Discuss this help topic in SecureBlackbox Forum

OAuth: Customize login and confirmation forms

Different HTML forms may be displayed to the end users in some OAuth2 scenarios e.g. when login credentials should be entered via web-browser. By default TElHTTPSServer uses built-in forms code that may be customized.

TElHTTPSServer.AuthFormTemplate property may be used to assign a custom login form. The default form looks the next way:

<html>
    <head>
        <title>EldoS HTTP Login Page</title>
    </head>
    <body>
        <center>
            <h1>Enter login credentials</h2>
            <form action="%URL%" method="POST">
            Login:<br/><input type="text" name="%LOGIN%"/><br/>
            Password:<br/><input type="password" name="%PASSWORD%"/><br/>
            <input type="hidden" name="%CSRF%" value="%CSRF_TOKEN%"/>
            <input type="submit" value="Login"/>
            </form>
        </center>
    </body>
</html>
where These parameters are replaced by actual values in runtime.

TElHTTPSServer.ConfirmPageTemplate is used to assign the custom login confirmation page. The default form looks the next way:

<html>
    <head><title>EldoS OAuth2 Confirmation Page</title></head>
    <body>
        <center>
            <h1>An application would like to connect to your account!</h1>
            <h2>The application %APPNAME% would like the ability to access:</h2>
            <h3>%SCOPE%</h3>
            <button type="button" id="yes">Yes</button><button type="button" id="no">No</button>
        </center>
        <script>
            document.getElementById(yes).onclick = function() {
                window.location = "%ALLOW_URL%";
            };
            document.getElementById(no).onclick = function() {
                window.location = "%DENY_URL%";
            };
        </script>
    </body>
</html>
where
  • %APPNAME% - is replaced with application name in runtime;
  • %SCOPE% - is replaced with the requested scope;
  • %ALLOW_URL% and %DENY_URL% are replaced with special URL generated inside server code.

How To articles about server-side OAuth questions

Discuss this help topic in SecureBlackbox Forum