diff --git a/app/views/rs/oauth/new.html.erb b/app/views/rs/oauth/new.html.erb
index d34001b..3d63f81 100644
--- a/app/views/rs/oauth/new.html.erb
+++ b/app/views/rs/oauth/new.html.erb
@@ -1,7 +1,7 @@
 <%= render HeaderCompactComponent.new(title: "Storage") %>
 
 <%= render MainCompactComponent.new do %>
-  <section>
+  <section class="permissions">
     <p class="mb-8">
       The app on
       <%= link_to @client_id, "https://#{@client_id}", class: "ks-text-link" %>
@@ -9,7 +9,7 @@
     </p>
 
     <% if @root_access_requested %>
-    <p class="text-lg">
+    <p class="scope text-lg">
       <span class="text-red-700">
         <%= render partial: "icons/alert-triangle",
               locals: { custom_class: "inline-block align-bottom mr-1.5" } %>
@@ -21,7 +21,7 @@
     </p>
     <% else %>
       <% @scopes.each do |scope| %>
-      <p class="text-gray-600">
+      <p class="scope text-gray-600">
         <span class="text-lg">
           <%= render partial: "icons/folder",
             locals: { custom_class: "inline-block align-bottom mr-1.5" } %>
diff --git a/spec/features/rs/oauth_spec.rb b/spec/features/rs/oauth_spec.rb
new file mode 100644
index 0000000..48a5a13
--- /dev/null
+++ b/spec/features/rs/oauth_spec.rb
@@ -0,0 +1,66 @@
+require 'rails_helper'
+
+RSpec.describe 'remoteStorage OAuth Dialog', type: :feature do
+  context "when signed in" do
+    let(:user) { create :user }
+
+    before do
+      login_as user, :scope => :user
+    end
+
+    context "with normal permissions" do
+      before do
+        visit new_rs_oauth_path(useraddress: user.address,
+                                redirect_uri: "http://example.com",
+                                client_id: "http://example.com",
+                                scope: "documents,[photos], contacts:r")
+      end
+
+      it "shows the permissions in a list" do
+        within ".permissions" do
+          expect(page).to have_content("documents")
+          expect(page).to have_content("photos")
+          expect(page).to have_content("contacts")
+        end
+
+        within ".scope:first-of-type" do
+          expect(page).not_to have_content("read only")
+        end
+
+        within ".scope:last-of-type" do
+          expect(page).to have_content("read only")
+        end
+      end
+    end
+
+    context "root access" do
+      context "full" do
+        before do
+          visit new_rs_oauth_path(useraddress: user.address,
+                                  redirect_uri: "http://example.com",
+                                  client_id: "http://example.com",
+                                  scope: ":rw")
+        end
+
+        it "shows a special permission for all files and dirs" do
+          within ".scope" do
+            expect(page).to have_content("All files and directories")
+          end
+        end
+      end
+    end
+  end
+
+  context "when signed out" do
+    let(:user) { create :user }
+
+    it "prefills the username field in the signin form" do
+      visit new_rs_oauth_path(useraddress: user.address,
+                              redirect_uri: "http://example.com",
+                              client_id: "http://example.com",
+                              scope: "documents,[photos], contacts:r")
+
+      expect(find("#user_cn").value).to eq(user.cn)
+    end
+  end
+end