annotate mod_http_oauth2/html/oob.html @ 5956:97375a78d2b5

mod_http_oauth2: Reject URLs with 'userinfo' part (thanks mimi89999) The LuaSocket parser supports these but they're deprecated without replacement by RFC 3986 > Use of the format "user:password" in the userinfo field is deprecated Allowing it in OAuth2 URLs is probably bad from a security perspective.
author Kim Alvefur <zash@zash.se>
date Thu, 29 Aug 2024 16:02:46 +0200
parents 401356232e1b
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 <!DOCTYPE html>
5635
401356232e1b mod_http_oauth2: Specify language in templates
Kim Alvefur <zash@zash.se>
parents: 5631
diff changeset
2 <html lang="en">
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 <head>
5623
8de02381e80a mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents: 5515
diff changeset
4 <meta charset="utf-8" />
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 <meta name="viewport" content="width=device-width, initial-scale=1" />
5495
7998b49d6512 mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents: 5208
diff changeset
6 <title>{site_name} - Authorization Code</title>
5623
8de02381e80a mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents: 5515
diff changeset
7 <link rel="stylesheet" href="style.css" />
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 </head>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 <body>
5624
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
10 <header>
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
11 <h1>{site_name}</h1>
6109496a7ccc mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents: 5623
diff changeset
12 </header>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 <main>
5495
7998b49d6512 mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents: 5208
diff changeset
14 <h2>Your Authorization Code</h2>
7998b49d6512 mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents: 5208
diff changeset
15 <p>Here’s your authorization code, copy and paste it into {client.client_name}</p>
7998b49d6512 mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents: 5208
diff changeset
16 <div class="oob">
5631
f889ff779571 mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents: 5624
diff changeset
17 <p><input readonly="" name="authorization_code" value="{authorization_code}" aria-label="Authorization Code"></p>
5208
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 </div>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 </main>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 </body>
aaa64c647e12 mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 </html>