~sircmpwn/sr.ht-dev

meta.sr.ht: Add query param to pre-fill oauth2 token grants v1 SUPERSEDED

Simon Ser: 1
 Add query param to pre-fill oauth2 token grants

 1 files changed, 2 insertions(+), 1 deletions(-)
#634488 alpine.yml success
#634489 archlinux.yml success
#634490 debian.yml success
> Since the defaults are to grant everything, I figured allowing
> third-parties to restrict the grant wouldn't be a big deal. IOW, if a
> third-party has the choice between getting all grants without a
> warning, and restricting the grants with a scary warning… We're
> creating an intensive to not restrict the grants.  I don't feel
> strongly about it, but I think this is worth pointing out.
There's a difference between alert-info and alert-warning. The goal is
just to explain what's going on, and perhaps to dissuade them from
making any changes that might break the program they're issuing a token
for. Maybe we should make the form read-only in this situation, too?
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/26799/mbox | git am -3
Learn more about email & git

[PATCH meta.sr.ht] Add query param to pre-fill oauth2 token grants Export this patch

---
 metasrht/blueprints/oauth2.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/metasrht/blueprints/oauth2.py b/metasrht/blueprints/oauth2.py
index 55351d4d409a..65f59eae2a08 100644
--- a/metasrht/blueprints/oauth2.py
+++ b/metasrht/blueprints/oauth2.py
@@ -109,7 +109,8 @@ def dashboard():
@loginrequired
def personal_token_GET():
    return render_template("oauth2-personal-token-registration.html",
            access_grants=access_grants)
            access_grants=access_grants,
            literal_grants=request.args.get("grants"))

@oauth2.route("/oauth2/personal-token", methods=["POST"])
@loginrequired

base-commit: cd0ef906447aa086f2ffbec80ceaf581a39e943c
-- 
2.34.0
meta.sr.ht/patches: SUCCESS in 3m26s

[Add query param to pre-fill oauth2 token grants][0] from [Simon Ser][1]

[0]: https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/26799
[1]: mailto:contact@emersion.fr

✓ #634488 SUCCESS meta.sr.ht/patches/alpine.yml    https://builds.sr.ht/~sircmpwn/job/634488
✓ #634490 SUCCESS meta.sr.ht/patches/debian.yml    https://builds.sr.ht/~sircmpwn/job/634490
✓ #634489 SUCCESS meta.sr.ht/patches/archlinux.yml https://builds.sr.ht/~sircmpwn/job/634489
I think we should adjust the UI a bit in this situation so that users
know what's going on. Let's open the details element and add an
alert-info which explains that they followed a URL which pre-filled the
necessary permissions.