authorize.str in rodauth-oauth-0.7.2

- old
+ new

@@ -5,16 +5,26 @@
   <div class="form-group">
     <h1 class="display-6">#{rodauth.scopes_label}</h1>
 
     #{
       rodauth.scopes.map do |scope|
-        <<-HTML
-         	<div class="form-check">
-            <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}" #{"checked disabled" if scope == rodauth.oauth_application_default_scope}>
-            <label class="form-check-label" for="#{scope}">#{scope}</label>
-          </div>
-        HTML
+        if scope == rodauth.oauth_application_default_scope
+          <<-HTML
+            <div class="form-check">
+              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}" checked disabled>
+              <label class="form-check-label" for="#{scope}">#{scope}</label>
+              <input type="hidden" name="scope[]" value="#{scope}">
+            </div>
+          HTML
+        else
+          <<-HTML
+            <div class="form-check">
+              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}">
+              <label class="form-check-label" for="#{scope}">#{scope}</label>
+            </div>
+          HTML
+        end
       end.join
     }
 
     <input type="hidden" name="client_id" value="#{rodauth.param("client_id")}"/>
 
@@ -29,6 +39,6 @@
   </div>
   <p class="text-center">
     <input type="submit" class="btn btn-outline-primary" value="#{h(rodauth.oauth_authorize_button)}"/>
     <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">Cancel</a>
   </p>
-</form>
\ No newline at end of file
+</form>