def init_oauth():
# General
global TENANT_ID
TENANT_ID = current_app.config.get('AZURE_TENANT_ID')
global CORE_URL
CORE_URL = 'https://login.microsoftonline.com/' + TENANT_ID
# OpenID Connect
scopes = 'openid profile'
token_url = CORE_URL + '/oauth2/token'
authorize_url = CORE_URL + '/oauth2/authorize'
global AAD
AAD = oauth.remote_app(
'microsoft',
consumer_key=current_app.config.get('AZURE_CLIENT_ID'),
consumer_secret=current_app.config.get('AZURE_CLIENT_SECRET'),
request_token_params={
'scope': scopes
}, # Use "{'scope': SCOPES}, 'prompt': 'login'}" for restricted apps.
base_url='http://ignore', # We won't need this.
request_token_url=None,
access_token_method='POST',
access_token_url=token_url,
authorize_url=authorize_url)
def github_oauth():
if not Setting().get('github_oauth_enabled'):
return None
github = oauth.remote_app(
'github',
consumer_key=Setting().get('github_oauth_key'),
consumer_secret=Setting().get('github_oauth_secret'),
request_token_params={'scope': Setting().get('github_oauth_scope')},
base_url=Setting().get('github_oauth_api_url'),
request_token_url=None,
access_token_method='POST',
access_token_url=Setting().get('github_oauth_token_url'),
authorize_url=Setting().get('github_oauth_authorize_url'))
@app.route('/github/authorized')
def github_authorized():
session['github_oauthredir'] = url_for('.github_authorized',
_external=True)
resp = github.authorized_response()
if resp is None:
return 'Access denied: reason=%s error=%s' % (
request.args['error'], request.args['error_description'])
session['github_token'] = (resp['access_token'], '')
return redirect(url_for('.login'))
@github.tokengetter
def get_github_oauth_token():
return session.get('github_token')
return github
def google_oauth():
if not Setting().get('google_oauth_enabled'):
return None
google = oauth.remote_app(
'google',
consumer_key=Setting().get('google_oauth_client_id'),
consumer_secret=Setting().get('google_oauth_client_secret'),
request_token_params=literal_eval(
Setting().get('google_token_params')),
base_url=Setting().get('google_base_url'),
request_token_url=None,
access_token_method='POST',
access_token_url=Setting().get('google_token_url'),
authorize_url=Setting().get('google_authorize_url'),
)
@app.route('/google/authorized')
def google_authorized():
resp = google.authorized_response()
if resp is None:
return 'Access denied: reason=%s error=%s' % (
request.args['error_reason'],
request.args['error_description'])
session['google_token'] = (resp['access_token'], '')
return redirect(url_for('.login'))
@google.tokengetter
def get_google_oauth_token():
return session.get('google_token')
return google
def __init__(self):
self.oauth = oauth.remote_app(
'Digikey',
app_key='DIGIKEY',
request_token_url=None,
)
self.oauth.tokengetter(Digikey.tokengetter)
self.name = 'Digikey'
from app import app, oauth
from config import TWITTER_APP_KEY, TWITTER_APP_SECRET
# Use Twitter as example remote application
twitter = oauth.remote_app('twitter',
# unless absolute urls are used to make requests, this will be added
# before all URLs. This is also true for request_token_url and others.
base_url='https://api.twitter.com/1/',
# where flask should look for new request tokens
request_token_url='https://api.twitter.com/oauth/request_token',
# where flask should exchange the token with the remote application
access_token_url='https://api.twitter.com/oauth/access_token',
# twitter knows two authorizatiom URLs. /authorize and /authenticate.
# they mostly work the same, but for sign on /authenticate is
# expected because this will give the user a slightly different
# user interface on the twitter side.
authorize_url='https://api.twitter.com/oauth/authenticate',
# the consumer keys from the twitter application registry.
consumer_key=TWITTER_APP_KEY,
consumer_secret=TWITTER_APP_SECRET
)
"""
from flask import Blueprint, abort, url_for, flash, redirect
from flask_login import current_user, login_user
from sqlalchemy import or_
from app import oauth, db
from app.models import User
from app.utils import redirect_back
oauth_bp = Blueprint('oauth', __name__)
github = oauth.remote_app(
name='github',
consumer_key='d931fee7f44f1d3977c1',
consumer_secret='53ba0c7d5c423d062f8e38a05df27beb3f4cef25',
request_token_params={'scope': 'user'},
base_url='https://api.github.com/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://github.com/login/oauth/access_token',
authorize_url='https://github.com/login/oauth/authorize')
providers = {'github': github}
@oauth_bp.route('/login/<provider_name>')
def oauth_login(provider_name):
if current_user.is_authenticated:
return redirect_back()
provider = providers[provider_name]
callback = url_for('.oauth_callback',
provider_name=provider_name,
_external=True)
def index(page=1):
posts = Post.query.order_by(Post.timestamp.desc()).paginate(1, 4, False)
return render_template('index.html', title='Home', posts=posts)
@app.route('/log')
@app.route('/log/<int:page>')
def log(page=1):
posts = Post.query.order_by(Post.timestamp.desc()).paginate(page, POSTS_PER_PAGE, True)
return render_template('log.html', title='Trip Log', posts=posts)
# Login page
facebook = oauth.remote_app('facebook',
base_url='https://graph.facebook.com/',
request_token_url=None,
access_token_url='/oauth/access_token',
authorize_url='https://www.facebook.com/dialog/oauth',
consumer_key=app.config['FACEBOOK_APP_ID'],
consumer_secret=app.config['FACEBOOK_APP_SECRET'],
request_token_params={'scope': 'email'}
)
@app.route('/oauth-authorized')
@facebook.authorized_handler
def oauth_authorized(resp):
next_url = request.args.get('next') or url_for('index')
if resp is None:
flash(u'You denied the request to sign in.')
return redirect(next_url)
session['oauth_token'] = (resp['access_token'], '')
fb_user = facebook.get('/me')
from .. import db
import os
from app import oauth
from . import qq_login
from ..models import User
from flask import redirect, url_for, session, jsonify, flash,json,Markup
qq = oauth.remote_app(
'qq',
consumer_key='1105581412',
consumer_secret='9vKLvZAKu26O9Sbx',
base_url='https://graph.qq.com',
request_token_url=None,
request_token_params={'scope': 'get_user_info'},
access_token_url='/oauth2.0/token',
authorize_url='/oauth2.0/authorize',
)
def json_to_dict(x):
'''OAuthResponse class can't parse the JSON data with content-type
- text/html and because of a rubbish api, we can't just tell flask-oauthlib to treat it as json.'''
if x.find(b'callback') > -1:
# the rubbish api (https://graph.qq.com/oauth2.0/authorize) is handled here as special case
pos_lb = x.find(b'{')
pos_rb = x.find(b'}')
x = x[pos_lb:pos_rb + 1]
current_user
from .. import db
import os
from app import oauth
from . import douban_login
from ..models import User
from flask import redirect, url_for, session, request, jsonify, flash,json
douban = oauth.remote_app(
'douban',
consumer_key='0cfc3c5d9f873b1826f4b518de95b148',
consumer_secret='3e209e4f9ecf6a4a',
base_url='https://api.douban.com/',
request_token_url=None,
request_token_params={'scope': 'douban_basic_common,shuo_basic_r'},
access_token_url='https://www.douban.com/service/auth2/token',
authorize_url='https://www.douban.com/service/auth2/auth',
access_token_method='POST',
)
@douban_login.route('/')
def index():
if 'douban_token' in session:
resp = douban.get('shuo/v2/statuses/home_timeline')
return jsonify(status=resp.status, data=resp.data)
return redirect(url_for('.login'))
from flask_login import login_user
from flask import session, redirect, url_for, request, flash
from app import oauth, db
from ..models import User
from . import auth
import json
import os
QQ_APP_ID = os.getenv('QQ_APP_ID')
QQ_APP_KEY = os.getenv('QQ_APP_KEY')
qq = oauth.remote_app(
'qq',
consumer_key=QQ_APP_ID,
consumer_secret=QQ_APP_KEY,
base_url='https://graph.qq.com',
request_token_url=None,
request_token_params={'scope': 'get_user_info'},
access_token_url='/oauth2.0/token',
authorize_url='/oauth2.0/authorize',
)
def json_to_dict(data):
data = bytes.decode(data)
if data.find('callback') > -1:
pos_lb = data.find('{')
pos_rb = data.find('}')
data = data[pos_lb:pos_rb + 1]
try:
return json.loads(data, encoding='utf-8')
except:
from .. import db
import os
from app import oauth
from . import weibo_login
from ..models import User
from flask import redirect, url_for, session, request, jsonify, flash,json
weibo = oauth.remote_app(
'weibo',
consumer_key='909122383',
consumer_secret='2cdc60e5e9e14398c1cbdf309f2ebd3a',
request_token_params={'scope': 'email,statuses_to_me_read'},
base_url='https://api.weibo.com/2/',
authorize_url='https://api.weibo.com/oauth2/authorize',
request_token_url=None,
access_token_method='POST',
access_token_url='https://api.weibo.com/oauth2/access_token',
# since weibo's response is a shit, we need to force parse the content
content_type='application/json',
)
@weibo_login.route('/')
def index():
if 'oauth_token' in session:
access_token = session['oauth_token'][0]
resp = weibo.get('statuses/home_timeline.json')
return jsonify(resp.data)
return redirect(url_for('login'))
def __init__(self):
self.oauth = oauth.remote_app('Digikey',
app_key='DIGIKEY',
request_token_url=None,)
self.oauth.tokengetter(Digikey.tokengetter)
self.name = 'Digikey'
'specialties',
'positions',
'picture-url',
'picture-urls::(original)',
'site-standard-profile-request',
'api-standard-profile-request',
'public-profile-url',
]
linkedin = oauth.remote_app(
'linkedin',
app_key='LINKEDIN',
request_token_url=None,
request_token_params={
'scope': 'r_basicprofile',
'state': lambda: session['linkedin_state']
},
base_url='https://api.linkedin.com/',
authorize_url='https://www.linkedin.com/uas/oauth2/authorization',
access_token_method='POST',
access_token_url='https://www.linkedin.com/uas/oauth2/accessToken',
)
views = Blueprint('linkedin', __name__)
def retrieve_access_token(user):
if user.linkedin is not None:
if user.linkedin.expires_in.total_seconds() > MIN_TOKEN_LIFETIME:
return (user.linkedin.access_token, '')
@auth.route('/delete')
@login_required
def delete():
db.session.delete(current_user)
db.session.commit()
return redirect(url_for('main.index'))
QQ_APP_ID = os.getenv('QQ_APP_ID')
QQ_APP_KEY = os.getenv('QQ_APP_KEY')
qq = oauth.remote_app(
'qq',
consumer_key=QQ_APP_ID,
consumer_secret=QQ_APP_KEY,
base_url='https://graph.qq.com',
request_token_url=None,
request_token_params={'scope': 'get_user_info'},
access_token_url='/oauth2.0/token',
authorize_url='/oauth2.0/authorize',
)
def json_to_dict(data):
data = bytes.decode(data)
if data.find('callback') > -1:
pos_lb = data.find('{')
pos_rb = data.find('}')
data = data[pos_lb:pos_rb + 1]
try:
return json.loads(data, encoding='utf-8')
except:
from flask_login import login_user
from flask import session, redirect, url_for, request, flash
from app import oauth, db
from ..models import User
from . import auth
import json
import os
REN2_APP_ID = os.environ.get('REN2_APP_ID')
REN2_APP_KEY = os.environ.get('REN2_APP_KEY')
ren2 = oauth.remote_app('ren2',
consumer_key=REN2_APP_ID,
consumer_secret=REN2_APP_KEY,
base_url='https://graph.renren.com',
request_token_url=None,
access_token_url='/oauth/token',
authorize_url='/oauth/authorize')
@auth.route('/ren2-user-info')
def ren2_user_info():
if 'ren2_user' in session:
user = User.query.filter_by(
username=session['ren2_user']['name']).first()
if not user:
user = User(username=session['ren2_user']['name'],
avatar=session['ren2_user']['avatar'][3]['url'],
confirmed=True)
db.session.add(user)
db.session.commit()
from flask import render_template, flash, redirect, session, url_for, request
from flask.ext.login import login_user, logout_user, current_user, login_required
from app import app, db, lm, oauth
from .models import User
facebook = oauth.remote_app('facebook',
base_url='https://graph.facebook.com/',
request_token_url=None,
access_token_url='/oauth/access_token',
authorize_url='https://www.facebook.com/dialog/oauth',
consumer_key='872766896169946',
consumer_secret='47248c3813f7833ad586871d3675bffd',
request_token_params={'scope': 'public_profile, email'},
)
@facebook.tokengetter
def get_facebook_oauth_token():
return session.get('oauth_token')
@lm.user_loader
def load_user(id):
return User.query.get(int(id))
@app.route('/')
@app.route('/home')
def index():
#description of app + login button
return render_template('home.html')
from app import oauth
import os
google = oauth.remote_app(
'google',
consumer_key=str(os.getenv('GOOGLE_CLIENT_ID')),
consumer_secret=str(os.getenv('GOOGLE_CLIENT_ID_SECRET')),
request_token_params={
'scope': 'https://www.googleapis.com/auth/userinfo.email'
},
base_url='https://www.googleapis.com/oauth2/v1/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://accounts.google.com/o/oauth2/token',
authorize_url='https://accounts.google.com/o/oauth2/auth',
)
facebook = oauth.remote_app(
'facebook',
base_url='https://graph.facebook.com/',
request_token_url=None,
access_token_url='/oauth/access_token',
access_token_method='GET',
authorize_url='https://www.facebook.com/dialog/oauth',
consumer_key=str(os.getenv('FACEBOOK_APP_ID')),
consumer_secret=str(os.getenv('FACEBOOK_APP_SECRET')),
request_token_params={'scope': 'email'})
github = oauth.remote_app(
'github',
consumer_key=str(os.getenv('GITHUB_APP_ID')),
'specialties',
'positions',
'picture-url',
'picture-urls::(original)',
'site-standard-profile-request',
'api-standard-profile-request',
'public-profile-url',
]
linkedin = oauth.remote_app(
'linkedin',
app_key='LINKEDIN',
request_token_url=None,
request_token_params={
'scope': 'r_basicprofile',
'state': lambda: session['linkedin_state']
},
base_url='https://api.linkedin.com/',
authorize_url='https://www.linkedin.com/uas/oauth2/authorization',
access_token_method='POST',
access_token_url='https://www.linkedin.com/uas/oauth2/accessToken',
)
views = Blueprint('linkedin', __name__)
def retrieve_access_token(user):
if user.linkedin is not None:
if user.linkedin.expires_in.total_seconds() > MIN_TOKEN_LIFETIME:
return (user.linkedin.access_token, '')
def store_access_token(user, resp):
from flask_login import login_user
from flask import session, redirect, url_for, request, flash
from app import oauth, db
from ..models import User
from . import auth
import json
import os
SINA_APP_ID = os.getenv('SINA_APP_ID')
SINA_APP_KEY = os.getenv('SINA_APP_KEY')
sina = oauth.remote_app(
'sina',
consumer_key=SINA_APP_ID,
consumer_secret=SINA_APP_KEY,
base_url='https://api.weibo.com',
request_token_url=None,
access_token_url='/oauth2/access_token',
authorize_url='/oauth2/authorize',
)
@auth.route('/sina-user-info')
def sina_user_info():
if 'sina_token' in session:
return redirect(request.args.get('next') or url_for('main.index'))
return redirect(url_for('auth.sina_login'))
@auth.route('/sina-login')
def sina_login():
import os
from . import oauth_bp
from app import oauth, db
from flask import abort, redirect, url_for, flash
from flask_login import current_user, login_user
from ..models import User
import json
github = oauth.remote_app(
name='github',
consumer_key=os.getenv('GITHUB_CLIENT_ID'),
consumer_secret=os.getenv('GITHUB_CLIENT_SECRET'),
request_token_params={'scope': 'user'},
base_url='https://api.github.com/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://github.com/login/oauth/access_token',
authorize_url='https://github.com/login/oauth/authorize',
)
providers = {'github': github}
profile_endpoints = {'github': 'user'}
def get_social_profile(provider, access_token):
profile_endpoint = profile_endpoints[provider.name]
response = provider.get(profile_endpoint, token=access_token)
'''
in_json = json.dumps(response.data)
print(json.loads(in_json))
current_user
from .. import db
import os,app
from app import oauth
from . import google_login
from ..models import User
from flask import redirect, url_for, session, request, jsonify, flash,json
google = oauth.remote_app(
'google',
consumer_key="34212163293-1b6l981iuh96vthq176o4ng55bhqg890.apps.googleusercontent.com",
consumer_secret="pBz0mULyUdL2rr3nUsmKpFeC",
request_token_params={
'scope': 'email'
},
base_url='https://accounts.google.com/o/oauth2/v2/auth',#######'https://www.googleapis.com/oauth2/v1/'
request_token_url=None,
access_token_method='POST',
access_token_url='https://accounts.google.com/o/oauth2/token',
authorize_url='https://accounts.google.com/o/oauth2/auth',
)
#############google not callback
@google_login.route('/')
def index():
if 'google_token' in session:
me = google.get('userinfo')
return jsonify({"data": me.data})
return redirect(url_for('.login'))
from app import app, oauth
from config import GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET
google = oauth.remote_app('google',
base_url='https://www.google.com/accounts/',
authorize_url='https://accounts.google.com/o/oauth2/auth',
request_token_url=None,
request_token_params={'scope': 'https://www.googleapis.com/auth/userinfo.email',
'response_type': 'code'},
access_token_url='https://accounts.google.com/o/oauth2/token',
access_token_method='POST',
access_token_params={'grant_type': 'authorization_code'},
consumer_key=GOOGLE_CLIENT_ID,
consumer_secret=GOOGLE_CLIENT_SECRET)
from flask import Blueprint, flash, render_template, url_for, session, request, jsonify, redirect
from flask_oauthlib.client import OAuth, OAuthResponse
from flask_login import LoginManager, login_user, logout_user, current_user
from app import oauth, lm
from app.models.user_models import User
from app import db, uandus_client, CLIENT_ID, CLIENT_SECRET
# When using a Flask app factory we must use a blueprint to avoid needing 'app' for '@app.route'
oauth_blueprint = Blueprint('oauth', __name__, template_folder='templates')
remote = oauth.remote_app(
'remote',
consumer_key=CLIENT_ID,
consumer_secret=CLIENT_SECRET,
request_token_params={'scope': 'email'},
base_url='http://www.uandus.net/api/v1.0/',
request_token_url=None,
# access_token_method='POST',
access_token_url='http://www.uandus.net/api/v1.0/oauth/token',
authorize_url='http://www.uandus.net/api/v1.0/oauth/authorize')
def parse_authorized_response(resp):
global uandus_client
if resp is None:
flash('Authentication failed.')
return 'Access denied: reason=%s error=%s' % (
request.args['error_reason'], request.args['error_description'])
if isinstance(resp, dict):
from flask import session, request
from flask_oauthlib.client import OAuth, OAuthException
from app import oauth
from app.pluginloader import PluginBase, PluginSettingBool, PluginSettingText, PluginError
from app.util import _get_settings
settings = _get_settings('auth_azure')
if 'auth_azure_consumer_key' in settings and settings['auth_azure_consumer_key']:
remote_app = oauth.remote_app(
'microsoft',
consumer_key=settings['auth_azure_consumer_key'],
consumer_secret=settings['auth_azure_consumer_secret'],
request_token_params={'scope': 'offline_access User.Read'},
base_url='https://graph.microsoft.com/v1.0/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://login.microsoftonline.com/common/oauth2/v2.0/token',
authorize_url='https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
)
@remote_app.tokengetter
def get_auth_azure_token():
return session.get('auth_azure_token')
class Plugin(PluginBase):
def __init__(self):
PluginBase.__init__(self)
def name(self):
from app import oauth
from config import TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET
# Create a twitter application
app = oauth.remote_app('twitter',
base_url='https://api.twitter.com/1/',
request_token_url='https://api.twitter.com/oauth/request_token',
access_token_url='https://api.twitter.com/oauth/access_token',
authorize_url='https://api.twitter.com/oauth/authenticate',
consumer_key=TWITTER_CONSUMER_KEY,
consumer_secret=TWITTER_CONSUMER_SECRET)
current_user
from .. import db
import os
from app import oauth
from . import github_login
from ..models import User
from flask import redirect, url_for, session, request, jsonify, flash,json
github = oauth.remote_app(
'github',
consumer_key='e1c0a729ad0f61811811',
consumer_secret='07d0505feeb83f6a2dc38df29d1916ee4909e13e',
request_token_params={'scope': 'user:email'},
base_url='https://api.github.com/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://github.com/login/oauth/access_token',
authorize_url='https://github.com/login/oauth/authorize'
)
@github_login.route('/')
def index():
if 'github_token' in session:
me = github.get('user')
resp=jsonify(me.data)
data=json.loads(resp.data.decode('utf-8'))
user = User.query.filter_by(email=data.get('email')).first()
