User trapped at callback URL on verification error

[3sGgpQ8H]

After successful or unsuccessful OAuth 2.0 authentication, the user is redirected back to the original application at so called callback URL, where cloudfront-auth verifies response code, nonce etc. In case callback verification fails, an error message is shown to the user at callback URL. If user reloads the page, cloudfront-auth does not perform new OAuth request, but instead just verifies again the same callback parameters whose verification already failed.

The callback URL, when showing error, should output Content-Location header referring to the original URL user started with, so pressing reload will reload that original URL and restart authentication process.

[3sGgpQ8H]

It seems that Content-Location does not work this way. Probably window.history.pushState in body onload could be used instead.