prosody-modules
898575a0c6f3
mod_http_oauth2/html/consent.html
Software / code / prosody-modules
File
mod_http_oauth2/html/consent.html @ 5210:898575a0c6f3
mod_http_oauth2: Switch to '303 See Other' redirects
This is the recommendation by draft-ietf-oauth-v2-1-07 section 7.5.2. It is
the only redirect code that guarantees the user agent will use a GET request,
rather than re-submitting a POST request to the new URL.
The latter would be bad for us, as we are encoding auth tokens in the form
data.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 06 Mar 2023 10:37:43 +0000 |
| parent | 5208:aaa64c647e12 |
| child | 5227:0dcd956d7bc5 |
line wrap: on
line source
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>{site_name} - Authorize {client.client_name}</title> <link rel="stylesheet" href="style.css"> </head> <body> <main> {state.error&<div class="error"> <p>{state.error}</p> </div>} <h1>{site_name}<h1> <h2>Authorize new application</h2> <p>A new application wants to connect to your account.</p> <dl> <dt>Name</dt> <dd>{client.client_name}</dd> <dt>Website</dt> <dd><a href="{client.client_uri}">{client.client_uri}</a></dd> {client.tos_uri& <dt>Terms of Service</dt> <dd><a href="{client.tos_uri}">View terms</a></dd>} {client.policy_uri& <dt>Policy</dt> <dd><a href="{client.policy_uri}">View policy</a></dd>} </dl> <p>To allow <em>{client.client_name}</em> to access your account <em>{state.user.username}@{state.user.host}</em> and associated data, select 'Allow'. Otherwise, select 'Deny'. </p> <form method="post"> <input type="hidden" name="user_token" value="{state.user.token}"> <button type="submit" name="consent" value="denied">Deny</button> <button type="submit" name="consent" value="granted">Allow</button> </form> </main> </body> </html>
