def delete(): session_data = get_session_data_or_abort() decoded_id_token = get_client().token_decoder.decode_token( session_data.get("id_token"), audience=settings.OAUTH_CLIENT_ID) _logger.info(f"Deleting user {decoded_id_token['sub']}") try: get_client().delete_user(decoded_id_token["sub"]) return jsonify({"success": "true"}), 200 except Exception as e: _logger.error(e) raise AppError(description=e.message)
def callback(): try: tokens = get_client().authorize_access_token() session_uuid = uuid.uuid4().hex # Put uuid in client session session[settings.SESSION_ID] = session_uuid session.permanent = True # Save tokens in server-side session server_session.create_session( session_uuid, tokens, expire_seconds=tokens.get("expires_in", DEFAULT_EXPIRATION_SECONDS), ) _logger.debug(f"Creating session {session_uuid}") return get_client().callback() except Exception as exc: _logger.error(exc) return jsonify({}), 401
def decorated(*args, **kwargs): session_data = get_session_data_or_none() if not session_data: return redirect(settings.REDIRECT_LOGIN_URL) access_token = session_data.get("access_token") # TODO: handle token expiration/refresh ? decoded = get_client().token_decoder.decode_token( access_token, audience=settings.OAUTH_AUDIENCE) # decoded = decode_token(access_token, settings.OAUTH_AUDIENCE) _logger.debug(f"Access granted to {decoded.get('sub')}") return f(*args, **kwargs)
def logout(): # Clear client-side session session.clear() try: # Clear server-side session session_id = session[settings.SESSION_ID] session[session_id] = "" server_session.destroy_session(session_id) _logger.debug(f"Cleared session {session_id}") except Exception: pass return get_client().logout()
def get_session_data_headers(): headers = {} session_data = get_session_data_or_none() if session_data: access_token = session_data.get("access_token") headers["Authorization"] = f"Bearer {access_token}" id_token = session_data.get("id_token") id_token_data = get_client().token_decoder.decode_token( id_token, audience=settings.OAUTH_CLIENT_ID) headers["X-Userinfo"] = base64.b64encode( json.dumps(id_token_data).encode()) _logger.debug("Added Authorization header") else: _logger.debug("No session_data found.") return headers
def me(): _logger.debug("/me, getting session data") try: session_data = get_session_data_or_abort() _logger.debug("got session data %s, trying to decode", session_data) # access token can be decoded with audience = actual audience # id token can be decoded with audience = client id # decoded_access_token = decode_token(access_token, OAUTH_AUDIENCE) decoded_id_token = get_client().token_decoder.decode_token( session_data.get("id_token"), audience=settings.OAUTH_CLIENT_ID) _logger.debug("session data decoded") except KeyError: _logger.warn("Could not find session data, aborting") return abort(401) _logger.debug("/me, %s", decoded_id_token) return jsonify(decoded_id_token), 200
def login(): _logger.debug("Login") return get_client().login()