From bbe60202e7cb772bd1b6a251e0fb7da51ca22ecd Mon Sep 17 00:00:00 2001
From: Andrew Godwin <andrew@aeracode.org>
Date: Wed, 21 Dec 2022 16:42:44 +0000
Subject: [PATCH] Add Out Of Band auth token support

Fixes #216
---
 api/views/oauth.py            | 4 ++++
 templates/api/oauth_code.html | 7 +++++++
 2 files changed, 11 insertions(+)
 create mode 100644 templates/api/oauth_code.html

diff --git a/api/views/oauth.py b/api/views/oauth.py
index e6a38ca..9101297 100644
--- a/api/views/oauth.py
+++ b/api/views/oauth.py
@@ -3,6 +3,7 @@ from urllib.parse import urlparse, urlunparse
 
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.http import HttpResponseRedirect, JsonResponse
+from django.shortcuts import render
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView, View
@@ -67,6 +68,9 @@ class AuthorizationView(LoginRequiredMixin, TemplateView):
             code=secrets.token_urlsafe(16),
             scopes=scope.split(),
         )
+        # If it's an out of band request, show the code
+        if redirect_uri == "urn:ietf:wg:oauth:2.0:oob":
+            return render(request, "api/oauth_code.html", {"code": token.code})
         # Redirect with the token's code
         return OauthRedirect(redirect_uri, "code", token.code)
 
diff --git a/templates/api/oauth_code.html b/templates/api/oauth_code.html
new file mode 100644
index 0000000..34193b8
--- /dev/null
+++ b/templates/api/oauth_code.html
@@ -0,0 +1,7 @@
+{% extends "base.html" %}
+
+{% block title %}Authorization Code{% endblock %}
+
+{% block content %}
+    <p>To continue, provide this code to your application: <tt>{{ code }}</tt></p>
+{% endblock %}