Catch and render potential auth failure

rayluo · rayluo · commit 0ecbd97fb680 · 2019-11-06T11:53:03.000-08:00
diff --git a/app.py b/app.py
@@ -29,15 +29,18 @@ def login():
 
 @app.route(app_config.REDIRECT_PATH)  # Its absolute URL must match your app's redirect_uri set in AAD
 def authorized():
-    if request.args.get('state') == session.get("state"):
+    if request.args.get('state') != session.get("state"):
+        return redirect(url_for("index"))  # No-OP. Goes back to Index page
+    if "error" in request.args:  # Authentication/Authorization failure
+        return render_template("auth_error.html", result=request.args)
+    if request.args.get('code'):
         cache = _load_cache()
         result = _build_msal_app(cache=cache).acquire_token_by_authorization_code(
             request.args['code'],
             scopes=app_config.SCOPE,  # Misspelled scope would cause an HTTP 400 error here
             redirect_uri=url_for("authorized", _external=True))
         if "error" in result:
-            return "Login failure: %s, %s" % (
-                result["error"], result.get("error_description"))
+            return render_template("auth_error.html", result=result)
         session["user"] = result.get("id_token_claims")
         _save_cache(cache)
     return redirect(url_for("index"))
diff --git a/templates/auth_error.html b/templates/auth_error.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+</head>
+<body>
+    <h2>Login Failure</h2>
+    <dl>
+      <dt>{{ result.get("error") }}</dt>
+      <dd>{{ result.get("error_description") }}</dd>
+    </dl>
+    <hr>
+    <a href="{{ url_for('index') }}">Homepage</a>
+</body>
+</html>
+
