From 56967e7a38390c60eaa14453bccb4e4151293ee5 Mon Sep 17 00:00:00 2001 From: Son NK <> Date: Sat, 2 May 2020 12:50:37 +0200 Subject: [PATCH] Add oauth_tester to test oauth --- oauth_tester.py | 89 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 oauth_tester.py diff --git a/oauth_tester.py b/oauth_tester.py new file mode 100644 index 00000000..1d18975c --- /dev/null +++ b/oauth_tester.py @@ -0,0 +1,89 @@ +""" +This is an example on how to integrate SimpleLogin +with Requests-OAuthlib, a popular library to work with OAuth in Python. +The step-to-step guide can be found on https://docs.simplelogin.io +This example is based on +https://requests-oauthlib.readthedocs.io/en/latest/examples/real_world_example.html +""" +import os + +from flask import Flask, request, redirect, session, url_for +from flask.json import jsonify +from requests_oauthlib import OAuth2Session + +app = Flask(__name__) + +# this demo uses flask.session that requires the `secret_key` to be set +app.secret_key = "very secret" + +# "prettify" the returned json in /profile +app.config["JSONIFY_PRETTYPRINT_REGULAR"] = True + +# This client credential is obtained upon registration of a new SimpleLogin App on +# https://app.simplelogin.io/developer/new_client +# Please make sure to export these credentials to env variables: +# export CLIENT_ID={your_client_id} +# export CLIENT_SECRET={your_client_secret} +client_id = os.environ.get("CLIENT_ID") or "client-id" +client_secret = os.environ.get("CLIENT_SECRET") or "client-secret" + +# SimpleLogin urls +authorization_base_url = "http://localhost:7777/oauth2/authorize" +token_url = "http://localhost:7777/oauth2/token" +userinfo_url = "http://localhost:7777/oauth2/userinfo" + + +@app.route("/") +def demo(): + """Step 1: User Authorization. + Redirect the user/resource owner to the OAuth provider (i.e. SimpleLogin) + using an URL with a few key OAuth parameters. + """ + simplelogin = OAuth2Session( + client_id, redirect_uri="http://127.0.0.1:5000/callback" + ) + authorization_url, state = simplelogin.authorization_url(authorization_base_url) + + # State is used to prevent CSRF, keep this for later. + session["oauth_state"] = state + return redirect(authorization_url) + + +# Step 2: User authorization, this happens on the provider. + + +@app.route("/callback", methods=["GET"]) +def callback(): + """ Step 3: Retrieving an access token. + The user has been redirected back from the provider to your registered + callback URL. With this redirection comes an authorization code included + in the redirect URL. We will use that to obtain an access token. + """ + + simplelogin = OAuth2Session(client_id, state=session["oauth_state"]) + token = simplelogin.fetch_token( + token_url, client_secret=client_secret, authorization_response=request.url + ) + + # At this point you can fetch protected resources but lets save + # the token and show how this is done from a persisted token + # in /profile. + session["oauth_token"] = token + + return redirect(url_for(".profile")) + + +@app.route("/profile", methods=["GET"]) +def profile(): + """Fetching a protected resource using an OAuth 2 token. + """ + simplelogin = OAuth2Session(client_id, token=session["oauth_token"]) + return jsonify(simplelogin.get(userinfo_url).json()) + + +# This allows us to use a plain HTTP callback +os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1" + +if __name__ == "__main__": + app.secret_key = os.urandom(24) + app.run(debug=True)