diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index f5ca0bda5e..73fcd5524d 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -539,6 +539,16 @@ func GrantApplicationOAuth(ctx *context.Context) {
ctx.Error(http.StatusBadRequest)
return
}
+
+ if !form.Granted {
+ handleAuthorizeError(ctx, AuthorizeError{
+ State: form.State,
+ ErrorDescription: "the request is denied",
+ ErrorCode: ErrorCodeAccessDenied,
+ }, form.RedirectURI)
+ return
+ }
+
app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
if err != nil {
ctx.ServerError("GetOAuth2ApplicationByClientID", err)
diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index 4e603a3115..0b7bea4638 100644
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -162,6 +162,7 @@ func (f *AuthorizationForm) Validate(req *http.Request, errs binding.Errors) bin
// GrantApplicationForm form for authorizing oauth2 clients
type GrantApplicationForm struct {
ClientID string `binding:"Required"`
+ Granted bool
RedirectURI string
State string
Scope string
diff --git a/templates/user/auth/grant.tmpl b/templates/user/auth/grant.tmpl
index cb9bba8749..a18a3bd27a 100644
--- a/templates/user/auth/grant.tmpl
+++ b/templates/user/auth/grant.tmpl
@@ -23,8 +23,8 @@
-
- Cancel
+
+