<%# OAuth2 consent form body (todo §6): the inner of the auth-card form — the CSRF + challenge hidden inputs, the requested scopes, then Allow / Deny submit buttons (one `decision` field). Locals: challenge, csrfField, csrfToken, scopes (string[]). Captured by views/oauth-consent.ejs. -%> <% const labels = { email: "Your email address", offline_access: "Stay signed in (offline access)", openid: "Verify your identity", profile: "Your basic profile (name)" }; -%> <% if (scopes.length) { -%>

<% scopes.forEach((s) => { -%>
• <%= s %><% if (labels[s]) { %> — <%= labels[s] %><% } %>
<% }) -%>

<% } -%> Allow Deny