Oauth Consent Page
Third party app authorization card listing granted scopes and explicit exclusions, the acting account, and authorize or cancel actions with a revoke note.
Third party app authorization card listing granted scopes and explicit exclusions, the acting account, and authorize or cancel actions with a revoke note.
The source for every Application block is included with Basic and Pro. Pick a plan to copy the code.
Already purchased? Log in
OAuth Consent Page is the authorization screen a third party app hits when it asks for account access. Two identity marks face each other at the top, the requesting app and Acme, under a heading that names the app (Orbitline) and confirms it was built by a verified developer. The granted scopes list what the app will be able to do with an icon per row, and a second list under the divider names what it explicitly cannot touch, reading direct messages or changing billing, so the boundary is stated rather than implied.
Granted and denied scopes are two typed const arrays of icon and label pairs. A muted panel names the account doing the authorizing (maya@acme.com, Member) with a use a different account link, then Authorize and Cancel buttons follow. The footer keeps the exit honest: access can be revoked any time from Connected apps, and revoking signs the app out within a minute.
Reach for this block as the consent step of your OAuth authorization flow, wired to your grant and deny endpoints. Render the real requested scopes so the granted list matches the token that gets issued, never a generic set.
A natural flow around it on an Application Pro page:
Before
After
One strong use is third party app authorization. Other shapes:
Tip: show what the app cannot do next to what it can; the denied list does more to earn a confident authorize than any amount of reassuring marketing copy.