diff --git a/app/controllers/OpenID.controller.js b/app/controllers/OpenID.controller.js
index fb2110b..196f635 100644
--- a/app/controllers/OpenID.controller.js
+++ b/app/controllers/OpenID.controller.js
@@ -153,6 +153,12 @@ class OpenIDController extends Controller {
})
}
+ // If the user has already authorized this app, just redirect
+ if ( req.user.has_authorized({ id: params.client_id }) ) {
+ return res.redirect(`/openid/interaction/${uid.toLowerCase()}/grant`)
+ }
+
+ // Otherwise, prompt them for authorization
return res.page('public:message', {
...this.Vue.data({
message: `
Authorize ${application.name}?
@@ -170,6 +176,11 @@ class OpenIDController extends Controller {
{
text: req.T('common.grant'),
action: 'redirect',
+ next: `/openid/grant-and-save/${params.client_id}/${uid.toLowerCase()}`,
+ },
+ {
+ text: req.T('common.grant_once'),
+ action: 'redirect',
next: `/openid/interaction/${uid.toLowerCase()}/grant`,
},
],
@@ -177,6 +188,19 @@ class OpenIDController extends Controller {
})
}
+ async grant_and_save(req, res, next) {
+ if ( !req.user.has_authorized({ client_id: req.params.client_id }) ) {
+ req.user.authorize({
+ client_id: req.params.client_id,
+ api_scopes: ['openid-connect'],
+ })
+
+ await req.user.save()
+ }
+
+ return res.redirect(`/openid/interaction/${req.params.uid.toLowerCase()}/grant`)
+ }
+
async login(req, res, { uid, prompt, params, session }) {
return res.redirect(`/openid/interaction/${uid.toLowerCase()}/start-session`)
}
diff --git a/app/routing/routers/openid.routes.js b/app/routing/routers/openid.routes.js
index 0e97c7c..b8ce43d 100644
--- a/app/routing/routers/openid.routes.js
+++ b/app/routing/routers/openid.routes.js
@@ -7,6 +7,9 @@ const openid = {
],
get: {
+ '/grant-and-save/:client_id/:uid': [
+ 'middleware::auth:UserOnly', 'controller::OpenID.grant_and_save',
+ ],
'/interaction/:uid': [
'controller::OpenID.handle_interaction',
],
diff --git a/locale/en_US/common.locale.js b/locale/en_US/common.locale.js
index 1f5cee3..b5b9a71 100644
--- a/locale/en_US/common.locale.js
+++ b/locale/en_US/common.locale.js
@@ -11,7 +11,8 @@ module.exports = exports = {
yes: 'Yes',
no: 'No',
deny: 'Deny',
- grant: 'Grant Access',
+ grant: 'Allow access',
+ grant_once: 'Allow access once',
back: 'Back',
next: 'Next',
cancel: 'Cancel',