Currently, when a user clicks “Deny” during Trello’s authorization flow, Trello will either include an empty token= query parameter if the response_type is fragment or, if the response_type is postMessage then Trello will postMessage an empty message back to the return_url specified.
With this change, Trello will now add an error= parameter with error message to the fragment (in addition to the empty token parameter) or include the error message in the postMessage. The error message will be Token request rejected.
For instance, if you are using postMessage, after the user clicks “Deny” we will redirect to https://trello.com/1/token/approve with the following <script> on it:
if(window.opener) {
window.opener.postMessage("Token request rejected",
"https://yourRedirectUrl.com")
}