rodauth-oauth 0.7.0 → 0.7.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 91f66a3575e9f63b13eac64e44c3ce768fb5904ce5e77e0239e3f1f437c21fbf
-  data.tar.gz: bb80d8836f4ad0b99b8e75458861c36526b9a60e623f6d799ff88a751bfe9bc0
+  metadata.gz: cbc2a014ad242752b436e810b24df8839c00c7a066b860e4cf418c16f19cfbad
+  data.tar.gz: e8c27858547f1df38662608cf74f6f75f48b438ec29137bfffd820320077b185
 SHA512:
-  metadata.gz: '09a5d103d91e13b011456259b255ddd930692e5f50b9ebc892fa86c8ac48006e2815f7339cb10cf1d710eefd5ae18da56a08e43aedd47002bcbaa1cf82c59c6d'
-  data.tar.gz: 745409245789cb8e77a50724192b126e047a5258827bdec765bd2ff07ff3ff4c77bb44463bc513f384f35a3e470f67496a1f12a56777cb27c6af36e903febb7f
+  metadata.gz: d8cabdea042eb26aaf1941ff9881f4cce9ffa4eb35557d7105d3c2195ced323f860654be7d161e56c85d91f7312fd041a39379516b97d6df47cf1637f273fb1f
+  data.tar.gz: d45c638c97f34705ddfe0ab124da3ed143188513454192aae65c4227d5e255ed0e5223fd3b3273418e2cc12896a7c175ce4786ecc20d6e611a1e4a3b28e412ca

data/CHANGELOG.md

@@ -2,11 +2,61 @@
 
 ## master
 
+### 0.7.4 (15/01/2022)
+
+#### Bugfixes
+
+* including missing erb templates in the package.
+
+## 0.7.3 (14/01/2022)
+
+#### Bugfixes
+
+* fixed generator declarations and views generator, in orderto copy templates and rewrite paths accordingly.
+* update view templates to not use "%%".
+
+#### Chore
+
+* `rodauth` is now declared as a dependency, with minimum version set `2.0`.
+
+### 0.7.2 (14/12/2021)
+
+#### Features
+
+* Revoking tokens from the OAuth Application management interface (@muellerj)
+
+Token revocation was only possible when using the client ID and Secret, to aid "logout" functionality from client applications. Although the admin interface (available via `r.oauth_applications`) displayed a "Revoke" button alongside tokens in the list page, this was not working. The RFC does allow for the use case of application administrators being able to manually revoke tokens (as a result of client support, for example), so this functionality was enabled (only for the oauth application owner, for now).
+
+#### Bugfixes
+
+Default scope usage related bugfixes:
+
+* Improved default scope conversion to avoid nested arrays (@muellerj);
+* Authorize form shows a disabled checkbox and POST's no scope when default scope is to be used (@muellerj);
+* example default scope fixed for example authorization server (should be string) (@muellerj);
+* several param fixes in view templates (@muellerj);
+
+OAuth Applications Management fixes:
+
+* Access to OAuth Application page is now restricted to app owner;
+* OAuth Applications page now lists the **only** the applications owned by the logged in user;
+
+### 0.7.1 (05/12/2021)
+
+#### Improvements
+
+* Adapted the `rodauth-i18n` configuration to comply with the guidelines for `v0.2.0` (which is the defacto minimmal supported version).
+
+#### Bugfixes
+
+* `convert_timestamp` was removed from the templates, as it's private API.
+* Several missing or wrong URLs in templates fixed (authorize form was wrongly processing scopes when none was selected).
+
 ### 0.7.0 (02/12/2021)
 
 #### Features
 
-* Internationalization (i18n) support by hooking on [rodauth-oauth](https://github.com/janko/rodauth-i18n).
+* Internationalization (i18n) support by hooking on [rodauth-i18n](https://github.com/janko/rodauth-i18n).
   * Sets all text using `translatable_method`.
   * Provides english translations for all `rodauth-oauth` related user facing text.
 

data/README.md

@@ -173,7 +173,7 @@ puts payload #=> {"access_token" => "awr23f3h8f9d2h89...", "token_type" => "Bear
 
 #### Revoking tokens
 
-Token revocation can be done both by the idenntity owner or the application owner, and can therefore be done either online (browser-based form) or server-to-server. Here's an example using server-to-server:
+Token revocation can be done both by the identity owner or the application owner, and can therefore be done either online (browser-based form) or server-to-server. Here's an example using server-to-server:
 
 ```ruby
 require "httpx"

data/lib/generators/rodauth/oauth/install_generator.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "rails/generators/base"
+require "rails/generators"
 require "rails/generators/migration"
 require "rails/generators/active_record"
 

data/lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb

@@ -0,0 +1,29 @@
+<%= form_tag rodauth.authorize_path, method: :post do %>
+  <p class="lead">The application <%= rodauth.oauth_application[rodauth.oauth_applications_name_column] %> would like to access your data.</p>
+
+  <div class="form-group">
+    <h1 class="display-6"><%= rodauth.scopes_label %></h1>
+
+    <% rodauth.scopes.each do |scope| %>
+      <% is_default = scope == rodauth.oauth_application_default_scope %>
+      <div class="form-check">
+        <%= check_box_tag "scope[]", scope, is_default, disabled: is_default, id: scope, class: "form-check-input" %>
+        <%= label_tag scope, scope, class: "form-check-label" %>
+        <%= hidden_field_tag "scope[]", scope if is_default %>
+      </div>
+    <% end %>
+    <%= hidden_field_tag :client_id, params[:client_id] %>
+    <% %i[access_type response_type state nonce redirect_uri code_challenge code_challenge_method].each do |oauth_param| %>
+      <% if params[oauth_param] %>
+        <%= hidden_field_tag oauth_param,  params[oauth_param] %>
+      <% end %>
+    <% end %>
+    <% if params[:response_mode] %>
+      <%= hidden_field_tag :response_mode, params[:response_mode] %>
+    <% end %>
+  </div>
+ <p class="text-center">
+    <%= submit_tag "Authorize", class: "btn btn-outline-primary" %>
+    <%= link_to "Cancel", "#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{"&state=\#{rodauth.state}" if params[:state] }", class: "btn btn-outline-danger" %>
+  </p>
+<% end %>

data/lib/generators/rodauth/oauth/templates/app/views/rodauth/new_oauth_application.html.erb

@@ -0,0 +1,38 @@
+<%= form_tag rodauth.oauth_applications_path, method: :post, class: "form-horizontal" do %>
+  <h2>Register Oauth Application</h2>
+  <%= rodauth.field_error('scope') %>
+  <div class="form-group">
+    <%= label_tag "name", "Name" %>
+    <%= text_field_tag "name", rodauth.param('name'), class: "form-control#{' is-invalid' if rodauth.field_error('name')}" %>
+    <%= rodauth.field_error('name') %>
+  </div>
+  <div class="form-group">
+    <%= label_tag "description", "Description" %>
+    <%= text_field_tag "description", rodauth.param('description'), class: "form-control#{' is-invalid' if rodauth.field_error('description')}" %>
+    <%= rodauth.field_error('description') %>
+  </div>
+  <div class="form-group">
+    <%= label_tag "homepage_url", "Homepage URL" %>
+    <%= text_field_tag "homepage_url", rodauth.param('homepage_url'), class: "form-control#{' is-invalid' if rodauth.field_error('homepage_url')}" %>
+    <%= rodauth.field_error('homepage_url') %>
+  </div>
+  <div class="form-group">
+    <%= label_tag "redirect_uri", "Redirect URL" %>
+    <%= text_field_tag "redirect_uri", rodauth.param('redirect_uri'), class: "form-control#{' is-invalid' if rodauth.field_error('redirect_uri')}" %>
+    <%= rodauth.field_error('redirect_uri') %>
+  </div>
+  <div class="form-group">
+    <%= label_tag "client_secret", "Secret (make it random and at least 32 character-long)" %>
+    <%= text_field_tag "client_secret", rodauth.param('client_secret'), class: "form-control#{' is-invalid' if rodauth.field_error('client_secret')}" %>
+    <%= rodauth.field_error('client_secret') %>
+  </div>
+  <% rodauth.oauth_application_scopes.each do |scope| %>
+    <div class="form-check">
+      <%= check_box_tag "scopes[]", scope, scope == rodauth.oauth_application_default_scope, id: scope, class: "form-check-input" %>
+      <%= scope %>
+    </div>
+  <% end %>
+  <div class="form-group">
+    <%= submit_tag "Register", class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application.html.erb

@@ -0,0 +1,17 @@
+<% oauth_application = rodauth.scope.instance_variable_get(:@oauth_application) %>
+<div>
+  <h2><%= oauth_application[rodauth.oauth_applications_name_column] %></h2>
+
+  <dl>
+    <dt>Description: </dt>
+    <dd><%= oauth_application[rodauth.oauth_applications_description_column] %></dd>
+    <dt>Homepage URL: </dt>
+    <dd><%= oauth_application[rodauth.oauth_applications_homepage_url_column] %></dd>
+    <dt>Client ID: </dt>
+    <dd><%= oauth_application[rodauth.oauth_applications_client_id_column] %></dd>
+    <dt>Redirect URL: </dt>
+    <dd><%= oauth_application[rodauth.oauth_applications_redirect_uri_column] %></dd>
+    <dt>Scopes: </dt>
+    <dd><%= oauth_application[rodauth.oauth_applications_scopes_column] %></dd>
+  </dl>
+</div>

data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_applications.html.erb

@@ -0,0 +1,29 @@
+<% oauth_applications_ds = rodauth.scope.instance_variable_get(:@oauth_applications) %>
+<% apps_count = oauth_applications_ds.count %>
+<div class="btn-group" role="group" aria-label="Buttons">
+  <%= link_to "New Oauth Application",  "#{rodauth.oauth_applications_path}/new", class: "btn btn-secondary" %>
+</div>
+<% if apps_count.zero? %>
+  <p>No oauth applications yet!</p>
+<% else %>
+  <table class="table">
+    <thead>
+      <tr>
+        <th scope="col">Client ID (<%= apps_count %>)</th>
+        <th scope="col">Name</th>
+        <th scope="col">Homepage</th>
+        <th scope="col"></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% oauth_applications_ds.each do |application| %>
+        <tr>
+          <td><%= application[rodauth.oauth_applications_client_id_column] %></td>
+          <td><%= application[rodauth.oauth_applications_name_column] %></td>
+          <td><%= application[rodauth.oauth_applications_homepage_url_column] %></td>
+          <td><%= link_to "Show",  rodauth.oauth_application_path(application[rodauth.oauth_applications_id_column]) %></td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+<% end %>

data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_tokens.html.erb

@@ -0,0 +1,38 @@
+<% oauth_tokens_ds = rodauth.scope.instance_variable_get(:@oauth_tokens) %>
+<% tokens_count = oauth_tokens_ds.count %>
+<% if tokens_count.zero? %>
+  <p>No oauth tokens yet!</p>
+<% else %>
+  <table class="table">
+    <thead>
+      <tr>
+        <th scope="col">Token</th>
+        <th scope="col">Refresh Token</th>
+        <th scope="col">Expires in</th>
+        <th scope="col">Revoked at</th>
+        <th scope="col">Scopes</th>
+        <th scope="col"><span class="badge badge-pill badge-dark"><%= tokens_count %></span>
+      </tr>
+    </thead>
+    <tbody>
+      <% oauth_tokens_ds.each do |application| %>
+        <tr>
+          <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_token_column] %></code></td>
+          <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_refresh_token_column] %></code></td>
+          <td><%= oauth_token[rodauth.oauth_tokens_expires_in_column] %></td>
+          <td><%= oauth_token[rodauth.oauth_tokens_revoked_at_column] %></td>
+          <td><%= oauth_token[rodauth.oauth_tokens_scopes_column] %></td>
+          <td>
+            <% if !oauth_token[rodauth.oauth_tokens_revoked_at_column] %>
+              <%= form_tag rodauth.revoke_path, method: :post do %>
+                <%= hidden_field_tag :token_type_hint, "access_token" %>
+                <%= hidden_field_tag :token, oauth_token[rodauth.oauth_tokens_token_column] %>
+                <%= submit_tag "Revoke", class: "btn btn-danger" %>
+              <% end %>
+            <% end %>
+          </td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+<% end %>

data/lib/generators/rodauth/oauth/views_generator.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "rails/generators/base"
+require "rails/generators"
 
 module Rodauth::OAuth
   module Rails
@@ -8,6 +8,7 @@ module Rodauth::OAuth
       class ViewsGenerator < ::Rails::Generators::Base
         source_root "#{__dir__}/templates"
         namespace "rodauth:oauth:views"
+        desc "Generate db migrations for rodauth-oauth in your application."
 
         DEFAULT = %w[authorize].freeze
         VIEWS = {
@@ -31,16 +32,20 @@ module Rodauth::OAuth
                                  default: "rodauth"
 
         def create_views
-          features = options[:all] ? VIEWS.keys : (DEFAULT + options[:features]).map(&:to_sym)
+          features = options[:all] ? VIEWS.keys : (%i[oauth_authorize] + options[:features]).map(&:to_sym).uniq
 
           views = features.inject([]) do |list, feature|
             list |= VIEWS[feature] || []
             list |= VIEWS[DEPENDENCIES[feature]] || []
           end
 
+          directory = options[:directory].underscore
           views.each do |view|
-            template "app/views/rodauth/#{view}.html.erb",
-                     "app/views/#{options[:directory].underscore}/#{view}.html.erb"
+            copy_file "app/views/rodauth/#{view}.html.erb",
+                     "app/views/#{directory}/#{view}.html.erb" do |content|
+              content = content.gsub("rodauth/", "#{directory}/")
+              content
+            end
           end
         end
       end

data/lib/rodauth/features/oauth.rb

@@ -66,6 +66,7 @@ module Rodauth
     notice_flash "Your oauth application has been registered", "create_oauth_application"
 
     notice_flash "The oauth token has been revoked", "revoke_oauth_token"
+    error_flash "You are not authorized to revoke this token", "revoke_unauthorized_account"
 
     view "authorize", "Authorize", "authorize"
     view "oauth_applications", "Oauth Applications", "oauth_applications"
@@ -279,7 +280,13 @@ module Rodauth
       next unless is_authorization_server?
 
       before_revoke_route
-      require_oauth_application
+
+      if logged_in?
+        require_account
+        require_oauth_application_from_account
+      else
+        require_oauth_application
+      end
 
       r.post do
         catch_error do
@@ -386,7 +393,10 @@ module Rodauth
         end
 
         request.on(oauth_applications_id_pattern) do |id|
-          oauth_application = db[oauth_applications_table].where(oauth_applications_id_column => id).first
+          oauth_application = db[oauth_applications_table]
+                              .where(oauth_applications_id_column => id)
+                              .where(oauth_applications_account_id_column => account_id)
+                              .first
           next unless oauth_application
 
           scope.instance_variable_set(:@oauth_application, oauth_application)
@@ -407,7 +417,8 @@ module Rodauth
         end
 
         request.get do
-          scope.instance_variable_set(:@oauth_applications, db[oauth_applications_table])
+          scope.instance_variable_set(:@oauth_applications, db[oauth_applications_table]
+            .where(oauth_applications_account_id_column => account_id))
           oauth_applications_view
         end
 
@@ -474,7 +485,7 @@ module Rodauth
       when String
         scope.split(" ")
       when nil
-        [oauth_application_default_scope]
+        Array(oauth_application_default_scope)
       end
     end
 
@@ -570,6 +581,8 @@ module Rodauth
       end
 
       self.class.send(:define_method, :__one_oauth_token_per_account) { one_oauth_token_per_account }
+
+      i18n_register(File.expand_path(File.join(__dir__, "..", "..", "..", "locales"))) if features.include?(:i18n)
     end
 
     def use_date_arithmetic?
@@ -682,6 +695,20 @@ module Rodauth
       authorization_required unless @oauth_application && secret_matches?(@oauth_application, client_secret)
     end
 
+    def require_oauth_application_from_account
+      ds = db[oauth_applications_table]
+           .join(oauth_tokens_table, Sequel[oauth_tokens_table][oauth_tokens_oauth_application_id_column] =>
+                                     Sequel[oauth_applications_table][oauth_applications_id_column])
+           .where(oauth_token_by_token_ds(param("token")).opts.fetch(:where, true))
+           .where(Sequel[oauth_applications_table][oauth_applications_account_id_column] => account_id)
+
+      @oauth_application = ds.qualify.first
+      return if @oauth_application
+
+      set_redirect_error_flash revoke_unauthorized_account_error_flash
+      redirect request.referer || "/"
+    end
+
     def secret_matches?(oauth_application, secret)
       BCrypt::Password.new(oauth_application[oauth_applications_client_secret_column]) == secret
     end
@@ -772,17 +799,21 @@ module Rodauth
       end
     end
 
-    def oauth_token_by_token(token)
+    def oauth_token_by_token_ds(token)
       ds = db[oauth_tokens_table]
 
       ds = if oauth_tokens_token_hash_column
-             ds.where(oauth_tokens_token_hash_column => generate_token_hash(token))
+             ds.where(Sequel[oauth_tokens_table][oauth_tokens_token_hash_column] => generate_token_hash(token))
            else
-             ds.where(oauth_tokens_token_column => token)
+             ds.where(Sequel[oauth_tokens_table][oauth_tokens_token_column] => token)
            end
 
-      ds.where(Sequel[oauth_tokens_expires_in_column] >= Sequel::CURRENT_TIMESTAMP)
-        .where(oauth_tokens_revoked_at_column => nil).first
+      ds.where(Sequel[oauth_tokens_table][oauth_tokens_expires_in_column] >= Sequel::CURRENT_TIMESTAMP)
+        .where(Sequel[oauth_tokens_table][oauth_tokens_revoked_at_column] => nil)
+    end
+
+    def oauth_token_by_token(token)
+      oauth_token_by_token_ds(token).first
     end
 
     def oauth_token_by_refresh_token(token, revoked: false)

data/lib/rodauth/oauth/version.rb

@@ -2,6 +2,6 @@
 
 module Rodauth
   module OAuth
-    VERSION = "0.7.0"
+    VERSION = "0.7.4"
   end
 end

data/lib/rodauth/oauth.rb

@@ -5,5 +5,3 @@ require "rodauth"
 require "rodauth/oauth/version"
 
 require "rodauth/oauth/railtie" if defined?(Rails)
-
-Rodauth::I18n.directories << File.expand_path(File.join(__dir__, "..", "..", "locales")) if defined?(Rodauth::I18n)

data/locales/en.yml

@@ -3,6 +3,7 @@ en:
     require_authorization_error_flash: "Please authorize to continue"
     create_oauth_application_error_flash: "There was an error registering your oauth application"
     create_oauth_application_notice_flash: "Your oauth application has been registered"
+    revoke_unauthorized_account_error_flash: "You are not authorized to revoke this token"
     revoke_oauth_token_notice_flash: "The oauth token has been revoked"
     oauth_authorize_title: "Authorize"
     oauth_oauth_applications_page_title: "Oauth Applications"
@@ -31,4 +32,4 @@ en:
     unsupported_transform_algorithm_message: "transform algorithm not supported"
     request_uri_not_supported_message: "request uri is unsupported"
     invalid_request_object_message: "request object is invalid"
-    invalid_scope_message: "The Access Token expired"
+    invalid_scope_message: "The Access Token expired"

data/templates/authorize.str

@@ -1,4 +1,4 @@
-<form method="post" class="form-horizontal" role="form" id="authorize-form">
+<form method="post" action="#{rodauth.authorize_path}" class="form-horizontal" role="form" id="authorize-form">
   #{csrf_tag(rodauth.authorize_path) if respond_to?(:csrf_tag)}
   <p class="lead">The application #{rodauth.oauth_application[rodauth.oauth_applications_name_column]} would like to access your data.</p>
 
@@ -7,12 +7,22 @@
 
     #{
       rodauth.scopes.map do |scope|
-        <<-HTML
-         	<div class="form-check">
-            <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}" #{"checked disabled" if scope == rodauth.oauth_application_default_scope}>
-            <label class="form-check-label" for="#{scope}">#{scope}</label>
-          </div>
-        HTML
+        if scope == rodauth.oauth_application_default_scope
+          <<-HTML
+            <div class="form-check">
+              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}" checked disabled>
+              <label class="form-check-label" for="#{scope}">#{scope}</label>
+              <input type="hidden" name="scope[]" value="#{scope}">
+            </div>
+          HTML
+        else
+          <<-HTML
+            <div class="form-check">
+              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}">
+              <label class="form-check-label" for="#{scope}">#{scope}</label>
+            </div>
+          HTML
+        end
       end.join
     }
 
@@ -31,4 +41,4 @@
     <input type="submit" class="btn btn-outline-primary" value="#{h(rodauth.oauth_authorize_button)}"/>
     <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">Cancel</a>
   </p>
-</form>
+</form>

data/templates/oauth_application.str

@@ -7,5 +7,5 @@
       end.join
     }
   </dl>
-  <a href="/#{"#{rodauth.oauth_applications_path}/#{@oauth_application[:id]}/#{rodauth.oauth_tokens_path}"}" class="btn btn-outline-secondary">Oauth Tokens</a>
-</div>
+  <a href="#{rodauth.oauth_applications_path}/#{@oauth_application[:id]}/#{rodauth.oauth_tokens_path}" class="btn btn-outline-secondary">Oauth Tokens</a>
+</div>

data/templates/oauth_tokens.str

@@ -10,7 +10,8 @@
               <th scope="col">Token</th>
               <th scope="col">Refresh Token</th>
               <th scope="col">Expires in</th>
-              <th scope="col">Revoke</th>
+              <th scope="col">Revoked at</th>
+              <th scope="col">Scopes</th>
               <th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_tokens.count}</span>
             </tr>
           </thead>
@@ -19,16 +20,17 @@
               @oauth_tokens.map do |oauth_token|
                 <<-HTML
                   <tr>
-                    <td>#{oauth_token[rodauth.oauth_tokens_token_column]}</td>
-                    <td>#{oauth_token[rodauth.oauth_tokens_refresh_token_column]}</td>
-                    <td>#{rodauth.convert_timestamp(oauth_token[rodauth.oauth_tokens_expires_in_column])}</td>
-                    <td>#{rodauth.convert_timestamp(oauth_token[rodauth.oauth_tokens_revoked_at_column])}</td>
+                    <td><code class="token">#{oauth_token[rodauth.oauth_tokens_token_column]}</code></td>
+                    <td><code class="token">#{oauth_token[rodauth.oauth_tokens_refresh_token_column]}</code></td>
+                    <td>#{oauth_token[rodauth.oauth_tokens_expires_in_column]}</td>
+                    <td>#{oauth_token[rodauth.oauth_tokens_revoked_at_column]}</td>
+                    <td>#{oauth_token[rodauth.oauth_tokens_scopes_column]}</td>
                     <td>
                       #{
-                        if !oauth_token[rodauth.oauth_tokens_revoked_at_param] && !oauth_token[rodauth.oauth_tokens_token_hash_column]
+                        if !oauth_token[rodauth.oauth_tokens_revoked_at_column] && !oauth_token[rodauth.oauth_tokens_token_hash_column]
                           <<-HTML
                             <form method="post" action="#{rodauth.revoke_path}" class="form-horizontal" role="form" id="revoke-form">
-                              #{csrf_tag(rodauth.oauth_revoke_path) if respond_to?(:csrf_tag)}
+                              #{csrf_tag(rodauth.revoke_path) if respond_to?(:csrf_tag)}
                               #{rodauth.input_field_string("token_type_hint", "revoke-token-type-hint", :value => "access_token", :type=>"hidden")}
                               #{rodauth.input_field_string("token", "revoke-token", :value => oauth_token[rodauth.oauth_tokens_token_column], :type=>"hidden")}
                               #{rodauth.button(rodauth.oauth_token_revoke_button)}
@@ -46,4 +48,4 @@
       HTML
     end
   }
-</div>
+</div>

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-oauth
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.7.4
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-02 00:00:00.000000000 Z
-dependencies: []
+date: 2022-01-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rodauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 description: Implementation of the OAuth 2.0 protocol on top of rodauth.
 email:
 - cardoso_tiago@hotmail.com
@@ -27,6 +41,11 @@ files:
 - lib/generators/rodauth/oauth/templates/app/models/oauth_application.rb
 - lib/generators/rodauth/oauth/templates/app/models/oauth_grant.rb
 - lib/generators/rodauth/oauth/templates/app/models/oauth_token.rb
+- lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb
+- lib/generators/rodauth/oauth/templates/app/views/rodauth/new_oauth_application.html.erb
+- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application.html.erb
+- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_applications.html.erb
+- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_tokens.html.erb
 - lib/generators/rodauth/oauth/templates/db/migrate/create_rodauth_oauth.rb
 - lib/generators/rodauth/oauth/views_generator.rb
 - lib/rodauth/features/oauth.rb
@@ -52,11 +71,15 @@ files:
 - templates/redirect_uri_field.str
 - templates/scope_field.str
 homepage: https://gitlab.com/honeyryderchuck/rodauth-oauth
-licenses: []
+licenses:
+- Apache-2.0
 metadata:
-  homepage_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth
+  homepage_uri: https://honeyryderchuck.gitlab.io/rodauth-oauth/
+  documentation_uri: https://honeyryderchuck.gitlab.io/rodauth-oauth/rdoc/
+  bug_tracker_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth/issues
   source_code_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth
   changelog_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth/-/blob/master/CHANGELOG.md
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -72,7 +95,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: Implementation of the OAuth 2.0 protocol on top of rodauth.