Expected Behavior
The AuthorizationRequestRedirectFilter should have failure handler which by default uses the implementation of the unsuccessfulRedirectForAuthorization method. AuthorizationRequestRedirectFilter should have a setter to override the default failure handler with a custom implementation
Current Behavior
Currently the unsuccessfulRedirectForAuthorization always set a HTTP 500 for all errors that occur while preparing the call to the external IDP.
Context
Because the code statically returns a HTTP 500 it makes it hard (using custom filters or overriding the response object) to trigger other behavior like for example forwarding to custom (external) error page.
We are using a DefaultOAuth2AuthorizationRequestResolver with an authorization request customizer that checks stuff in the user session to determine from which flow the user is coming, but when this fails we cannot direct the user to another location
Comment From: willemvd
relates to #4641 and #5546 but both do not resolve this
Comment From: willemvd
basically duplicate of #13793
Comment From: sjohnr
Thanks @willemvd. Yes, I believe this is a duplicate of gh-13793. Feel free to comment on gh-14168 if you have any thoughts on my latest comments on that PR.