def __init__(self, application): """Initialize the class. Only create the oidc object when it is None (prevent duplicate instantiation) and the application is defined (allow import prior to instantiation). """ if not Keycloak._oidc and application: Keycloak._oidc = flask_oidc.OpenIDConnect(application)
def create_app(config, oidc_overrides=None): global oidc app = Flask(__name__) app.config.update(config) if oidc_overrides is None: oidc_overrides = {} app.oidc = flask_oidc.OpenIDConnect(app, **oidc_overrides) oidc = app.oidc app.route('/')(app.oidc.check(index)) app.route('/at')(app.oidc.check(get_at)) app.route('/rt')(app.oidc.check(get_rt)) # Check standalone usage rendered = app.oidc.accept_token(True, ['openid'], auth_header_key='Authorization')(api) app.route('/api', methods=['GET', 'POST'])(rendered) configure_keycloak_test_uris(app) # Check combination with an external API renderer like Flask-RESTful unrendered = app.oidc.accept_token( True, ['openid'], render_errors=False, auth_header_key='Authorization')(raw_api) def externally_rendered_api(*args, **kwds): inner_response = unrendered(*args, **kwds) if isinstance(inner_response, tuple): raw_response, response_code, headers = inner_response rendered_response = json.dumps( raw_response), response_code, headers else: rendered_response = json.dumps(inner_response) return rendered_response app.route('/external_api', methods=['GET', 'POST'])(externally_rendered_api) return app
user the userinfo endpoint to validate it. This is because the token info endpoint used by the Flask-OIDC accept_token wrapper has some issues with validating tokens for certain application types. ''' from __future__ import absolute_import import cli_common.log import flask import flask_oidc import functools import json import requests logger = cli_common.log.get_logger(__name__) auth0 = flask_oidc.OpenIDConnect() def mozilla_accept_token(render_errors=True): ''' Use this to decorate view functions that should accept OAuth2 tokens, this will most likely apply to API functions. Tokens are accepted as part of * the query URL (access_token value) * a POST form value (access_token) * the header Authorization: Bearer <token value> :param render_errors: Whether or not to eagerly render error objects as JSON API responses. Set to False to pass the error object back unmodified for later rendering.
app = flask.Flask(__name__) # Set the redirect URI to /callback. # APP_BASE_URL should be set to e.g. "https://myapp.example.com" app.config["OVERWRITE_REDIRECT_URI"] = urllib.parse.urljoin( os.environ["APP_BASE_URL"], "/callback") # Set the secret key used by Flask to encrypt session data. # FLASK_SECRET_KEY should be a random hexadecimal string; the same for each iteration. app.config["SECRET_KEY"] = binascii.unhexlify(os.environ["FLASK_SECRET_KEY"]) # Set the location of the client_secrets.json file. app.config["OIDC_CLIENT_SECRETS"] = os.environ.get("CLIENT_SECRETS_FILE", "/app/client_secrets.json") oidc = flask_oidc.OpenIDConnect(app) TMPL = jinja2.Environment(autoescape=True).from_string(""" <html> <p>Hello, {{ term_of_address }}!</p> <p>{{ content }}</p> <ul> <li><a href="/secret">secret</a></li> <li><a href="/other-secret">other secret</a></li> </ul> </html> """)
def __init__(self, application): if not Keycloak._oidc and application: Keycloak._oidc = flask_oidc.OpenIDConnect(application)