diff --git a/data/model/oauth.py b/data/model/oauth.py
index b10bfa372..2e83019e4 100644
--- a/data/model/oauth.py
+++ b/data/model/oauth.py
@@ -122,6 +122,21 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
.get())
found.delete_instance()
+
+ def get_auth_denied_response(self, response_type, client_id, redirect_uri, **params):
+ # Ensure proper response_type
+ if response_type != 'token':
+ err = 'unsupported_response_type'
+ return self._make_redirect_error_response(redirect_uri, err)
+
+ # Check redirect URI
+ is_valid_redirect_uri = self.validate_redirect_uri(client_id, redirect_uri)
+ if not is_valid_redirect_uri:
+ return self._invalid_redirect_uri_response()
+
+ return self._make_redirect_error_response(redirect_uri, 'authorization_denied')
+
+
def get_token_response(self, response_type, client_id, redirect_uri, **params):
# Ensure proper response_type
if response_type != 'token':
diff --git a/endpoints/web.py b/endpoints/web.py
index b9d5726dc..6b9a3e2e0 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -268,6 +268,27 @@ def authorize_application():
return provider.get_token_response('token', client_id, redirect_uri, scope=scope)
+@web.route('/oauth/denyapp', methods=['POST'])
+def deny_application():
+ if not current_user.is_authenticated():
+ abort(401)
+ return
+
+ provider = FlaskAuthorizationProvider()
+ client_id = request.form.get('client_id', None)
+ redirect_uri = request.form.get('redirect_uri', None)
+ scope = request.form.get('scope', None)
+ csrf = request.form.get('csrf', None)
+
+ # Verify the csrf token.
+ if csrf != generate_csrf_token():
+ abort(404)
+ return
+
+ # Add the access token.
+ return provider.get_auth_denied_response('token', client_id, redirect_uri, scope=scope)
+
+
@web.route('/oauth/authorize', methods=['GET'])
@no_cache
def request_authorization_code():
diff --git a/static/css/quay.css b/static/css/quay.css
index a03721505..6d461b6e7 100644
--- a/static/css/quay.css
+++ b/static/css/quay.css
@@ -3551,6 +3551,10 @@ pre.command:before {
content: "\f0da" !important;
}
+.auth-container .button-bar form {
+ display: inline-block;
+}
+
.auth-container .button-bar {
margin-top: 10px;
padding-top: 10px;
diff --git a/templates/base.html b/templates/base.html
index 1e29026bd..9baba0e25 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -51,7 +51,7 @@
-
+
diff --git a/templates/oauthorize.html b/templates/oauthorize.html
index 2629d6a2e..d5bdfc027 100644
--- a/templates/oauthorize.html
+++ b/templates/oauthorize.html
@@ -16,7 +16,8 @@
- {{ application.organization.name }}
+ 
+ {{ application.organization.name }}
@@ -55,6 +56,12 @@
+
+ {{ application.organization.name }}
