Mercurial > prosody-modules

--- a/mod_http_oauth2/html/consent.html	Sun May 07 19:06:37 2023 +0200
+++ b/mod_http_oauth2/html/consent.html	Sun May 07 19:40:57 2023 +0200
@@ -38,10 +38,7 @@

 	<form method="post">
 		<details><summary>Requested permissions</summary>{scopes#
-			<input class="scope" type="checkbox" id="scope_{idx}" name="scope" value="{item}" checked><label class="scope" for="scope_{idx}">{item}</label>}{roles&
-			<select name="role">{roles#
-				<option value="{item.name}"{item.selected& selected}>{item.name}</option>}
-			</select>}
+			<input class="scope" type="checkbox" id="scope_{idx}" name="scope" value="{item}" checked><label class="scope" for="scope_{idx}">{item}</label>}
 		</details>
 		<input type="hidden" name="user_token" value="{state.user.token}">
 		<button type="submit" name="consent" value="denied">Deny</button>
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sun May 07 19:06:37 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sun May 07 19:40:57 2023 +0200
@@ -485,7 +485,7 @@
 		end

 		local scope = array():append(form):filter(function(field)
-			return field.name == "scope" or field.name == "role";
+			return field.name == "scope";
 		end):pluck("value"):concat(" ");

 		user.token = form.user_token;
@@ -662,20 +662,7 @@
 		return render_page(templates.login, { state = auth_state, client = client });
 	elseif auth_state.consent == nil then
 		-- Render consent page
-		local scopes, requested_roles = split_scopes(parse_scopes(params.scope or ""));
-		local default_role = select_role(auth_state.user.username, requested_roles);
-		local roles = array(it.values(usermanager.get_all_roles(module.host))):filter(function(role)
-			return can_assume_role(auth_state.user.username, role.name);
-		end):sort(function(a, b)
-			return (a.priority or 0) < (b.priority or 0)
-		end):map(function(role)
-			return { name = role.name; selected = role.name == default_role };
-		end);
-		if not roles[2] then
-			-- Only one role to choose from, might as well skip the selector
-			roles = nil;
-		end
-		return render_page(templates.consent, { state = auth_state; client = client; scopes = scopes; roles = roles }, true);
+		return render_page(templates.consent, { state = auth_state; client = client; scopes = parse_scopes(params.scope or "") }, true);
 	elseif not auth_state.consent then
 		-- Notify client of rejection
 		return error_response(request, oauth_error("access_denied"));