KEYCLOAK-1321

Error page is displayed if user rejects sign in with social provider

broker/core/src/main/java/org/keycloak/broker/provider/IdentityProvider.java

@@ -36,7 +36,7 @@ import javax.ws.rs.core.UriInfo;
  */
 public interface IdentityProvider<C extends IdentityProviderModel> extends Provider {
 
-    public interface AuthenticationCallback {
+    interface AuthenticationCallback {
         /**
          * This method should be called by provider after the JAXRS callback endpoint has finished authentication
          * with the remote IDP
@@ -44,7 +44,11 @@ public interface IdentityProvider<C extends IdentityProviderModel> extends Provi
          * @param context
          * @return
          */
-        public Response authenticated(BrokeredIdentityContext context);
+        Response authenticated(BrokeredIdentityContext context);
+
+        Response cancelled(String code);
+
+        Response error(String code, String message);
     }
 
 

broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java

@@ -58,6 +58,7 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
     public static final String FEDERATED_ACCESS_TOKEN = "FEDERATED_ACCESS_TOKEN";
     public static final String FEDERATED_REFRESH_TOKEN = "FEDERATED_REFRESH_TOKEN";
     public static final String FEDERATED_TOKEN_EXPIRATION = "FEDERATED_TOKEN_EXPIRATION";
+    public static final String ACCESS_DENIED = "access_denied";
     protected static ObjectMapper mapper = new ObjectMapper();
 
     public static final String OAUTH2_PARAMETER_ACCESS_TOKEN = "access_token";
@@ -213,9 +214,11 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
                                      @QueryParam(OAuth2Constants.ERROR) String error) {
             if (error != null) {
                 //logger.error("Failed " + getConfig().getAlias() + " broker login: " + error);
-                event.event(EventType.LOGIN);
-                event.error(error);
-                return ErrorPage.error(session, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
+                if (error.equals(ACCESS_DENIED)) {
+                    return callback.cancelled(state);
+                } else {
+                    return callback.error(state, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
+                }
             }
 
             try {

services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java

@@ -315,6 +315,16 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
                 this.uriInfo, event);
     }
 
+    @Override
+    public Response cancelled(String code) {
+        return session.getProvider(LoginFormsProvider.class).setClientSessionCode(code).createLogin();
+    }
+
+    @Override
+    public Response error(String code, String message) {
+        return session.getProvider(LoginFormsProvider.class).setClientSessionCode(code).setError(message).createLogin();
+    }
+
     private Response performAccountLinking(ClientSessionModel clientSession, BrokeredIdentityContext context, FederatedIdentityModel federatedIdentityModel, UserModel federatedUser) {
         this.event.event(EventType.IDENTITY_PROVIDER_ACCCOUNT_LINKING);