about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gn3/auth/authentication/oauth2/views.py4
-rw-r--r--gn3/templates/oauth2/authorise-user.html3
2 files changed, 5 insertions, 2 deletions
diff --git a/gn3/auth/authentication/oauth2/views.py b/gn3/auth/authentication/oauth2/views.py
index 7ce45fd..2bd3865 100644
--- a/gn3/auth/authentication/oauth2/views.py
+++ b/gn3/auth/authentication/oauth2/views.py
@@ -36,7 +36,9 @@ def authorise():
     """Authorise a user"""
     try:
         server = app.config["OAUTH2_SERVER"]
-        client_id = uuid.UUID(request.args.get("client_id", str(uuid.uuid4())))
+        client_id = uuid.UUID(request.args.get(
+            "client_id",
+            request.form.get("client_id", str(uuid.uuid4()))))
         client = server.query_client(client_id)
         if not bool(client):
             flash("Invalid OAuth2 client.", "alert-error")
diff --git a/gn3/templates/oauth2/authorise-user.html b/gn3/templates/oauth2/authorise-user.html
index 33c5b16..b9284e5 100644
--- a/gn3/templates/oauth2/authorise-user.html
+++ b/gn3/templates/oauth2/authorise-user.html
@@ -7,9 +7,10 @@
 {%block content%}
 {{flash_messages()}}
 
-<form method="POST" action="#">
+<form method="POST" action="{{url_for('oauth2.auth.authorise')}}">
   <input type="hidden" name="response_type" value="{{response_type}}" />
   <input type="hidden" name="scope" value="{{scope | join(' ')}}" />
+  <input type="hidden" name="client_id" value="{{client.client_id}}" />
   <p>
     You are authorising "{{client.client_metadata.client_name}}" to access
     Genenetwork 3 with the following scope: