Skip to content

Commit

Permalink
Do not display the client_name of untrusted clients (#2847)
Browse files Browse the repository at this point in the history 
* Do not display the client_name of untrusted clients

* do not show client id of trusted clients
  • Loading branch information
@matthieusieben
matthieusieben authored Oct 1, 2024
1 parent cafa8a1 commit 1226ed2
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 13 deletions.
5 changes: 5 additions & 0 deletions .changeset/wicked-items-peel.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@atproto/oauth-provider": patch
---

Do not display the client_name of untrusted clients
8 changes: 6 additions & 2 deletions packages/oauth/oauth-provider/src/assets/app/components/accept-form.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,12 @@ export function AcceptForm({
</div>
)}
<p>
<ClientName clientId={clientId} clientMetadata={clientMetadata} /> is
asking for permission to access your account (
<ClientName
clientId={clientId}
clientMetadata={clientMetadata}
clientTrusted={clientTrusted}
/>{' '}
is asking for permission to access your account (
<AccountIdentifier account={account} />
).
</p>
Expand Down
21 changes: 10 additions & 11 deletions packages/oauth/oauth-provider/src/assets/app/components/client-name.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,29 +10,28 @@ import { UrlViewer } from './url-viewer'
export type ClientNameProps = {
clientId: string
clientMetadata: OAuthClientMetadata
clientTrusted: boolean
loopbackClientName?: string
} & HTMLAttributes<Element>

export function ClientName({
clientId,
clientMetadata,
clientTrusted,
loopbackClientName = 'An application on your device',
...attrs
}: ClientNameProps) {
if (clientTrusted && clientMetadata.client_name) {
return <span {...attrs}>{clientMetadata.client_name}</span>
}

if (isOAuthClientIdLoopback(clientId)) {
return <span {...attrs}>An application on your device</span>
return <span {...attrs}>{loopbackClientName}</span>
}

if (isOAuthClientIdDiscoverable(clientId)) {
if (clientMetadata.client_name) {
return (
<span {...attrs}>
{clientMetadata.client_name} (
<UrlViewer url={clientId} path />)
</span>
)
}

return <UrlViewer {...attrs} url={clientId} path />
}

return <span {...attrs}>{clientMetadata.client_name || clientId}</span>
return <span {...attrs}>{clientId}</span>
}

0 comments on commit 1226ed2

Please sign in to comment.