<%#
OAuth2 consent form body (todo §6): the inner of the auth-card form — the signed-in account, the
CSRF + challenge hidden inputs, the requested scopes, then Allow / Deny submit buttons (one
`decision` field). Locals: account?, challenge, csrfField, csrfToken, scopes (string[]). Captured
by views/oauth-consent.ejs.
-%>
<% const labels = { email: "Your email address", offline_access: "Stay signed in (offline access)", openid: "Verify your identity", profile: "Your basic profile (name)" }; -%>
<% if (locals.account) { -%>
Signed in as <%= account %>
<% } -%>
<% if (scopes.length) { -%>
<% scopes.forEach((s) => { -%>
- <%= s %><% if (labels[s]) { %> — <%= labels[s] %><% } %>
<% }) -%>
<% } -%>