lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb in rodauth-oauth-1.0.0.pre.beta1 vs lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb in rodauth-oauth-1.0.0.pre.beta2
- old
+ new
@@ -1,10 +1,12 @@
<%= form_tag rodauth.authorize_path, method: :post do %>
<% if rodauth.oauth_application[rodauth.oauth_applications_logo_uri_column] %>
<%= image_tag rodauth.oauth_application[rodauth.oauth_applications_logo_uri_column] %>
<% end %>
- <p class="lead"><%= rodauth.authorize_page_lead(name: link_to(rodauth.oauth_application[rodauth.oauth_applications_name_column], rodauth.oauth_application[rodauth.oauth_applications_homepage_url_column])).html_safe %></p>
+ <% application_uri = rodauth.oauth_application[rodauth.oauth_applications_homepage_url_column] %>
+ <% application_name = application_uri ? link_to(rodauth.oauth_application[rodauth.oauth_applications_name_column], application_uri) : rodauth.oauth_application[rodauth.oauth_applications_name_column] %>
+ <p class="lead"><%= rodauth.authorize_page_lead(name: application_name).html_safe %></p>
<div class="list-group">
<% if rodauth.oauth_application[rodauth.oauth_applications_tos_uri_column] %>
<%= link_to rodauth.oauth_applications_tos_uri_label, rodauth.oauth_application[rodauth.oauth_applications_tos_uri_column], class: "list-group-item" %>
<% end %>
@@ -24,14 +26,18 @@
<div class="form-group">
<h1 class="display-6"><%= rodauth.oauth_grants_scopes_label %></h1>
<% rodauth.authorize_scopes.each do |scope| %>
- <div class="form-check">
- <%= check_box_tag "scope[]", scope, id: scope, class: "form-check-input" %>
- <%= label_tag scope, scope, class: "form-check-label" %>
- </div>
+ <% if rodauth.features.include?(:oidc) && scope == "offline_access" %>
+ <%= hidden_field_tag "scope[]", scope %>
+ <% else %>
+ <div class="form-check">
+ <%= check_box_tag "scope[]", scope, id: scope, class: "form-check-input" %>
+ <%= label_tag scope, scope, class: "form-check-label" %>
+ </div>
+ <% end %>
<% end %>
<%= hidden_field_tag :client_id, params[:client_id] %>
<% %i[access_type response_type response_mode state redirect_uri].each do |oauth_param| %>
<% if params[oauth_param] %>
<%= hidden_field_tag oauth_param, params[oauth_param] %>
@@ -49,24 +55,30 @@
<% if params[:code_challenge_method] %>
<%= hidden_field_tag :code_challenge_method, params[:code_challenge_method] %>
<% end %>
<% end %>
<% if rodauth.features.include?(:oidc) %>
+ <% if params[:prompt] %>
+ <%= hidden_field_tag :prompt, params[:prompt] %>
+ <% end %>
<% if params[:nonce] %>
<%= hidden_field_tag :nonce, params[:nonce] %>
<% end %>
<% if params[:ui_locales] %>
<%= hidden_field_tag :ui_locales, params[:ui_locales] %>
<% end %>
<% if params[:claims_locales] %>
<%= hidden_field_tag :claims_locales, params[:claims_locales] %>
<% end %>
+ <% if params[:claims] %>
+ <%= hidden_field_tag :claims, sanitize(params[:claims]) %>
+ <% end %>
<% if params[:acr_values] %>
- <%= hidden_field_tag :acr, params[:acr_values] %>
+ <%= hidden_field_tag :acr_values, params[:acr_values] %>
<% end %>
<% end %>
</div>
<p class="text-center">
<%= submit_tag rodauth.oauth_authorize_button, class: "btn btn-outline-primary" %>
- <%= link_to rodauth.oauth_cancel_button, "#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{"&state=\#{rodauth.state}" if params[:state] }", class: "btn btn-outline-danger" %>
+ <%= link_to rodauth.oauth_cancel_button, "#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{"&state=\#{CGI.escape(rodauth.state)}" if params[:state] }", class: "btn btn-outline-danger" %>
</p>
<% end %>