annotate mod_http_oauth2/html/consent.html @ 5715:8488ebde5739

mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted This follows the intent behind the OpenID Connect 'prompt' parameter when it does not include the 'consent' keyword, that is the client wishes to skip the consent screen. If the user has already granted the exact same scopes to the exact same client in the past, then one can assume that they may grant it again.
author Kim Alvefur <zash@zash.se>
date Tue, 14 Nov 2023 23:03:37 +0100
parents 401356232e1b
children 111eeffb6adf
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 <!DOCTYPE html>
5635
401356232e1b mod_http_oauth2: Specify language in templates
Kim Alvefur <zash@zash.se>
parents: 5631
diff changeset
2 <html lang="en">
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 <head>
5623
8de02381e80a mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents: 5568
diff changeset
4 <meta charset="utf-8" />
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 <meta name="viewport" content="width=device-width, initial-scale=1" />
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 <title>{site_name} - Authorize {client.client_name}</title>
5623
8de02381e80a mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents: 5568
diff changeset
7 <link rel="stylesheet" href="style.css" />
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 </head>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 <body>
5625
e86a1018cdb3 mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents: 5624
diff changeset
10 {state.error&
e86a1018cdb3 mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents: 5624
diff changeset
11 <dialog open="" class="error">
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 <p>{state.error}</p>
5625
e86a1018cdb3 mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents: 5624
diff changeset
13 <form method="dialog"><button>dismiss</button></form>
e86a1018cdb3 mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents: 5624
diff changeset
14 </dialog>}
5624
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
15 <header>
5227
0dcd956d7bc5 mod_http_oauth2: Close site header tags
Kim Alvefur <zash@zash.se>
parents: 5208
diff changeset
16 <h1>{site_name}</h1>
5624
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
17 </header>
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
18 <main>
5270
7acf73d2ebb5 mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents: 5227
diff changeset
19 <fieldset>
7acf73d2ebb5 mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents: 5227
diff changeset
20 <legend>Authorize new application</legend>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 <p>A new application wants to connect to your account.</p>
5624
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
22 <form method="post">
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 <dl>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 <dt>Name</dt>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 <dd>{client.client_name}</dd>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 <dt>Website</dt>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 <dd><a href="{client.client_uri}">{client.client_uri}</a></dd>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 {client.tos_uri&
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 <dt>Terms of Service</dt>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 <dd><a href="{client.tos_uri}">View terms</a></dd>}
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 {client.policy_uri&
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 <dt>Policy</dt>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 <dd><a href="{client.policy_uri}">View policy</a></dd>}
5568
540beba5b75b mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents: 5424
diff changeset
36
540beba5b75b mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents: 5424
diff changeset
37 <dt>Requested permissions</dt>
540beba5b75b mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents: 5424
diff changeset
38 <dd>{scopes#
5631
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
39 <input class="scope" type="checkbox" id="scope_{idx}" name="scope" value="{item}" checked="" /><label class="scope" for="scope_{idx}">{item}</label>}
5568
540beba5b75b mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents: 5424
diff changeset
40 </dd>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 </dl>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 <p>To allow <em>{client.client_name}</em> to access your account
5631
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
44 <em>{state.user.username}@{state.user.host}</em> and associated data,
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
45 select 'Allow'. Otherwise, select 'Deny'.
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 </p>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47
5631
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
48 <input type="hidden" name="user_token" value="{state.user.token}">
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
49 <button type="submit" name="consent" value="denied">Deny</button>
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
50 <button type="submit" name="consent" value="granted">Allow</button>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 </form>
5270
7acf73d2ebb5 mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents: 5227
diff changeset
52 </fieldset>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 </main>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 </body>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 </html>