Federated Identity Lab - Oliver-Mustoe/Oliver-Mustoe-Tech-Journal GitHub Wiki

This page journals content related to Federated Identity Lab.

Table of contents:

Creating a Github app
Setting up Flask app
Setting up Github and Flask app on AWS
Reflection

Creating a Github app

First I went to my "Settings" > "Developer settings":

Then I went to "OAuth Apps" section > "Register a new application":

This gave a registration page I filled it in with the following information:

Registered:

Then I pressed "Generate a new client secret":

This generate a client secret which I copied onto my xubuntuwan box:

Setting up Flask app

After generating my Github app, on xubuntuwan I installed python3 venv with the following:

sudo apt update -y
sudo apt install python3-pip build-essential libffi-dev python3-dev python3-setuptools libssl-dev -y
sudo apt install python3.10-venv -y
pip3 install virtualenvwrapper

I would then created the following "oauthlab" folder and then a "cred.json" file:

mkdir ~/oauthlab
vi ~/oauthlab/cred.json

Filled in cred.json with the following (look above for client id, previously saved client secret to the xubuntuwan box so I copied it here):

{
    "client_id":"{INSERT_CLIENT_ID}",
    "client_secret":"{INSERT_CLIENT_SECRET}",
    "authorization_base_url":"https://github.com/login/oauth/authorize",
    "token_url":"https://github.com/login/oauth/access_token"
}

Then I edited a file located in ~/oauthlab/webapp.py with vi to run the web app - code for this is found here.

Then I installed and sourced a Python virtual environment:

python3 -m venv ~/oauthlab/venv
source ~/oauthlab/venv/bin/activate

As well I installed the needed requirements:

pip3 install wheel
pip3 install Flask
pip3 install pyOpenSSL
pip3 install requests_oauthlib

Then I ran the Python webapp:

python3 ~/oauthlab/webapp.py

When I headed to "https://127.0.0.1:5000" I was prompted to login:

Once authorizing I was able to see my profile (more information included but is cut from the screenshot):

Setting up Github and Flask app on AWS

I would create a new Ubuntu 22.04 LTS instance, using my AWS guide as a reference to create the new key pair, instance, and security portgroup.

Created key pair:

Created security group (did not touch outbound rules):

Created Ubuntu instance:

(NOTE: "Configure storage" and "Advanced details" sections were left DEFAULT!)

Created instance:

I would also create another Github app like the one made in Creating a Github app with the following settings (used "New OAuth App"):

(NOTE FOR BELOW: URL is the public IPv4 DNS for my AWS instance at port 5000 INSTEAD "127.0.0.1" at port 5000 USED ABOVE. Callback below is also cut off, should be "https://ec2-3-93-167-162.compute-1.amazonaws.com:5000/callback")

Also generated a client secret for the new app;

Back on xubuntuwan I would ssh into my new AWS instance after transferring over my created keypair:

chmod 400 Oauth-Prod-SEC-440-OM.pem
ssh -i Oauth-Prod-SEC-440-OM.pem [email protected]

I would then update my webapp to be able to get the script location from any directory and have the Flask application run on all IPs. I would call this file webapp2.py.

On the AWS instance, I created a directory structure and used wget to my webapp2.py file and install the needed pre-reqs:

mkdir ~/oauthlab
cat > ~/oauthlab/cred.json << EOF
{
    "client_id":"{INSERT_CLIENT_ID}",
    "client_secret":"{INSERT_CLIENT_SECRET}",
    "authorization_base_url":"https://github.com/login/oauth/authorize",
    "token_url":"https://github.com/login/oauth/access_token"
}
EOF
wget https://raw.githubusercontent.com/Oliver-Mustoe/Oliver-Mustoe-Tech-Journal/main/SEC-440/oauthlab/webapp2.py -O ~/oauthlab/webapp2.py

I would then fill in the cred.json file with the Oauth-Prod-SEC-440-OM client id and secret information!

Then I would setup my python virtual environment:

sudo apt update -y
sudo apt install python3-pip build-essential libffi-dev python3-dev python3-setuptools libssl-dev -y
sudo apt install python3.10-venv -y
pip3 install virtualenvwrapper
python3 -m venv ~/oauthlab/venv
source ~/oauthlab/venv/bin/activate
pip3 install wheel Flask pyOpenSSL requests_oauthlib

And finally ran my webapp2:

python3 ~/oauthlab/webapp2.py

When I went to "https://ec2-3-93-167-162.compute-1.amazonaws.com:5000" I was met with the following:

After authorizing the app works! (full URL includes a "/profile"!):

(NOTE: I restarted the instance once and it turns out that changes the IP! As I needed to get another screenshots I turned on the instance > got the new instance Public DNS > changed in my Github application the URL address. Below shows that the application does work after a restart:)

Reflection

Federated identities with OAuth is a very interesting concept as it allows one account to be used for multiple programs. It's setup was also surprisingly easy for Github integration, as I had not problems with the setup. For the future I think it would be very interesting to see how the setup might work for something like Google gmail account OAuth or for Microsoft OAuth.