From cd4fa024455ab52a2b6d69beb55322403d1fec81 Mon Sep 17 00:00:00 2001
From: LAMBARE Aubin <aubin.lambare@csgroup.eu>
Date: Fri, 3 May 2024 12:35:03 +0200
Subject: [PATCH] fix(auth/oidc): handle auth tries with wrong credentials

---
 eodag/plugins/authentication/openid_connect.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/eodag/plugins/authentication/openid_connect.py b/eodag/plugins/authentication/openid_connect.py
index d23972cf5..fff438d34 100644
--- a/eodag/plugins/authentication/openid_connect.py
+++ b/eodag/plugins/authentication/openid_connect.py
@@ -154,6 +154,11 @@ def authenticate(self) -> AuthBase:
         state = self.compute_state()
         authentication_response = self.authenticate_user(state)
         exchange_url = authentication_response.url
+        if not exchange_url.startswith(self.config.redirect_uri):
+            raise AuthenticationError(
+                f"Could not authenticate user with provider {self.provider}.",
+                "Please verify your credentials",
+            )
         if self.config.user_consent_needed:
             user_consent_response = self.grant_user_consent(authentication_response)
             exchange_url = user_consent_response.url