Federated Identities Flask Webapplication - zacharylongo/Tech-Journals GitHub Wiki

from flask import Flask, request, redirect, session, url_for, jsonify
import json
import os

app = Flask(__name__)

# Retrieving OAuth information from a JSON file
with open("/home/zach/oauthlab/cred.json", "r") as credsfile:
    creds = json.loads(credsfile.read())

client_id = creds["client_id"]
client_secret = creds["client_secret"]
authorization_base_url = creds["authorization_base_url"]
token_url = creds["token_url"]

@app.route("/")
def demo():
    """Step 1: User Authorization.

    Redirect the user/resource owner to the OAuth provider (i.e., GitHub)
    using a URL with essential OAuth parameters.
    """
    github = OAuth2Session(client_id)
    authorization_url, state = github.authorization_url(authorization_base_url)

    # State is used to prevent CSRF, keep this for later.
    session['oauth_state'] = state
    return redirect(authorization_url)

# Step 2: User authorization, this happens on the provider.

@app.route("/callback", methods=["GET"])
def callback():
    """ Step 3: Retrieving an access token.

    The user has been redirected back from the provider to your registered
    callback URL. With this redirection comes an authorization code included
    in the redirect URL. We will use that to obtain an access token.
    """

    github = OAuth2Session(client_id, state=session['oauth_state'])
    token = github.fetch_token(
        token_url,
        client_secret=client_secret,
        authorization_response=request.url
    )

    # Now you can fetch protected resources, but let's save
    # the token and demonstrate how this is done from a persisted token
    # in /profile.
    session['oauth_token'] = token
    return redirect(url_for('.profile'))

@app.route("/profile", methods=["GET"])
def profile():
    """Fetching a protected resource using an OAuth 2 token.
    """
    github = OAuth2Session(client_id, token=session['oauth_token'])
    return jsonify(github.get('https://api.github.com/user').json())

if __name__ == "__main__":
    # This allows us to use a plain HTTP callback
    os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = "1"

    app.secret_key = os.urandom(24)
    #app.run(debug=True)
    app.run(ssl_context="adhoc")