def callback_oauth(): """connect Google sign-in to backend auth""" # Google sign-in API guidelines: # https://developers.google.com/identity/sign-in/web/sign-in try: # if user is trying to log in if 'idtoken' in request.form: # if user is already logged in if 'token' in login_session: return login_session.get('token', None) # else user is not logged in else: token = request.form['idtoken'] # verify the JWT, client ID, and that the token has not expired idinfo = id_token.verify_oauth2_token(token, requests.Request(), CLIENT_ID) # verify the issuer of the ID token if idinfo['iss'] not in PROVIDERS: raise ValueError("Wrong Issuer") # ID token is valid, can get info from decoded token userid = idinfo['sub'] email = idinfo['email'] # check if user is in the db userdb = session.query(User).filter_by(id=userid).first() # if user is not in the db, create new user if not userdb: # create a new db user userdb = User(id=userid, email=email) session.add(userdb) session.commit() flash('New user created!') # else if user is already in the db else: flash('User logged in!') # add to session login_session['token'] = userdb.gen_auth_token() login_session['user'] = token login_session['userid'] = userid login_session['email'] = email return login_session.get('token', None) elif 'token' in login_session: # if user is logged in, log them out g.current_user = None login_session.pop('token', None) login_session.pop('user', None) login_session.pop('userid', None) flash('User signed out') return 'logged out' # if token invalid except ValueError: pass return redirect(url_for('landingPage'))