return error when consent authorization fails

Automattic · Dec 8, 2023 · 7ef23fe · 7ef23fe
1 parent 186ba99
commit 7ef23fe
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Http/Handlers/AuthorizeHandler.php b/src/Http/Handlers/AuthorizeHandler.php
@@ -46,8 +46,8 @@ public function handle( Request $request, Response $response ): Response {
 		$client_id = $request->query( 'client_id', $request->request( 'client_id' ) );
 		if ( $this->consent_storage->needs_consent( $user->ID, $client_id ) ) {
 			if ( ! isset( $_POST['authorize'] ) || __( 'Authorize', 'openid-connect-server' ) !== $_POST['authorize'] ) {
-				$response->send();
-				exit;
+				$response->setError( 403, 'user_authorization_required', 'This application requires your consent.' );
+				return $response;
 			}
 
 			$this->consent_storage->update_timestamp( $user->ID, $client_id );