Per section 220.127.116.11 of the OAuth 2 specification, when a resource owner declines authorization to the client, the provider should redirect back to the client with an error attribute with one of several values indicating the nature of the error. See http://tools.ietf.org/html/rfc6749#section-18.104.22.168.
Spring Social's ConnectController, ProviderSignInController, and SocialAuthenticationFilter should handle this error attribute (as well as the other optional attributes defined in section 22.214.171.124). For the controllers, it should likely echo the error details in the model for the connection status view to give feedback to the user. For the filter, it should probably handle it in a way consistent with how a "Cancel" would be handled on any traditional signin page.