def callback_oauth():
"""connect Google sign-in to backend auth"""
# Google sign-in API guidelines:
# https://developers.google.com/identity/sign-in/web/sign-in
try:
# if user is trying to log in
if 'idtoken' in request.form:
# if user is already logged in
if 'token' in login_session:
return login_session.get('token', None)
# else user is not logged in
else:
token = request.form['idtoken']
# verify the JWT, client ID, and that the token has not expired
idinfo = id_token.verify_oauth2_token(token,
requests.Request(),
CLIENT_ID)
# verify the issuer of the ID token
if idinfo['iss'] not in PROVIDERS:
raise ValueError("Wrong Issuer")
# ID token is valid, can get info from decoded token
userid = idinfo['sub']
email = idinfo['email']
# check if user is in the db
userdb = session.query(User).filter_by(id=userid).first()
# if user is not in the db, create new user
if not userdb:
# create a new db user
userdb = User(id=userid, email=email)
session.add(userdb)
session.commit()
flash('New user created!')
# else if user is already in the db
else:
flash('User logged in!')
# add to session
login_session['token'] = userdb.gen_auth_token()
login_session['user'] = token
login_session['userid'] = userid
login_session['email'] = email
return login_session.get('token', None)
elif 'token' in login_session:
# if user is logged in, log them out
g.current_user = None
login_session.pop('token', None)
login_session.pop('user', None)
login_session.pop('userid', None)
flash('User signed out')
return 'logged out'
# if token invalid
except ValueError:
pass
return redirect(url_for('landingPage'))
