Mercurial > prosody-modules
annotate mod_http_oauth2/html/oob.html @ 5956:97375a78d2b5
mod_http_oauth2: Reject URLs with 'userinfo' part (thanks mimi89999)
The LuaSocket parser supports these but they're deprecated without
replacement by RFC 3986
> Use of the format "user:password" in the userinfo field is deprecated
Allowing it in OAuth2 URLs is probably bad from a security perspective.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 29 Aug 2024 16:02:46 +0200 |
parents | 401356232e1b |
children |
rev | line source |
---|---|
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 <!DOCTYPE html> |
5635
401356232e1b
mod_http_oauth2: Specify language in templates
Kim Alvefur <zash@zash.se>
parents:
5631
diff
changeset
|
2 <html lang="en"> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 <head> |
5623
8de02381e80a
mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents:
5515
diff
changeset
|
4 <meta charset="utf-8" /> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 <meta name="viewport" content="width=device-width, initial-scale=1" /> |
5495
7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
6 <title>{site_name} - Authorization Code</title> |
5623
8de02381e80a
mod_http_oauth2: Conform to XHTML in templates
Kim Alvefur <zash@zash.se>
parents:
5515
diff
changeset
|
7 <link rel="stylesheet" href="style.css" /> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 </head> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 <body> |
5624
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
10 <header> |
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
11 <h1>{site_name}</h1> |
6109496a7ccc
mod_http_oauth2: Move site name into <header>
Kim Alvefur <zash@zash.se>
parents:
5623
diff
changeset
|
12 </header> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 <main> |
5495
7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
14 <h2>Your Authorization Code</h2> |
7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
15 <p>Here’s your authorization code, copy and paste it into {client.client_name}</p> |
7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
16 <div class="oob"> |
5631
f889ff779571
mod_http_oauth2: Improve templates
Kim Alvefur <zash@zash.se>
parents:
5624
diff
changeset
|
17 <p><input readonly="" name="authorization_code" value="{authorization_code}" aria-label="Authorization Code"></p> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 </div> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 </main> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 </body> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 </html> |