Comparison

mod_http_oauth2/mod_http_oauth2.lua @ 5452:b071d8ee6555

mod_http_oauth2: Show only roles the user can use in consent dialog Confusing if it shows you roles you can't use.
author Kim Alvefur <zash@zash.se>
date Fri, 12 May 2023 11:58:20 +0200
parent 5451:6705f2a09702
child 5453:7dc429b7c3f3
comparison
equal deleted inserted replaced
5451:6705f2a09702 5452:b071d8ee6555
680 -- Render login page 680 -- Render login page
681 return render_page(templates.login, { state = auth_state, client = client }); 681 return render_page(templates.login, { state = auth_state, client = client });
682 elseif auth_state.consent == nil then 682 elseif auth_state.consent == nil then
683 -- Render consent page 683 -- Render consent page
684 local scopes, roles = split_scopes(requested_scopes); 684 local scopes, roles = split_scopes(requested_scopes);
685 roles = user_assumable_roles(auth_state.user.username, roles);
685 return render_page(templates.consent, { state = auth_state; client = client; scopes = scopes+roles }, true); 686 return render_page(templates.consent, { state = auth_state; client = client; scopes = scopes+roles }, true);
686 elseif not auth_state.consent then 687 elseif not auth_state.consent then
687 -- Notify client of rejection 688 -- Notify client of rejection
688 return error_response(request, oauth_error("access_denied")); 689 return error_response(request, oauth_error("access_denied"));
689 end 690 end