<%# Themed OAuth2 consent page (todo ยง6): shown when a third-party client wants access and the user must approve. Reuses the auth layout + auth-card; the form posts (Allow/Deny) to our own /oauth2/consent route, CSRF-guarded (consent-body carries the token). Auto theme (styles.css). %><% const brand = locals.brand || "Plainpages"; const body = include("partials/consent-body", { account: consent.account, challenge: consent.challenge, csrfField, csrfToken, scopes: consent.scopes }); %> Authorize <%= consent.client %> <%- include("partials/icons") %>
<%= brand %>
<%- include("partials/auth-card", { action: "/oauth2/consent", body, method: "post", sub: `${consent.client} wants access to your account.`, title: `Authorize ${consent.client}`, }) %> <% if (consent.account) { %>
Not you?
<% } %>