussions/527849#post1199675
Scenario: when user cancel the permission request dialog, facebook app will redirect to the same page cause another request dialog triggered eventually build a infinite loop.
Investigation: There is a mechanism in our Facebook authorization filter to decide whether we will redirect to :
1. App’s front page therefore to request permission if required ones are not granted, or
2. A designated authorization error page to notify user the permission is missing, in which case no further permission request will send.
The situation user runs into is that the route 1 is always triggered. The reason why we do that is because we’re expecting an “error” parameter in the call back from facebook OAuth dialog when user cancel a permission request. However, we observe that Facebook doesn’t add “error” parameter. As a result an infinite loop is constructed. The behavior is different from what is stated in the Facebook’s document (https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow).
We can't simply remove the "hasError" condition, because we need to distinguish the scenario of the first time login and later login.
So questions:
1) Why does Facebook not send the right query string?
2) How can we solve the situation properly.
https://aspnetwebstack.codeplex.com/discussions/527849#post1199675
Scenario: when user cancel the permission request dialog, facebook app will redirect to the same page cause another request dialog triggered eventually build a infinite loop.
Investigation: There is a mechanism in our Facebook authorization filter to decide whether we will redirect to :
1. App’s front page therefore to request permission if required ones are not granted, or
2. A designated authorization error page to notify user the permission is missing, in which case no further permission request will send.
The situation user runs into is that the route 1 is always triggered. The reason why we do that is because we’re expecting an “error” parameter in the call back from facebook OAuth dialog when user cancel a permission request. However, we observe that Facebook doesn’t add “error” parameter. As a result an infinite loop is constructed. The behavior is different from what is stated in the Facebook’s document (https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow).
We can't simply remove the "hasError" condition, because we need to distinguish the scenario of the first time login and later login.
So questions:
1) Why does Facebook not send the right query string?
2) How can we solve the situation properly.