def delete():
session_data = get_session_data_or_abort()
decoded_id_token = get_client().token_decoder.decode_token(
session_data.get("id_token"), audience=settings.OAUTH_CLIENT_ID)
_logger.info(f"Deleting user {decoded_id_token['sub']}")
try:
get_client().delete_user(decoded_id_token["sub"])
return jsonify({"success": "true"}), 200
except Exception as e:
_logger.error(e)
raise AppError(description=e.message)
def callback():
try:
tokens = get_client().authorize_access_token()
session_uuid = uuid.uuid4().hex
# Put uuid in client session
session[settings.SESSION_ID] = session_uuid
session.permanent = True
# Save tokens in server-side session
server_session.create_session(
session_uuid,
tokens,
expire_seconds=tokens.get("expires_in",
DEFAULT_EXPIRATION_SECONDS),
)
_logger.debug(f"Creating session {session_uuid}")
return get_client().callback()
except Exception as exc:
_logger.error(exc)
return jsonify({}), 401
def decorated(*args, **kwargs):
session_data = get_session_data_or_none()
if not session_data:
return redirect(settings.REDIRECT_LOGIN_URL)
access_token = session_data.get("access_token")
# TODO: handle token expiration/refresh ?
decoded = get_client().token_decoder.decode_token(
access_token, audience=settings.OAUTH_AUDIENCE)
# decoded = decode_token(access_token, settings.OAUTH_AUDIENCE)
_logger.debug(f"Access granted to {decoded.get('sub')}")
return f(*args, **kwargs)
def logout():
# Clear client-side session
session.clear()
try:
# Clear server-side session
session_id = session[settings.SESSION_ID]
session[session_id] = ""
server_session.destroy_session(session_id)
_logger.debug(f"Cleared session {session_id}")
except Exception:
pass
return get_client().logout()
def get_session_data_headers():
headers = {}
session_data = get_session_data_or_none()
if session_data:
access_token = session_data.get("access_token")
headers["Authorization"] = f"Bearer {access_token}"
id_token = session_data.get("id_token")
id_token_data = get_client().token_decoder.decode_token(
id_token, audience=settings.OAUTH_CLIENT_ID)
headers["X-Userinfo"] = base64.b64encode(
json.dumps(id_token_data).encode())
_logger.debug("Added Authorization header")
else:
_logger.debug("No session_data found.")
return headers
def me():
_logger.debug("/me, getting session data")
try:
session_data = get_session_data_or_abort()
_logger.debug("got session data %s, trying to decode", session_data)
# access token can be decoded with audience = actual audience
# id token can be decoded with audience = client id
# decoded_access_token = decode_token(access_token, OAUTH_AUDIENCE)
decoded_id_token = get_client().token_decoder.decode_token(
session_data.get("id_token"), audience=settings.OAUTH_CLIENT_ID)
_logger.debug("session data decoded")
except KeyError:
_logger.warn("Could not find session data, aborting")
return abort(401)
_logger.debug("/me, %s", decoded_id_token)
return jsonify(decoded_id_token), 200
def login():
_logger.debug("Login")
return get_client().login()