takahe/templates/api/oauth_authorize.html
Cosmin Stejerean efd5f481e9
OAuth2 Fixes (#338)
This implements a few oauth2 fixes:

- passes along the state object
- enforces authorization code expiration (currently set to 1 minute, we could make this configurable)
- enforces redirect_uri
- properly checks for client_secret when granting a token
- handles pulling client authentication for token grant from basic auth
- implement token revocation
2023-01-01 11:46:55 -07:00

45 lines
2 KiB
HTML

{% extends "base_plain.html" %}
{% block title %}Authorize {{ application.name }}{% endblock %}
{% block content %}
{% if not identities %}
<p>
You cannot give access to {{ application.name }} as you
have no identities yet. Log in via the website and create
at least one identity, then retry this process.
</p>
{% else %}
<form method="POST">
{% csrf_token %}
<fieldset>
<legend>Authorize</legend>
<div class="field">
<div class="label-input">
<label for="identity">Select Identity</label>
<select name="identity" id="identity">
{% for identity in identities %}
<option value="{{ identity.pk }}">{{ identity.handle }}</option>
{% endfor %}
</select>
</div>
</div>
<p>Do you want to give <b>{{ application.name }}</b> access to this identity?</p>
<p>It will have permission to:</p>
<ul>
{% if "read" in scope %}<li>Read all of your data</li>{% endif %}
{% if "write" in scope %}<li>Create posts, edit follows, and change all other data</li>{% endif %}
{% if "push" in scope %}<li>Receive push notifications</li>{% endif %}
</ul>
<input type="hidden" name="client_id" value="{{ application.client_id }}">
<input type="hidden" name="state" value="{{ state }}">
<input type="hidden" name="redirect_uri" value="{{ redirect_uri }}">
<input type="hidden" name="scope" value="{{ scope }}">
</fieldset>
<div class="buttons">
<a href="#" class="secondary button left">Deny</a>
<button>Allow</button>
</div>
</form>
{% endif %}
{% endblock %}