Refactor

consent_provider/app.py

@@ -13,7 +13,7 @@ def home():
     hydra = HydraAdmin(HYDRA_ADMIN_URL)
     challenge = request.args.get("consent_challenge")
     if not challenge:
-        abort(400)
+        abort(403)
     consent_request = hydra.consent_request(challenge)
     app_name = consent_request.client["client_name"]
     username = consent_request.subject
@@ -26,7 +26,9 @@ def home():
             grant_access_token_audience=consent_request.requested_access_token_audience,
             session=session,
             ))
-    abort(400)
+    return redirect(consent_request.reject(
+        "Permission denied",
+        error_description="Login request was denied due to missing application permission"))
 
 if __name__ == '__main__':
     app.run()

consent_provider/db.py

@@ -4,7 +4,8 @@ from graphqlclient import GraphQLClient
 from json import loads
 
 GRAPHQL_URL = environ['GRAPHQL_URL']
-graphql_client = GraphQLClient(GRAPHQL_URL)
+GRAPHQL_CLIENT = GraphQLClient(GRAPHQL_URL)
+
 
 class User():
     def __init__(self, username):
@@ -23,7 +24,7 @@ class User():
                 }}
             }}
             }}}}'''.format(self.username).strip()
-        result = loads(graphql_client.execute(querystring))
+        result = loads(GRAPHQL_CLIENT.execute(querystring))
         if "data" in result:
             data = result["data"]["getUser"]
             self.applications = list(map(lambda x: x["node"]["name"],