aboutsummaryrefslogtreecommitdiff
path: root/gn3
diff options
context:
space:
mode:
Diffstat (limited to 'gn3')
-rw-r--r--gn3/auth/authentication/oauth2/views.py4
-rw-r--r--gn3/templates/oauth2/authorise-user.html3
2 files changed, 5 insertions, 2 deletions
diff --git a/gn3/auth/authentication/oauth2/views.py b/gn3/auth/authentication/oauth2/views.py
index 7ce45fd..2bd3865 100644
--- a/gn3/auth/authentication/oauth2/views.py
+++ b/gn3/auth/authentication/oauth2/views.py
@@ -36,7 +36,9 @@ def authorise():
"""Authorise a user"""
try:
server = app.config["OAUTH2_SERVER"]
- client_id = uuid.UUID(request.args.get("client_id", str(uuid.uuid4())))
+ client_id = uuid.UUID(request.args.get(
+ "client_id",
+ request.form.get("client_id", str(uuid.uuid4()))))
client = server.query_client(client_id)
if not bool(client):
flash("Invalid OAuth2 client.", "alert-error")
diff --git a/gn3/templates/oauth2/authorise-user.html b/gn3/templates/oauth2/authorise-user.html
index 33c5b16..b9284e5 100644
--- a/gn3/templates/oauth2/authorise-user.html
+++ b/gn3/templates/oauth2/authorise-user.html
@@ -7,9 +7,10 @@
{%block content%}
{{flash_messages()}}
-<form method="POST" action="#">
+<form method="POST" action="{{url_for('oauth2.auth.authorise')}}">
<input type="hidden" name="response_type" value="{{response_type}}" />
<input type="hidden" name="scope" value="{{scope | join(' ')}}" />
+ <input type="hidden" name="client_id" value="{{client.client_id}}" />
<p>
You are authorising "{{client.client_metadata.client_name}}" to access
Genenetwork 3 with the following scope: