diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 354e70bcb..84fa47304 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -541,6 +541,16 @@ func GrantApplicationOAuth(ctx *context.Context) {
ctx.Error(http.StatusBadRequest)
return
}
+
+ if !form.Granted {
+ handleAuthorizeError(ctx, AuthorizeError{
+ State: form.State,
+ ErrorDescription: "the request is denied",
+ ErrorCode: ErrorCodeAccessDenied,
+ }, form.RedirectURI)
+ return
+ }
+
app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
if err != nil {
ctx.ServerError("GetOAuth2ApplicationByClientID", err)
diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index 418a87b86..b4be1e02b 100644
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -161,6 +161,7 @@ func (f *AuthorizationForm) Validate(req *http.Request, errs binding.Errors) bin
// GrantApplicationForm form for authorizing oauth2 clients
type GrantApplicationForm struct {
ClientID string `binding:"Required"`
+ Granted bool
RedirectURI string
State string
Scope string
diff --git a/templates/user/auth/grant.tmpl b/templates/user/auth/grant.tmpl
index cb9bba874..a18a3bd27 100644
--- a/templates/user/auth/grant.tmpl
+++ b/templates/user/auth/grant.tmpl
@@ -23,8 +23,8 @@
-
- Cancel
+
+