auth
auth/authd/templates/simple.gotmpl
Let's test our verifyClient function. C'mon, it'll be fun! Add a function that tests the verifyClient function to our unit test suite. Basically, make sure that all the conceivable types of input have the right logic flow for what a "valid client" is. Also leave a note in client.go that makes it clear that public clients _should not be issued secrets in the first place_, because a public client that is issued a secret and specifies its client ID using the `client_id` POST body format will be told that it is not a valid client. While there are ways around this, the spec clearly states that non-confidential clients are not supposed to be issued secrets, so this seems like a nice way to conform to the spec or break trying.
1 {{ define "login" }}<html>
2 <head>
3 <title>Log in</title>
4 </head>
5 <body>
6 <h1>Please log into your account</h1>{{ if .errors }}
7 <h2>Errors:</h2>
8 <ul>{{ range .errors }}
9 <li>{{ . }}</li>
10 </ul>{{ end }}{{ end }}
11 <form method="POST">
12 <p>Username: <input type="text" name="login"></p>
13 <p>Password: <input type="password" name="passphrase"></p>
14 <p><input type="submit"></p>
15 </form>
16 </body>
17 </html>{{ end }}
19 {{ define "get_grant" }}<html>
20 <head>
21 <title>Grant access</title>
22 </head>
23 <body>{{ if .error }}
24 <h1>Error</h1>
25 <p>{{ .error }}</p>{{ end }}{{ if .internal_error }}
26 <h1>Error</h1>
27 <p>{{ .internal_error }}</p>{{ end }}{{ if not .error }}{{ if not .internal_error }}<h1>Grant access</h1>
28 <p>{{ .client.Name }} is requesting access to your account. if you grant it, you'll be redirected to {{ .redirectURL }}. Their access will be limited to {{ .scope }}. You are granting access for {{ .profile.Name }}.</p>{{ end }}{{ end }}
29 <form method="POST">
30 <input type="submit" name="grant" value="approved">
31 </form>
32 </body>
33 </html>{{ end }}