<%# Admin OAuth2 client register form body (todo §6), captured into the shell content slot. Config: form { action, csrfToken, submitLabel, cancelHref, nameField, scopeField (field.ejs configs), redirectUris: string (newline-separated), public: bool, firstParty: bool } error? string shown when a write was rejected %><% const form = locals.form; -%>
<% if (locals.error) { -%> <%- include("alert", { text: locals.error, tone: "neg" }) %> <% } -%>
<%- include("field", form.nameField) %>
One per line — where the app is sent back after sign-in.
<%- include("field", form.scopeField) %> Browser and mobile apps can't keep a secret — choose Public. Server-side apps that can store one — leave it Confidential.
Cancel