Mercurial > prosody-modules
annotate mod_http_oauth2/html/consent.html @ 5461:06640647d193
mod_http_oauth2: Fix use of arbitrary ports in loopback redirect URIs
Per draft-ietf-oauth-v2-1-08#section-8.4.2
> The authorization server MUST allow any port to be specified at the
> time of the request for loopback IP redirect URIs, to accommodate
> clients that obtain an available ephemeral port from the operating
> system at the time of the request.
Uncertain if it should normalize the host part, but it also seems
harmless to treat IPv6 and IPv4 the same here.
One thing is that "localhost" is NOT RECOMMENDED because it can
sometimes be pointed to non-loopback interfaces via DNS or hosts file.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 17 May 2023 13:51:30 +0200 |
parents | b45d9a81b3da |
children | 540beba5b75b |
rev | line source |
---|---|
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 <!DOCTYPE html> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 <html> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 <head> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 <meta charset="utf-8"> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 <meta name="viewport" content="width=device-width, initial-scale=1" /> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 <title>{site_name} - Authorize {client.client_name}</title> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 <link rel="stylesheet" href="style.css"> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 </head> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 <body> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 <main> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 {state.error&<div class="error"> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 <p>{state.error}</p> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 </div>} |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
5227
0dcd956d7bc5
mod_http_oauth2: Close site header tags
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
15 <h1>{site_name}</h1> |
5270
7acf73d2ebb5
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents:
5227
diff
changeset
|
16 <fieldset> |
7acf73d2ebb5
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents:
5227
diff
changeset
|
17 <legend>Authorize new application</legend> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 <p>A new application wants to connect to your account.</p> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 <dl> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 <dt>Name</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 <dd>{client.client_name}</dd> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 <dt>Website</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 <dd><a href="{client.client_uri}">{client.client_uri}</a></dd> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 {client.tos_uri& |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 <dt>Terms of Service</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 <dd><a href="{client.tos_uri}">View terms</a></dd>} |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 {client.policy_uri& |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 <dt>Policy</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 <dd><a href="{client.policy_uri}">View policy</a></dd>} |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 </dl> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 <p>To allow <em>{client.client_name}</em> to access your account |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 <em>{state.user.username}@{state.user.host}</em> and associated data, |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 select 'Allow'. Otherwise, select 'Deny'. |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 </p> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 <form method="post"> |
5271
3a1df3adad0c
mod_http_oauth2: Allow user to decide which requested scopes to grant
Kim Alvefur <zash@zash.se>
parents:
5270
diff
changeset
|
40 <details><summary>Requested permissions</summary>{scopes# |
5424
b45d9a81b3da
mod_http_oauth2: Revert role selector, going to try something else
Kim Alvefur <zash@zash.se>
parents:
5418
diff
changeset
|
41 <input class="scope" type="checkbox" id="scope_{idx}" name="scope" value="{item}" checked><label class="scope" for="scope_{idx}">{item}</label>} |
5271
3a1df3adad0c
mod_http_oauth2: Allow user to decide which requested scopes to grant
Kim Alvefur <zash@zash.se>
parents:
5270
diff
changeset
|
42 </details> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 <input type="hidden" name="user_token" value="{state.user.token}"> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 <button type="submit" name="consent" value="denied">Deny</button> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 <button type="submit" name="consent" value="granted">Allow</button> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 </form> |
5270
7acf73d2ebb5
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents:
5227
diff
changeset
|
47 </fieldset> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 </main> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 </body> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 </html> |