The OAuth server uses this page to determine and store user consent information about which OAuth clients are authorized to access the protected resource. This page also indicates which scope is requested by the OAuth client.
The Tivoli® Federated Identity Manager provides an HTML page template called user_consent.html.
Tivoli Federated Identity Manager stores the decisions made by the resource owner about which OAuth clients to trust. The resource owner is not prompted every time the same client requests authorization to access the protected resource.
The authorization request from the OAuth client shows a list of approved scopes, and a list of scopes to be approved. These lists are shown in the consent page and can be of indeterminate length. The template supports multiple copies of stanzas that are repeated once for each scope in either list.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>OAuth - Consent to Authorize</title>
</head>
<body>
<h1>OAuth - Consent to Authorize</h1>
<br />
<p>The following site is requesting access to an OAuth protected resource:</p>
<p>@OAUTH_CLIENT_CALLBACK@</p>
<p>Company Name: @OAUTH_CLIENT_COMPANY_NAME@</p>
<p>Additional Information: @OAUTH_CUSTOM_MACRO@</p>
<br />
<p>User Name: @USERNAME@</p>
<br />
<form action="@OAUTH_AUTHORIZE_URI@" method="post">
<p>The client provided the following extra request parameters:</p>
<!-- START NON-TRANSLATABLE -->
[RPT oauthOtherParamsRepeatable]
@OAUTH_OTHER_PARAM_REPEAT@=@OAUTH_OTHER_PARAM_VALUE_REPEAT@
<input type="hidden" name="@OAUTH_OTHER_PARAM_REPEAT@"
value="@OAUTH_OTHER_PARAM_VALUE_REPEAT@" />
[ERPT oauthOtherParamsRepeatable]
<!-- END NON-TRANSLATABLE -->
<br />
<p>The client requested the following token scopes
that have been previously approved:</p>
<!-- START NON-TRANSLATABLE -->
<ul>
[RPT oauthTokenScopePreapprovedRepeatable]
<li>@OAUTH_TOKEN_SCOPE_REPEAT@</li>
<input type="hidden" name="scope" value="@OAUTH_TOKEN_SCOPE_REPEAT@" />
[ERPT oauthTokenScopePreapprovedRepeatable]
</ul>
<!-- END NON-TRANSLATABLE -->
<br />
<p>The client requested the following token scopes
that have not yet been approved:</p>
<!-- START NON-TRANSLATABLE -->
[RPT oauthTokenScopeNewApprovalRepeatable]
<input type="checkbox" name="scope" value="@OAUTH_TOKEN_SCOPE_REPEAT@"
checked="checked"/> <label>@OAUTH_TOKEN_SCOPE_REPEAT@</label><br />
[ERPT oauthTokenScopeNewApprovalRepeatable]
<!-- END NON-TRANSLATABLE -->
<br />
<p>Would you like to approve this access?</p>
<br />
<input type="hidden" name="consent_form_verifier" value="@CONSENT_FORM_VERIFIER@" />
<!--
The scope parameters can be:
1. Requested as part of the redirect for authorization by the client
by appending them to the authorize URL as query string parameters, or
2. If not requested by the client, and you know what authorization options
are valid for the OAuth-protected resources being requested, you may
also manually prompt for them in this page template as demonstrated
by the following example scope's
-->
<!--
<table>
<tr>
<td>Scopes to be authorized: </td>
<td>Scope 1</td><td><input type="checkbox" name="scope"
value="token_scope_1" /></td>
<td>:: Scope 2</td><td><input type="checkbox" name="scope"
value="token_scope_2" /></td>
<td>:: Scope 3</td><td><input type="checkbox" name="scope"
value="token_scope_3" /></td>
</tr>
</table>
-->
<table>
<tr><td>Permit </td><td><input type="radio" name="trust_level"
value="permit" checked /></td></tr>
<tr><td>Deny </td><td><input type="radio" name="trust_level"
value="deny" /></td></tr>
</table>
<br />
<input type="submit" name="submit" value="Submit" style="width:80px"/>
</form>
</body>
</html>