def gconnect():
"""Handles Google+ login."""
# Validate state token
if request.args.get('state') != login_session['state']:
return make_json_response('Invalid state parameter', 401)
auth_code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets(secrets_path, scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(auth_code)
except FlowExchangeError:
return make_json_response(
'Failed to upgrade the authorization code.', 401)
# Check that the access token is valid
access_token = credentials.access_token
url = (
'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' %
access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
if result.get('error') is not None:
return make_json_response(result.get('error'), 500)
# Verify that the access token is used for the intended user
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
return make_json_response(
"Token's user ID doesn't match given user ID.", 401)
# Verify that the access token is valid for this app
if result['issued_to'] != CLIENT_ID:
return make_json_response(
"Token's client ID does not match app's", 401)
stored_access_token = login_session.get('access_token')
stored_gplus_id = login_session.get('gplus_id')
if stored_access_token is not None and gplus_id == stored_gplus_id:
return make_json_response('Current user is already connected', 200)
login_session['access_token'] = access_token
login_session['gplus_id'] = gplus_id
userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo'
params = {'access_token': access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = json.loads(answer.text)
login_session['username'] = data['name']
login_session['picture'] = data['picture']
flash("You are now logged in as %s" % login_session['username'], 'success')
return 'logged in'
def gdisconnect():
"""Handles Google+ disconnect (logs people out of this app)."""
access_token = login_session.get('access_token')
if access_token is None:
response = make_response(
json.dumps('Current user is not connected'), 401)
response.headers['Content-Type'] = 'application/json'
return response
url = 'https://accounts.google.com/o/oauth2/revoke?token=%s' % access_token
h = httplib2.Http()
result = h.request(url, 'GET')[0]
del login_session['access_token']
del login_session['gplus_id']
del login_session['username']
del login_session['picture']
if result['status'] == '200':
flash('You logged out.', 'success')
else:
flash("""You logged out, but something went wrong revoking
your Google+ token. It shouldn't matter at all,
but if you have any concern, you can visit the
authorized apps page of you google account to make
sure this app has been revoked.""", 'success')
return redirect('/')
