What’s displayed
| Element | Source |
|---|---|
| App icon | icon_url on your application registration |
| App name (linked) | display_name + homepage_url |
| Agent name | The agent the token will be bound to |
| Permission list | authorization_details from your authorization request |
icon_url is set, the app name appears without an icon.
Previewing the consent screen
From your application’s detail page in the developer console, click Preview consent screen. This shows exactly what users will see with your current application metadata, using placeholder permissions.Customizing the display
Update your application’s metadata via Developer Console → Applications → (your app) → Settings:- Display name — shown as the app name on the consent screen
- Homepage URL — makes the app name a clickable link so users can learn more
- Icon URL — 48×48px minimum; HTTPS required; shown as a rounded square
Authorization details
The permissions shown on the consent screen come from theauthorization_details parameter in your authorization URL (Rich Authorization Requests, RFC 9396). Each entry maps to a human-readable label:
| Type | Label shown |
|---|---|
hasp.data.read | Read <entities> [in <app>] |
hasp.data.write | Write <entities> [in <app>] |
external.tool.invoke | Invoke tool: <tool_id> [(<rate_limit>)] |
agent.delegate | Delegate to agent <id> (depth ≤ <n>) |
human.escalate | Escalate to <role/user> [via <channels>] |
Approval and denial
After the user approves, HASP redirects to yourredirect_uri with a short-lived authorization code. If the user denies, HASP redirects with error=access_denied.
HASP records the consent decision and the full authorization_details in the audit log. Users can view and revoke granted applications from their agent’s credential settings at any time.