annotate mod_http_oauth2/html/consent.html @ 5956:97375a78d2b5

mod_http_oauth2: Reject URLs with 'userinfo' part (thanks mimi89999) The LuaSocket parser supports these but they're deprecated without replacement by RFC 3986 > Use of the format "user:password" in the userinfo field is deprecated Allowing it in OAuth2 URLs is probably bad from a security perspective.
author Kim Alvefur <zash@zash.se>
date Thu, 29 Aug 2024 16:02:46 +0200
parents 401356232e1b
children 111eeffb6adf
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 <!DOCTYPE html>
5635
401356232e1b mod_http_oauth2: Specify language in templates
Kim Alvefur <zash@zash.se>
parents: 5631
diff changeset
2 <html lang="en">
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 <head>
5623
8de02381e80a mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents: 5568
diff changeset
4 <meta charset="utf-8" />
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 <meta name="viewport" content="width=device-width, initial-scale=1" />
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 <title>{site_name} - Authorize {client.client_name}</title>
5623
8de02381e80a mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents: 5568
diff changeset
7 <link rel="stylesheet" href="style.css" />
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 </head>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 <body>
5625
e86a1018cdb3 mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents: 5624
diff changeset
10 {state.error&
e86a1018cdb3 mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents: 5624
diff changeset
11 <dialog open="" class="error">
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 <p>{state.error}</p>
5625
e86a1018cdb3 mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents: 5624
diff changeset
13 <form method="dialog"><button>dismiss</button></form>
e86a1018cdb3 mod_http_oauth2: Present errors in HTML <dialog>
Kim Alvefur <zash@zash.se>
parents: 5624
diff changeset
14 </dialog>}
5624
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
15 <header>
5227
0dcd956d7bc5 mod_http_oauth2: Close site header tags
Kim Alvefur <zash@zash.se>
parents: 5208
diff changeset
16 <h1>{site_name}</h1>
5624
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
17 </header>
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
18 <main>
5270
7acf73d2ebb5 mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents: 5227
diff changeset
19 <fieldset>
7acf73d2ebb5 mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents: 5227
diff changeset
20 <legend>Authorize new application</legend>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 <p>A new application wants to connect to your account.</p>
5624
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
22 <form method="post">
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 <dl>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 <dt>Name</dt>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 <dd>{client.client_name}</dd>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 <dt>Website</dt>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 <dd><a href="{client.client_uri}">{client.client_uri}</a></dd>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 {client.tos_uri&
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 <dt>Terms of Service</dt>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 <dd><a href="{client.tos_uri}">View terms</a></dd>}
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 {client.policy_uri&
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 <dt>Policy</dt>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 <dd><a href="{client.policy_uri}">View policy</a></dd>}
5568
540beba5b75b mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents: 5424
diff changeset
36
540beba5b75b mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents: 5424
diff changeset
37 <dt>Requested permissions</dt>
540beba5b75b mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents: 5424
diff changeset
38 <dd>{scopes#
5631
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
39 <input class="scope" type="checkbox" id="scope_{idx}" name="scope" value="{item}" checked="" /><label class="scope" for="scope_{idx}">{item}</label>}
5568
540beba5b75b mod_http_oauth2: Always show list of requested scopes
Kim Alvefur <zash@zash.se>
parents: 5424
diff changeset
40 </dd>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 </dl>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 <p>To allow <em>{client.client_name}</em> to access your account
5631
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
44 <em>{state.user.username}@{state.user.host}</em> and associated data,
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
45 select 'Allow'. Otherwise, select 'Deny'.
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 </p>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47
5631
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
48 <input type="hidden" name="user_token" value="{state.user.token}">
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
49 <button type="submit" name="consent" value="denied">Deny</button>
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5625
diff changeset
50 <button type="submit" name="consent" value="granted">Allow</button>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 </form>
5270
7acf73d2ebb5 mod_http_oauth2: Use <fieldset> in templates because it looks nice
Kim Alvefur <zash@zash.se>
parents: 5227
diff changeset
52 </fieldset>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 </main>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 </body>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 </html>