Changeset

5615:1893ae742f66

mod_http_oauth2: Show errors on device flow user code entry page If the user enters the code incorrectly, having to click back to try again is no fun. Instead, show the error and the code entry form again.
author Kim Alvefur <zash@zash.se>
date Wed, 19 Jul 2023 13:05:47 +0200
parents 5614:ad9b8f659c96
children 5616:e469642e6a6c
files mod_http_oauth2/html/device.html mod_http_oauth2/mod_http_oauth2.lua
diffstat 2 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/html/device.html	Wed Jul 19 12:58:04 2023 +0200
+++ b/mod_http_oauth2/html/device.html	Wed Jul 19 13:05:47 2023 +0200
@@ -11,6 +11,9 @@
 	<h1>{site_name}</h1>
 	<fieldset>
 	<legend>Device Authorization</legend>
+	{error&<div class="error">
+		<p>{error.text}</p>
+	</div>}
 {client&
 	<p>Authorization completed. You can go back to
 	<em>{client.client_name}</em>.</p>}
--- a/mod_http_oauth2/mod_http_oauth2.lua	Wed Jul 19 12:58:04 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Wed Jul 19 13:05:47 2023 +0200
@@ -1011,7 +1011,10 @@
 
 	local device_info = codes:get("user_code:" .. params.user_code);
 	if not device_info or code_expired(device_info) or not codes:set("user_code:" .. params.user_code, nil) then
-		return render_error(oauth_error("expired_token", "Incorrect or expired code"));
+		return render_page(templates.device, {
+			client = false;
+			error = oauth_error("expired_token", "Incorrect or expired code");
+		});
 	end
 
 	return {