This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
indieauth/templates/default_authorization_page.html.php

123 lines
5.0 KiB
PHP
Raw Permalink Normal View History

<?php
use Taproot\IndieAuth\Server;
/** @var string $formAction The URL to POST to to authorize the app, or to set as the redirect URL for a logout action if the user wants to continue as a different user. */
/** @var Psr\Http\Message\ServerRequestInterface $request */
/** @var array|null $clientHApp */
/** @var array $user */
/** @var array $scopes */
/** @var string $clientId */
/** @var string $clientRedirectUri */
/** @var string $csrfFormElement A pre-rendered CSRF form element which must be output inside the authorization form. */
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>IndieAuth Authorize</title>
<style>
</style>
</head>
<body>
<?php if (!is_null($clientHApp)): ?>
<h1>Authorize <?= htmlentities($clientHApp['name']) ?> (<span class="inline-url"><?= $clientId ?></span>)</h1>
<div class="client-app-details">
<?php if (!is_null($clientHApp['photo'])): ?>
<img class="client-app-photo" src="<?= htmlentities($clientHApp['photo']) ?>" alt="" />
<?php else: ?>
<div class="client-app-photo client-app-photo-placeholder"></div>
<?php endif ?>
<p class="client-app-name"><?= htmlentities($clientHApp['name']) ?></p>
<p class="client-app-url"><?= htmlentities($clientHApp['url']) ?></p>
</div>
<?php else: ?>
<h1>Authorize <span class="inline-url"><?= $clientId ?></span></h1>
<?php endif ?>
<div class="user-details">
<?php if (!is_null($user['profile'])): ?>
<?php if (!is_null($user['profile']['photo'])): ?>
<img class="user-photo" src="<?= htmlentities($user['profile']['photo']) ?>" alt="" />
<?php else: ?>
<div class="user-photo user-photo-placeholder"></div>
<?php endif ?>
<?php if (!is_null($user['profile']['name'])): ?>
<p class="user-name"><?= htmlentities($user['profile']['name']) ?></p>
<?php endif ?>
<p class="user-me-url"><?= htmlentities($user['me']) ?></p>
<?php else: ?>
<p>User: <span class="inline-url"><?= htmlentities($user['me']) ?></span></p>
<?php endif ?>
<!-- Example! If your server supports multiple users, add a form like this to allow the currently
logged-in user to log out and re-authenticate. In order for the IndieAuth request to proceed
seamlessly, you MUST redirect to $formAction after re-authenticating. For security, all
of the requests involved in the re-authentication SHOULD be CSRF-protected (but youre already
CSRF-protecting your authentication flow… right?)
<form class="logout-form" action="/logout" method="post">
<input type="hidden" name="your_csrf_name" value="your_csrf_token" />
<input type="hidden" name="your_logout_redirect_parameter" value="<?= htmlentities($formAction) ?>" />
<p>Want to log into <span class="inline-url"><?= $clientId ?></span> as another user? <button type="submit">Log out and continue</button></p>
</form>
-->
</div>
<form method="post" action="<?= $formAction ?>">
<?= $csrfFormElement ?>
<div class="scope-section">
<h2>Scope</h2>
<?php if(!empty($scopes)): ?>
<p>The app has requested the following scopes. You may choose which to grant it.</p>
<ul class="scope-list">
<!-- Loop through $scopes, which maps string $scope to ?string $description by default. -->
<?php foreach ($scopes as $scope => $description): ?>
<li class="scope-list-item">
<label>
<input type="checkbox" name="taproot_indieauth_server_scope[]" value="<?= htmlentities($scope) ?>" />
<p class="scope-name"><?= htmlentities($scope) ?></p>
<?php if (!empty($description)): ?>
<p class="scope-description"><?= htmlentities($description) ?></p>
<?php endif ?>
</label>
</li>
<?php endforeach ?>
</ul>
<?php else: ?>
<p>The app has requested no scopes, and will only be able to confirm that youre logged in as <span class="inline-url"><?= htmlentities($user['me']) ?></span>.</p>
<?php endif ?>
</div>
<!-- Youre welcome to add addition UI for the user to customise the properties of the granted
access token (e.g. lifetime), just make sure you adapt the transformAuthorizationCode
function to handle them. -->
<div class="submit-section">
<p>After approving, you will be redirected to <span class="inline-url"><?= htmlentities($clientRedirectUri) ?></span>.</p>
<p>
<!-- Forms should give the user a chance to cancel the authorization. This usually involves linking them back to the app they came from. -->
<a class="cancel-link" href="<?= htmlentities($clientId) ?>">Cancel (back to <?= $clientHApp['name'] ?? 'app' ?>)</a>
<!-- Your form MUST be submitted with taproot_indieauth_action=approve for the approval submission to work. -->
<button type="submit" name="<?= Server::APPROVE_ACTION_KEY ?>" value="<?= Server::APPROVE_ACTION_VALUE ?>">Authorize</button>
</p>
</div>
</form>
<footer>
<small>Powered by <a href="https://taprootproject.com">taproot/indieauth</a></small>
</footer>
</body>
</html>