Mercurial > prosody-modules
annotate mod_http_oauth2/html/consent.html @ 5715:8488ebde5739
mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted
This follows the intent behind the OpenID Connect 'prompt' parameter
when it does not include the 'consent' keyword, that is the client
wishes to skip the consent screen. If the user has already granted the
exact same scopes to the exact same client in the past, then one can
assume that they may grant it again.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 14 Nov 2023 23:03:37 +0100 |
parents | 401356232e1b |
children | 111eeffb6adf |
rev | line source |
---|---|
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 <!DOCTYPE html> |
5635
401356232e1b
mod_http_oauth2: Specify language in templates
Kim Alvefur <zash@zash.se>
parents:
5631
diff
changeset
|
2 <html lang="en"> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 <head> |
5623
8de02381e80a
mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents:
5568
diff
changeset
|
4 <meta charset="utf-8" /> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 <meta name="viewport" content="width=device-width, initial-scale=1" /> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 <title>{site_name} - Authorize {client.client_name}</title> |
5623
8de02381e80a
mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents:
5568
diff
changeset
|
7 <link rel="stylesheet" href="style.css" /> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 </head> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 <body> |
5625
e86a1018cdb3
mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents:
5624
diff
changeset
|
10 {state.error& |
e86a1018cdb3
mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents:
5624
diff
changeset
|
11 <dialog open="" class="error"> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 <p>{state.error}</p> |
5625
e86a1018cdb3
mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents:
5624
diff
changeset
|
13 <form method="dialog"><button>dismiss</button></form> |
e86a1018cdb3
mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents:
5624
diff
changeset
|
14 </dialog>} |
5624
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
15 <header> |
5227
0dcd956d7bc5
mod_http_oauth2: Close site header tags
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
16 <h1>{site_name}</h1> |
5624
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
17 </header> |
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
18 <main> |
5270
7acf73d2ebb5
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents:
5227
diff
changeset
|
19 <fieldset> |
7acf73d2ebb5
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents:
5227
diff
changeset
|
20 <legend>Authorize new application</legend> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 <p>A new application wants to connect to your account.</p> |
5624
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
22 <form method="post"> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 <dl> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 <dt>Name</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 <dd>{client.client_name}</dd> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 <dt>Website</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 <dd><a href="{client.client_uri}">{client.client_uri}</a></dd> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 {client.tos_uri& |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 <dt>Terms of Service</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 <dd><a href="{client.tos_uri}">View terms</a></dd>} |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 {client.policy_uri& |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 <dt>Policy</dt> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 <dd><a href="{client.policy_uri}">View policy</a></dd>} |
5568
540beba5b75b
mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents:
5424
diff
changeset
|
36 |
540beba5b75b
mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents:
5424
diff
changeset
|
37 <dt>Requested permissions</dt> |
540beba5b75b
mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents:
5424
diff
changeset
|
38 <dd>{scopes# |
5631
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
39 <input class="scope" type="checkbox" id="scope_{idx}" name="scope" value="{item}" checked="" /><label class="scope" for="scope_{idx}">{item}</label>} |
5568
540beba5b75b
mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents:
5424
diff
changeset
|
40 </dd> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 </dl> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 <p>To allow <em>{client.client_name}</em> to access your account |
5631
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
44 <em>{state.user.username}@{state.user.host}</em> and associated data, |
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
45 select 'Allow'. Otherwise, select 'Deny'. |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 </p> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
5631
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
48 <input type="hidden" name="user_token" value="{state.user.token}"> |
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
49 <button type="submit" name="consent" value="denied">Deny</button> |
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5625
diff
changeset
|
50 <button type="submit" name="consent" value="granted">Allow</button> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 </form> |
5270
7acf73d2ebb5
mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents:
5227
diff
changeset
|
52 </fieldset> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 </main> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 </body> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 </html> |