OAuth 'authorize' page should be removable and/or remember user selection
Description
The current version of "OAuth Server support" has an authorize page that looks like this:
Authorization Do you want to grant access to your complete profile to <App name>? [Authorize]
In the current implementation, if a user selects "Authorize" the login works as expected, but on every login there after they must click "Authorize" to continue with the workflow. As well, there is no 'Deny' button on the page, so its a bit of an awkward user experience..
I think the expected output would remember the users selection. Additionally, there are some use cases where both of the services are trusted, and it could be confusing for users to have to authorize between the two services, when they are both required for full functionality of the app.
The ideal solution should contain a way to modify the configuration to either: 1. Remove the 'authorize' page for a specific client (Or all clients) OR 2. Save the result of the 'authorize' request for a specific user and don't ask the user to authorize again.
Major
The current version of "OAuth Server support" has an authorize page that looks like this:
Authorization
Do you want to grant access to your complete profile to <App name>?
[Authorize]
In the current implementation, if a user selects "Authorize" the login works as expected, but on every login there after they must click "Authorize" to continue with the workflow. As well, there is no 'Deny' button on the page, so its a bit of an awkward user experience..
I think the expected output would remember the users selection. Additionally, there are some use cases where both of the services are trusted, and it could be confusing for users to have to authorize between the two services, when they are both required for full functionality of the app.
The ideal solution should contain a way to modify the configuration to either:
1. Remove the 'authorize' page for a specific client (Or all clients)
OR
2. Save the result of the 'authorize' request for a specific user and don't ask the user to authorize again.