While I was experiencing the way to register using OpenID in Vaadin forum, I noticed:
If you try to register using google account
grant access
push the back button
deny access
you get something like: OAuthServlet.doGet(): uuid 0f7bb3d1-db93-4329-acc9-c1d8ee36f3b6 returned null
If you try to register using google account
deny access
push the back button
grant access
you get: Invalid Token.
Both issues are related to the same thing: you are not supposed to re-visit the same OAuth authorization form instance twice.
The first issue is related to our logic that gets an unique token that is assumed to be the same for the duration of the authentication, and is erased once it’s not needed. The second issue is relating to the fact that you’re trying to reuse a token that already has been invalidated by Google.
The first one might fix to give a more user-friendly error message (unfortunately, we have a lot on our plates right now, and that’s a very corner case situation you have found), the second one is Google’s code, and we have no control over that.
Note that the various authentication forms (the ones that appear before you are redirected back to vaadin.com) are, by design, out of our control, so we can’t change the way
they
behave.