Mercurial > prosody-modules
view mod_http_oauth2/html/consent.html @ 5405:c7a5caad28ef
mod_http_oauth2: Enforce response type encoded in client_id
The client promises to only use this response type, so we should hold
them to that.
This makes it fail earlier if the response type is disabled or the
client is trying to use one that it promised not to use. Better than
failing after login and consent.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 02 May 2023 16:31:25 +0200 |
| parents | 3a1df3adad0c |
| children | f2c7bb3af600 |
line wrap: on
line source
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>{site_name} - Authorize {client.client_name}</title> <link rel="stylesheet" href="style.css"> </head> <body> <main> {state.error&<div class="error"> <p>{state.error}</p> </div>} <h1>{site_name}</h1> <fieldset> <legend>Authorize new application</legend> <p>A new application wants to connect to your account.</p> <dl> <dt>Name</dt> <dd>{client.client_name}</dd> <dt>Website</dt> <dd><a href="{client.client_uri}">{client.client_uri}</a></dd> {client.tos_uri& <dt>Terms of Service</dt> <dd><a href="{client.tos_uri}">View terms</a></dd>} {client.policy_uri& <dt>Policy</dt> <dd><a href="{client.policy_uri}">View policy</a></dd>} </dl> <p>To allow <em>{client.client_name}</em> to access your account <em>{state.user.username}@{state.user.host}</em> and associated data, select 'Allow'. Otherwise, select 'Deny'. </p> <form method="post"> <details><summary>Requested permissions</summary>{scopes# <input class="scope" type="checkbox" id="scope_{idx}" name="scope" value="{item}" checked><label class="scope" for="scope_{idx}">{item}</label>} </details> <input type="hidden" name="user_token" value="{state.user.token}"> <button type="submit" name="consent" value="denied">Deny</button> <button type="submit" name="consent" value="granted">Allow</button> </form> </fieldset> </main> </body> </html>