Project 5: Federated Identity - squatchulator/Tech-Journal GitHub Wiki

Project 5: Federated Identity

  • The first step is to go to Github -> Settings -> Developer Settings, and create a new OAuth app. Fill in the following info: image

  • Now head into xubuntu-lan, and run the following commands:

apt install python3-pip build-essential libffi-dev python3-dev python3-setuptools libssl-dev
apt install python3.10-venv
pip3 install virtualenvwrapper
  • This should install Flask for us. Create a new directory called oauthlab and cd into it, also creating a new file called creds.json and putting the following in it:
{
    "client_id":"<client ID>",
    "client_secret":"<client secret>",
    "authorization_base_url":"https://github.com/login/oauth/authorize",
    "token_url":"https://github.com/login/oauth/access_token"
}
  • Also create a new file called webapp.py and fill it with this:
from requests_oauthlib import OAuth2Session
from flask import Flask, request, redirect, session, url_for
from flask.json import jsonify
import os
import json

app = Flask(__name__)

fileObject = open("creds.json", "r")
jsoncontent = fileObject.read()
creds = json.loads(jsoncontent) 


# This information is obtained upon registration of a new GitHub OAuth
# application here: https://github.com/settings/applications/new
client_id = creds["client_id"]
client_secret = creds["client_secret"]
authorization_base_url = creds["authorization_base_url"]
token_url = creds["token_url"]



@app.route("/")
def demo():
    """Step 1: User Authorization.

    Redirect the user/resource owner to the OAuth provider (i.e. Github)
    using an URL with a few key OAuth parameters.
    """
    github = OAuth2Session(client_id)
    authorization_url, state = github.authorization_url(authorization_base_url)

    # State is used to prevent CSRF, keep this for later.
    session['oauth_state'] = state
    return redirect(authorization_url)


# Step 2: User authorization, this happens on the provider.

@app.route("/callback", methods=["GET"])
def callback():
    """ Step 3: Retrieving an access token.

    The user has been redirected back from the provider to your registered
    callback URL. With this redirection comes an authorization code included
    in the redirect URL. We will use that to obtain an access token.
    """

    github = OAuth2Session(client_id, state=session['oauth_state'])
    token = github.fetch_token(token_url, client_secret=client_secret,
                               authorization_response=request.url)

    # At this point you can fetch protected resources but lets save
    # the token and show how this is done from a persisted token
    # in /profile.
    session['oauth_token'] = token

    return redirect(url_for('.profile'))


@app.route("/profile", methods=["GET"])
def profile():
    """Fetching a protected resource using an OAuth 2 token.
    """
    github = OAuth2Session(client_id, token=session['oauth_token'])
    return jsonify(github.get('https://api.github.com/user').json())


if __name__ == "__main__":
    # This allows us to use a plain HTTP callback
    os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = "1"
    app.secret_key = os.urandom(24)
    # app.run(debug=True)
    app.run(ssl_context="adhoc")
  • After this file is created, run these commands:
python3 -m venv venv
source venv/bin/activate
pip3 install wheel
pip3 install Flask
pip3 install pyOpenSSL
pip3 install requests_oauthlib
  • Now we can run the script with python3 webapp.py. Head to https://127.0.0.1:5000 in a browser, and some JSON content about your Github profile should load!
⚠️ **GitHub.com Fallback** ⚠️