def fblogin():
"""This view handle the authentication and authorization with facebook"""
# Validate state token
if request.args.get('state') != login_session['state']:
return respond('Invalid state parameter.', 401)
token = request.data.decode()
# Use token to get user info from API
userinfo_url = "https://graph.facebook.com/v3.2/me"
params = {"access_token": token, "fields": "name,id,email"}
resp = requests.get(userinfo_url, params=params)
assert resp.ok, resp.text
facebook_info = resp.json()
user = User.query.filter_by(email=facebook_info['email']).first()
if not user:
user = User(email=facebook_info['email'],
username=facebook_info['name'],
token=token,
provider='facebook',
provider_id=facebook_info['id'])
db.session.add(user)
db.session.commit()
else:
user.token = token
db.session.add(user)
db.session.commit()
login_user(user)
flash(f"you are now logged in as {current_user.username}")
return redirect(url_for('index'))
def glogin():
"""This view handle the authentication and authorization with google"""
# Validate state token
if request.args.get('state') != login_session['state']:
return respond('Invalid state parameter.', 401)
# Obtain authorization code
code = request.data
print(f'code: {code}')
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets(client_secrets, scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
return respond('Failed to upgrade the authorization code.', 401)
# Check that the access token is valid.
tokeninfo_url = 'https://www.googleapis.com/oauth2/v3/tokeninfo'
params = {'access_token': credentials.access_token, 'alt': 'json'}
resp = requests.get(tokeninfo_url, params=params)
assert resp.ok, resp.text
result = resp.json()
# Verify that the access token is used for the intended user.
if result['sub'] != credentials.id_token['sub']:
return respond("Token's user ID doesn't match given user ID.", 401)
# Verify that the access token is valid for this app.
if result['azp'] != credentials.id_token['azp']:
return respond("Token's client ID does not match app's.", 401)
# Get user info
userinfo_url = "https://www.googleapis.com/oauth2/v3/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
resp = requests.get(userinfo_url, params=params)
assert resp.ok, resp.text
data = resp.json()
user = User.query.filter_by(email=data.get('email')).first()
if not user:
user = User(email=data['email'],
username=data['name'],
token=credentials.access_token,
provider='google',
provider_id=result['azp'])
db.session.add(user)
db.session.commit()
else:
user.token = credentials.access_token
db.session.add(user)
db.session.commit()
login_user(user)
flash(f"you are now logged in as {current_user.username}")
return redirect(url_for('index'))
