Diff

mod_http_oauth2/mod_http_oauth2.lua @ 5452:b071d8ee6555

mod_http_oauth2: Show only roles the user can use in consent dialog Confusing if it shows you roles you can't use.
author Kim Alvefur <zash@zash.se>
date Fri, 12 May 2023 11:58:20 +0200
parent 5451:6705f2a09702
child 5453:7dc429b7c3f3
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri May 12 11:11:38 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri May 12 11:58:20 2023 +0200
@@ -682,6 +682,7 @@
 	elseif auth_state.consent == nil then
 		-- Render consent page
 		local scopes, roles = split_scopes(requested_scopes);
+		roles = user_assumable_roles(auth_state.user.username, roles);
 		return render_page(templates.consent, { state = auth_state; client = client; scopes = scopes+roles }, true);
 	elseif not auth_state.consent then
 		-- Notify client of rejection