From ff7a6b578d4161d9934bf84c9778a0a3e60a37c3 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Mon, 19 Feb 2024 10:55:27 +0100
Subject: [PATCH] Add deny button in authorize form

---
 oauth2.go               | 6 ++++++
 template/authorize.html | 1 +

diff --git a/oauth2.go b/oauth2.go
index 1ffc95a445cd6ae6dce954b405f24de3fa5cc948..79ec36c3f335d8bb5d39fbacec014d5733cfedc7 100644
--- a/oauth2.go
+++ b/oauth2.go
@@ -107,6 +107,12 @@ 		return
 	}
 
 	_ = req.ParseForm()
+	if _, ok := req.PostForm["deny"]; ok {
+		redirectClientError(w, req, redirectURI, state, &oauth2.Error{
+			Code: oauth2.ErrorCodeAccessDenied,
+		})
+		return
+	}
 	if _, ok := req.PostForm["authorize"]; !ok {
 		data := struct {
 			Client *Client
diff --git a/template/authorize.html b/template/authorize.html
index 485230e11f9525d5b7a5975bbe3881dc9c1873b6..853392ca958afaaf51c052ff625c1378d5978e75 100644
--- a/template/authorize.html
+++ b/template/authorize.html
@@ -7,6 +7,7 @@
 <p>Authorize client <code>{{ .Client.ClientID }}</code>?</p>
 
 <form method="post" action="">
+	<button type="submit" name="deny">Cancel</button>
 	<button type="submit" name="authorize">Authorize</button>
 </form>
 

-- 
2.48.1