class AuthTypeOAuth(AuthTypeClientBase):
"""An authentication type for oauth2 logins."""
CXG_TOKENS = "auth_tokens"
def __init__(self, server_config):
super().__init__()
if missingimport:
raise ConfigurationError(
f"oauth requires these modules: {', '.join(missingimport)}")
self.algorithms = ["RS256"]
self.oauth_api_base_url = server_config.authentication__params_oauth__oauth_api_base_url
self.client_id = server_config.authentication__params_oauth__client_id
self.client_secret = server_config.authentication__params_oauth__client_secret
self.session_cookie = server_config.authentication__params_oauth__session_cookie
self.cookie_params = server_config.authentication__params_oauth__cookie
self.jwt_decode_options = server_config.authentication__params_oauth__jwt_decode_options
self._validate_cookie_params()
self._validate_jwt_decode_options()
self.api_base_url = server_config.get_api_base_url()
self.web_base_url = server_config.get_web_base_url()
if self.api_base_url is None:
raise ConfigurationError(
"oauth requires the app__api_base_url to be set")
# set the audience
self.audience = self.client_id
# load the jwks (JSON Web Key Set).
# The JSON Web Key Set (JWKS) is a set of keys which contains the public keys used to verify
# any JSON Web Token (JWT) issued by the authorization server and signed using the RS256
try:
jwksloc = f"{self.oauth_api_base_url}/.well-known/jwks.json"
jwksurl = requests.get(jwksloc)
self.jwks = jwksurl.json()
except Exception:
raise ConfigurationError(
f"error in oauth, api_url_base: {self.oauth_api_base_url}, cannot access {jwksloc}"
)
def _validate_cookie_params(self):
"""check the cookie_params, and raise a ConfigurationError if there is something wrong"""
if self.session_cookie:
return
if not isinstance(self.cookie_params, dict):
raise ConfigurationError(
"either session_cookie or cookie must be set")
valid_keys = {
"key", "max_age", "expires", "path", "domain", "secure",
"httponly", "samesite"
}
keys = set(self.cookie_params.keys())
unknown = keys - valid_keys
if unknown:
raise ConfigurationError(
f"unexpected key in cookie params: {', '.join(unknown)}")
if "key" not in keys:
raise ConfigurationError(
"must have a key (name) in the cookie params")
def _validate_jwt_decode_options(self):
"""check the jwt_decode_options, and raise a ConfigurationError if there is something wrong"""
if self.jwt_decode_options is None:
self.jwt_decode_options = {}
return
valid_keys = {
"verify_signature",
"verify_aud",
"verify_iat",
"verify_exp",
"verify_nbf",
"verify_iss",
"verify_sub",
"verify_jti",
"verify_at_hash",
"leeway",
}
keys = set(self.jwt_decode_options.keys())
unknown = keys - valid_keys
if unknown:
raise ConfigurationError(
f"unexpected key in jwt_decode_options: {', '.join(unknown)}")
def is_valid_authentication_type(self):
return True
def requires_client_login(self):
return True
def add_url_rules(self, app):
parse = urlparse(self.api_base_url)
app.add_url_rule(f"{parse.path}/login",
"login",
self.login,
methods=["GET"])
app.add_url_rule(f"{parse.path}/logout",
"logout",
self.logout,
methods=["GET"])
app.add_url_rule(f"{parse.path}/logout_redirect",
"logout_redirect",
self.logout_redirect,
methods=["GET"])
app.add_url_rule(f"{parse.path}/oauth2/callback",
"callback",
self.callback,
methods=["GET"])
def complete_setup(self, flask_app):
self.oauth = OAuth(flask_app)
self.client = self.oauth.register(
"auth0",
client_id=self.client_id,
client_secret=self.client_secret,
api_base_url=self.oauth_api_base_url,
refresh_token_url=f"{self.oauth_api_base_url}/oauth/token",
access_token_url=f"{self.oauth_api_base_url}/oauth/token",
authorize_url=f"{self.oauth_api_base_url}/authorize",
client_kwargs={"scope": "openid profile email offline_access"},
)
def is_user_authenticated(self):
payload = self.get_userinfo()
return payload is not None
def get_user_id(self):
payload = self.get_userinfo()
return payload.get("sub") if payload else None
def get_user_name(self):
payload = self.get_userinfo()
return payload.get("name") if payload else None
def get_user_email(self):
payload = self.get_userinfo()
return payload.get("email") if payload else None
def get_user_picture(self):
payload = self.get_userinfo()
return payload.get("picture") if payload else None
def update_response(self, response):
response.cache_control.update(
dict(public=True,
max_age=0,
no_store=True,
no_cache=True,
must_revalidate=True))
def login(self):
callbackurl = f"{self.api_base_url}/oauth2/callback"
return_path = request.args.get("dataset", "")
return_to = f"{self.web_base_url}/{return_path}"
# save the return path in the session cookie, accessed in the callback function
session["oauth_callback_redirect"] = return_to
response = self.client.authorize_redirect(redirect_uri=callbackurl)
self.update_response(response)
return response
def logout(self):
"""
We would like for the user to remain on the same dataset after logout. oauth requires that
the redirect `returnTo` path be whitelisted by the oauth server, therefore a level of
indirection is used. We first redirect to a single path "logout_redirect", and logout_redirect
will redirect the user's browser back to the current page.
"""
self.remove_tokens()
redirect_path = request.args.get("dataset", "")
redirect_to = f"{self.web_base_url}/{redirect_path}"
session["oauth_logout_redirect"] = redirect_to
return_to = f"{self.api_base_url}/logout_redirect"
params = {"returnTo": return_to, "client_id": self.client_id}
response = redirect(self.client.api_base_url + "/v2/logout?" +
urlencode(params))
self.update_response(response)
return response
def logout_redirect(self):
oauth_logout_redirect = session.pop("oauth_logout_redirect", "/")
response = redirect(oauth_logout_redirect)
self.update_response(response)
return response
def callback(self):
data = self.client.authorize_access_token()
tokens = Tokens(
access_token=data.get("access_token"),
id_token=data.get("id_token"),
refresh_token=data.get("refresh_token"),
expires_at=data.get("expires_at"),
)
self.save_tokens(tokens)
oauth_callback_redirect = session.pop("oauth_callback_redirect", "/")
response = redirect(oauth_callback_redirect)
self.update_response(response)
return response
def get_tokens(self):
"""Extract the tokens from the cookie, and store them in the flask global context"""
if "tokens" in g:
return g.tokens
try:
if self.session_cookie:
value = session.get(self.CXG_TOKENS)
if value:
g.tokens = Tokens(**value)
else:
return None
else:
value = request.cookies.get(self.cookie_params["key"])
if value is None:
return None
value = base64.b64decode(value)
value = json.loads(value)
g.tokens = Tokens(**value)
except Exception:
# there are many types of exceptions that can be raise in the above section.
# It is impractical to list all the exceptions here, since that would be brittle.
# If an exception occurs, then return None, meaning that no token could be retrieved.
current_app.logger.warning(
f"auth cookie is in the wrong format: {str(value)}")
g.pop("tokens", None)
return None
return g.tokens
def save_tokens(self, tokens):
g.tokens = tokens
if self.session_cookie:
session[self.CXG_TOKENS] = tokens.__dict__
else:
@after_this_request
def set_cookie(response):
args = self.cookie_params.copy()
value = base64.b64encode(
json.dumps(tokens.__dict__).encode("utf-8"))
del args["key"]
try:
response.set_cookie(self.cookie_params["key"], value,
**args)
except Exception as e:
raise AuthenticationError(
f"unable to set_cookie {self.cookie_params}") from e
return response
def remove_tokens(self):
g.pop("tokens", None)
if self.session_cookie:
if self.CXG_TOKENS in session:
del session[self.CXG_TOKENS]
else:
@after_this_request
def remove_cookie(response):
response.set_cookie(self.cookie_params["key"], "", expires=0)
self.update_response(response)
return response
def get_login_url(self, data_adaptor):
"""Return the url for the login route"""
if data_adaptor and current_app.app_config.is_multi_dataset():
return f"{self.api_base_url}/login?dataset={data_adaptor.uri_path}/"
else:
return f"{self.api_base_url}/login"
def get_logout_url(self, data_adaptor):
"""Return the url for the logout route"""
if data_adaptor and current_app.app_config.is_multi_dataset():
return f"{self.api_base_url}/logout?dataset={data_adaptor.uri_path}/"
else:
return f"{self.api_base_url}/logout"
def check_jwt_payload(self, id_token):
try:
unverified_header = jwt.get_unverified_header(id_token)
except JWTError:
return None
rsa_key = {}
for key in self.jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key.get("n"),
"e": key.get("e"),
}
if rsa_key:
try:
payload = jwt.decode(
id_token,
rsa_key,
algorithms=self.algorithms,
audience=self.audience,
issuer=self.oauth_api_base_url + "/",
options=self.jwt_decode_options,
)
return payload
except ExpiredSignatureError:
# This exception is handled in get_userinfo
raise
except JWTClaimsError as e:
raise AuthenticationError(f"invalid claims {str(e)}") from e
except JWTError as e:
raise AuthenticationError(
f"invalid signature: {str(e)}") from e
raise AuthenticationError("Unable to find the appropriate key")
def get_userinfo(self):
if not has_request_context():
return None
# check if the userinfo has been retrieved already in this request
if "userinfo" in g:
return g.get("userinfo")
# if there is no id_token, return None (user is not authenticated)
tokens = self.get_tokens()
if tokens is None or tokens.id_token is None:
return None
try:
# check the jwt payload. This raises an AuthenticationError if the token is not valid.
# It the token has expired, we attempt to refresh the token
g.userinfo = self.check_jwt_payload(tokens.id_token)
return g.userinfo
except ExpiredSignatureError:
tokens = self.refresh_expired_token(tokens.refresh_token)
if tokens is None or tokens.id_token is None:
return None
else:
try:
g.userinfo = self.check_jwt_payload(tokens.id_token)
return g.userinfo
except JWTError as e:
raise AuthenticationError(
f"error during token refresh: {str(e)}") from e
except AuthenticationError:
self.remove_tokens()
raise
def refresh_expired_token(self, refresh_token):
params = {
"grant_type": "refresh_token",
"client_id": self.client_id,
"refresh_token": refresh_token,
"client_secret": self.client_secret,
}
headers = {"content-type": "application/x-www-form-urlencoded"}
request = requests.post(f"{self.oauth_api_base_url}/oauth/token",
urlencode(params),
headers=headers)
if request.status_code != 200:
# unable to refresh the token, log the user out
self.remove_tokens()
return None
data = request.json()
tokens = Tokens(
access_token=data.get("access_token"),
id_token=data.get("id_token"),
refresh_token=data.get("refresh_token", refresh_token),
expires_at=data.get("expires_at"),
)
self.save_tokens(tokens)
return tokens
from flask import Flask, url_for, redirect, session, render_template
from authlib.integrations.flask_client import OAuth
app = Flask(__name__)
app.secret_key = 'random secret'
# oauth config
oauth = OAuth(app)
oauth.register(name='google',
client_id='',
client_sectet='',
access_token_url='https://accounts.google.com/o/auth2/token',
access_tokern_params=None,
authorize_url='https://accounts.google.com/o/oauth2/auth',
authorize_params=None,
api_base_url='https://www.googleapis.com/oauth2/v1',
client_kwargs={'scope': 'openid profile email'})
@app.route('/')
def hello_world():
return "Hello, World!"
@app.route('/login')
def login():
google = oauth.create_client('google')
redirect_uri = url_for('authorize', _external=True)
return google.authorize_redirect(redirect_uri)
@app.route('/authorize')
from flask import Flask, url_for, redirect, session, render_template
from authlib.integrations.flask_client import OAuth
app = Flask(__name__)
app.secret_key = 'random secret'
#https://docs.authlib.org/en/latest/basic/index.html
#oauth config
oauth = OAuth(app)
google = oauth.register(
name='google',
client_id=
'495451370244-vmk79jh8653v4t8719cb26m4eil8j4le.apps.googleusercontent.com',
client_secret='OlOWxgzZM2M2_iVoUQjAevgx',
access_token_url='https://accounts.google.com/o/oauth2/token',
access_token_params=None,
authorize_url='https://accounts.google.com/o/oauth2/auth',
authorize_params=None,
api_base_url='https://www.googleapis.com/oauth2/v1/',
userinfo_endpoint=
'https://openidconnect.googleapis.com/v1/userinfo', # This is only needed if using openId to fetch user info
client_kwargs={'scope': 'openid email profile'},
)
@app.route('/')
def index():
return render_template('login.html')
@app.route('/home')
class OAuthModule(bp.AuthModule):
def __init__(self, app, bp):
super(OAuthModule, self).__init__(app, bp)
self.oauth = OAuth()
self.oauth.init_app(app)
self.app = self.register_oauth(self.oauth, app)
bp.route("/login", methods = ["POST"])(self.login)
bp.route("/authorize", methods = ["GET"])(self.authorize)
@abc.abstractmethod
def register_oauth(self, oauth, app):
pass
@abc.abstractmethod
def get_login_form_button_text(self):
pass
@overrides
def is_flat(self) -> bool:
return True
@overrides
def can_manage_users(self) -> bool:
return False
@overrides
def get_login_form(self) -> models.LoginForm:
return models.LoginForm([], self.get_login_form_button_text())
def login(self) -> Response:
if "return_to" in request.args:
redirect = self.app.authorize_redirect(request.args.get("return_to"), response_type = "token")
else:
redirect = self.app.authorize_redirect(response_type = "token")
return jsonify(redirect.headers["Location"])
def authorize(self):
authorization_response = request.full_path + "#" + request.args.get("fragment")
try:
token = self.app.fetch_access_token(authorization_response = authorization_response)
except Exception as e:
traceback.print_exc()
sys.stderr.flush()
raise exceptions.SecurityError(description = str(e))
access_token = token["access_token"]
secret = current_app.config["VEGAS_CLIENT_SECRET"]
try:
decoded = jwt.decode(access_token, secret, verify = False)
decoded = jwt.decode(access_token, secret, verify = True, audience = decoded["aud"])
except jwt.exceptions.InvalidTokenError as e:
traceback.print_exc()
sys.stderr.flush()
raise exceptions.SecurityError(description = str(e))
session["auth"] = {
"user": OAuthUser(decoded).to_dict(),
"user_data": decoded,
"token": token
}
log.access_flask_login()
return jsonify(self.get_logged_in_user())
from flask import Flask, Blueprint
from flask_restplus import Api
from pymongo_helplib import MongoClient
import os
from dotenv import load_dotenv, find_dotenv
from authlib.integrations.flask_client import OAuth
from six.moves.urllib.parse import urlencode
app = Flask(__name__)
oauth = OAuth(app)
auth0 = oauth.register(
'auth0',
client_id='1xL7s3OaXnI0mpu3zdCeKQ9nhK8CGiHK',
client_secret=os.environ['client_secret'],
api_base_url='https://launcher-plan-b.eu.auth0.com',
access_token_url='https://launcher-plan-b.eu.auth0.com/oauth/token',
authorize_url='https://launcher-plan-b.eu.auth0.com/authorize',
client_kwargs={
'scope': 'openid profile',
},
)
""" app.config.from_pyfile('config.cfg') """
app.secret_key = os.environ['SECRET_KEY']
blueprint = Blueprint('api', __name__, url_prefix='/api')
api_app = Api(app=app,
blueprint=blueprint,
doc='/doc/',
version="0.0",
title="Launcher",
from authlib.integrations.flask_client import OAuth
# .register() will automatically read GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET from app configuration
# as described here: https://docs.authlib.org/en/latest/client/flask.html#configuration
oauth_registry = OAuth()
oauth_registry.register( # nosec
name='github',
access_token_url='https://github.com/login/oauth/access_token',
access_token_params=None,
authorize_url='https://github.com/login/oauth/authorize',
authorize_params=None,
api_base_url='https://api.github.com/',
client_kwargs={'scope': 'user'})
from functools import wraps
from os import environ
from authlib.integrations.flask_client import OAuth
from flask import session
from app import app
oauth = OAuth(app)
AUTH0_CALLBACK_URL = environ.get("AUTH0_CALLBACK_URL")
AUTH0_CLIENT_ID = environ.get("AUTH0_CLIENT_ID")
AUTH0_CLIENT_SECRET = environ.get("AUTH0_CLIENT_SECRET")
AUTH0_DOMAIN = environ.get("AUTH0_DOMAIN")
AUTH0_BASE_URL = 'https://' + AUTH0_DOMAIN
PROFILE_KEY = environ.get("PROFILE_KEY")
JWT_PAYLOAD = environ.get("JWT_PAYLOAD")
SECRET_KEY = environ.get("SECRET_KEY")
auth0 = oauth.register(
'auth0',
client_id=AUTH0_CLIENT_ID,
client_secret=AUTH0_CLIENT_SECRET,
api_base_url=AUTH0_BASE_URL,
access_token_url=AUTH0_BASE_URL + '/oauth/token',
authorize_url=AUTH0_BASE_URL + '/authorize',
client_kwargs={
'scope': 'openid profile email',
},
)
from flask import Flask, url_for, redirect, session
import os
from authlib.integrations.flask_client import OAuth
app = Flask(__name__)
app.secret_key = os.environ.get("SECRET_KEY")
# OAuth Config
oauth = OAuth(app)
google = oauth.register(
name="google",
client_id=os.environ.get("CLIENT_ID"),
client_secret=os.environ.get("CLIENT_SECRET"),
access_token_url="https://accounts.google.com/o/oauth2/token",
access_token_params=None,
authorize_url="https://accounts.google.com/o/oauth2/auth",
authorize_params=None,
api_base_url="https://www.googleapis.com/oauth2/v1/",
userinfo_endpoint=
"https://openidconnect.googleapis.com/v1/userinfo", # This is only needed if using openId to fetch user info
client_kwargs={"scope": "openid email profile"},
)
@app.route("/")
def hello_world():
email = dict(session).get("email", None)
return f"Hello {email}"
from dotenv import load_dotenv
load_dotenv()
import requests
from authlib.integrations.flask_client import OAuth
app = Flask(__name__)
app.secret_key = os.getenv("SECRET_KEY")
app.config['LICHESS_CLIENT_ID'] = os.getenv("LICHESS_CLIENT_ID")
app.config['LICHESS_CLIENT_SECRET'] = os.getenv("LICHESS_CLIENT_SECRET")
app.config['LICHESS_ACCESS_TOKEN_URL'] = 'https://oauth.lichess.org/oauth'
app.config[
'LICHESS_AUTHORIZE_URL'] = 'https://oauth.lichess.org/oauth/authorize'
oauth = OAuth(app)
oauth.register('lichess')
@app.route('/')
def login():
redirect_uri = url_for('authorize', _external=True)
return oauth.lichess.authorize_redirect(redirect_uri)
@app.route('/authorize')
def authorize():
token = oauth.lichess.authorize_access_token()
bearer = token['access_token']
headers = {'Authorization': f'Bearer {bearer}'}
response = requests.get("https://lichess.org/api/account", headers=headers)
from flask import Flask, url_for, session
from flask import render_template, redirect
from authlib.integrations.flask_client import OAuth
app = Flask(__name__)
app.secret_key = '!secret'
app.config.from_object('config')
CONF_URL = 'https://accounts.google.com/.well-known/openid-configuration'
oauth = OAuth(app)
oauth.register(name='google',
server_metadata_url=CONF_URL,
client_kwargs={'scope': 'openid email profile'})
@app.route('/')
def homepage():
print("Hello")
user = session.get('user')
return render_template('home.html', user=user)
@app.route('/login')
def login():
redirect_uri = url_for('auth', _external=True)
return oauth.google.authorize_redirect(redirect_uri)
@app.route('/auth')
def auth():
token = oauth.google.authorize_access_token()
def create_authenticated_app(test_config=None):
# Create and Configure OKIT Web Designer App
app = Flask(__name__, instance_relative_config=True, instance_path='/okit/instance')
# Load Config
if test_config is None:
app.config.from_pyfile('config.py', silent=True)
else:
app.config.from_mapping(test_config)
# Ensure if instance folder exists
try:
os.makedirs(app.instance_path)
except OSError:
pass
# Add Upload location
app.config['UPLOADS_FOLDER'] = '/okit/uploads'
# The secret key must be static to be the same for all gunicorn workers
app.secret_key = '8980ffsd675747jjjh'
idcs_metadata_url = app.config['IDCS_API_BASE_URL'] + '/.well-known/openid-configuration'
oauth = OAuth(app)
idcs = oauth.register(name='idcs', server_metadata_url=idcs_metadata_url, client_kwargs={'scope':'openid email profile'})
if 'OKIT_SERVER_BASE' not in app.config:
app.config['OKIT_SERVER_BASE'] = 'http://' + socket.getfqdn()
@app.route('/favicon.ico')
def favicon():
return send_from_directory(os.path.join(app.root_path, 'static'),
'favicon.ico', mimetype='image/vnd.microsoft.icon')
from . import okitWebDesigner
# Login Step 1 - Redirect to IDCS
@okitWebDesigner.bp.route('/login', methods=(['GET', 'POST']))
def login():
return idcs.authorize_redirect(app.config['OKIT_SERVER_BASE'] + url_for('okit.postlogin'))
# Login Step 2 - Local local token handling
@okitWebDesigner.bp.route('/postlogin', methods=(['GET', 'POST']))
def postlogin():
token = idcs.authorize_access_token()
userinfo = idcs.parse_id_token(token)
session['username'] = userinfo['user_displayname']
session['home_region'] = app.config['OCI_HOME_REGION']
session['tenant'] = app.config['OCI_TENANT']
logger.info(f"App Config {app.config}")
end_session_endpoint = idcs.server_metadata['end_session_endpoint']
logout_redirect_url = {
'post_logout_redirect_url' : app.config['OKIT_SERVER_BASE'] + url_for('okit.postlogout'),
'id_token_hint' : token['id_token']
}
logout_url = end_session_endpoint + '?post_logout_redirect_url=' + str(logout_redirect_url['post_logout_redirect_url']) + '&id_token_hint=' + str(logout_redirect_url['id_token_hint'])
session['logout'] = logout_url
return redirect(url_for('okit.designer'), code=302)
# Logout Step 1 - Handled by IDCS
# Logout Step 2 - Local cleanup
@okitWebDesigner.bp.route('/logout', methods=(['GET', 'POST']))
def logout():
session.pop('username', None)
session.pop('logout', None)
session.pop('tenant', None)
session.pop('home_region', None)
return Response(status=200)
# Logout Step 3 - Local redirect to home page
@okitWebDesigner.bp.route('/postlogout', methods=(['GET', 'POST']))
def postlogout():
session.pop('username', None)
session.pop('logout', None)
session.pop('tenant', None)
session.pop('home_region', None)
return redirect(url_for('okit.designer'), code=302)
app.register_blueprint(okitWebDesigner.bp)
from . import okitPricing
app.register_blueprint(okitPricing.bp)
from . import okitOci
app.register_blueprint(okitOci.bp)
from . import okitImport
app.register_blueprint(okitImport.bp)
@app.route('/')
def index():
return login()
return app
def create_app(config: Optional[TmvConfig] = None,
config_override: Optional[Dict] = None):
if config is None:
config = create_tmv_config_from_env()
if config_override is None:
config_override = {}
""" Set up logging
Logging uses the built-in logging-module, see the Python docs for details.
If you want to log something, please use one of the following methods,
depending on the level you want to log.
logging.debug()
logging.info()
logging.warning()
logging.error()
logging.critical()
You can configure from which level log messages get output by modifying
the parameter `level` in the lines below.
You can add further handlers (for example for sending e-mails on critical
errors) to the logging system if you want. Make sure to always log using
an appropriate level to not clutter the logs with meaningless messages.
"""
log_level = logging.DEBUG if config.DEV_MODE else logging.WARNING
logging.basicConfig(
format="[%(asctime)s] %(levelname)s in %(module)s: %(message)s",
level=log_level,
handlers=[logging.StreamHandler()],
)
logging.info("Dev mode is " + ("on" if config.DEV_MODE else "off") + ".")
# Initialize flask app
app = flask.Flask(
__name__,
template_folder=str(BASE_DIR / "tmv" / "templates"),
)
app.url_map.strict_slashes = False
app.config.from_mapping(
SECRET_KEY=config.SECRET_KEY,
SQLALCHEMY_DATABASE_URI=config.SQLALCHEMY_DATABASE_URI,
SQLALCHEMY_TRACK_MODIFICATIONS=False,
TEMP_UPLOADS_FOLDER=str(BASE_DIR / config.TEMP_UPLOADS_FOLDER),
SECURITY_PASSWORD_SALT=config.SECURITY_PASSWORD_SALT,
SECURITY_REGISTERABLE=config.SECURITY_REGISTERABLE,
SECURITY_SEND_REGISTER_EMAIL=False, # TODO: requires mail setup
SECURITY_USER_IDENTITY_ATTRIBUTES=["email"],
SECURITY_PASSWORD_HASH="pbkdf2_sha512",
SECURITY_TRACKABLE=True,
SECURITY_FORGOT_PASSWORD_TEMPLATE=
"security/custom_forgot_password.html",
SECURITY_LOGIN_USER_TEMPLATE="security/custom_login_user.html",
SECURITY_REGISTER_USER_TEMPLATE="security/custom_register_user.html",
SECURITY_RESET_PASSWORD_TEMPLATE="security/custom_reset_password.html",
SECURITY_CHANGE_PASSWORD_TEMPLATE=
"security/custom_change_password.html",
SECURITY_SEND_CONFIRMATION_TEMPLATE=
"security/custom_send_confirmation.html",
SECURITY_SEND_LOGIN_TEMPLATE="security/custom_send_login.html",
OKTA_ORG_BASEURL=config.OKTA_ORG_BASEURL,
OKTA_CLIENT_ID=config.OKTA_CLIENT_ID,
OKTA_CLIENT_SECRET=config.OKTA_CLIENT_SECRET,
AWS_REGION=config.AWS_REGION,
JIRA_OAUTH_LOC=config.JIRA_OAUTH_LOC,
JIRA_SERVER=config.JIRA_SERVER,
JIRA_CONSUMER_KEY=config.JIRA_CONSUMER_KEY,
JIRA_CONSUMER_SECRET=config.JIRA_CONSUMER_SECRET,
JIRA_ACCESS_TOKEN=config.JIRA_ACCESS_TOKEN,
JIRA_ACCESS_SEC=config.JIRA_ACCESS_SEC,
JIRA_RSA_PEM=config.JIRA_RSA_PEM,
JIRA_FIELD_SPRINT=config.JIRA_FIELD_SPRINT,
JIRA_FIELD_STORYPOINTS=config.JIRA_FIELD_STORYPOINTS,
FLASK_ADMIN_SWATCH="simplex",
CELERY_BROKER_URL=config.CELERY_BROKER_URL,
CELERY_RESULT_BACKEND=config.CELERY_RESULT_BACKEND,
)
app.config.update(config_override)
db.init_app(app)
migrate.init_app(app, db, directory=str(BASE_DIR / "./tmv/migrations/"))
app.security = Security(app,
user_datastore,
anonymous_user=CustomAnonymousUser)
app.oauth = OAuth(app)
if config.OKTA_ORG_BASEURL:
app.oauth.register(
"okta",
server_metadata_url=(
config.OKTA_ORG_BASEURL +
"/oauth2/default/.well-known/openid-configuration"),
client_kwargs={"scope": "openid profile email"},
)
# Create directories if they not already exist.
FOLDERS_TO_CREATE = {
app.config["TEMP_UPLOADS_FOLDER"],
}
for folder in FOLDERS_TO_CREATE:
os.makedirs(folder, exist_ok=True)
# Register flask pages
# Add your page here by creating a blueprint in /views, importing it and
# registering it via `app.register_blueprint`.
admin.init_app(app)
app.register_blueprint(user)
dash_app = dash.Dash(
__name__,
server=app,
# The route to put dash in:
routes_pathname_prefix=DASHBOARD_PREFIX,
external_stylesheets=[
("https://fonts.googleapis.com/css2?"
"family=Roboto:wght@300;400;500;700&display=swap"),
],
assets_folder="static/dash",
assets_url_path="/static/dash",
suppress_callback_exceptions=True,
meta_tags=[{
"name": "viewport",
"content": "width=device-width, initial-scale=1"
}],
)
dash_app.title = "Team Metrics Visualizer"
DashFlaskSecurityAuth(dash_app)
if config.DEV_MODE:
dash_app.enable_dev_tools()
# Initialize dashboards.
# Add your dashboard here by creating an instance and adding it to TABS
dashboards = [
TeamHealthCheckDashboardController(),
LongTermHealthDashboardController(),
BurnupDashboardController(),
CumulativeFlowDashboardController(),
WorktimeDashboardController(),
]
def layout_fn(*args, **kwargs):
if flask.has_app_context() and flask.has_request_context():
dash_app._cached_layout = None # pylint: disable=protected-access
return layout(dashboards, DASHBOARD_PREFIX)
dash_app.layout = layout_fn
init_tabs_for_navbar(dash_app, dashboards, DASHBOARD_PREFIX)
register_common_callbacks(dash_app)
return app
CACHE_TIMEOUT = 300 # 5 mn cache
cache = Cache(config={"CACHE_TYPE": "simple"})
app = Flask(__name__)
cache.init_app(app)
app.secret_key = os.urandom(16)
CORS(
app,
resources={r"/api/0/*": {
"origins": os.getenv("ALLOW_ORIGIN", "*")
}},
supports_credentials=True,
)
oauth = OAuth(app)
oauth.register(
name="github",
client_id=os.getenv("CLIENT_ID"),
client_secret=os.getenv("CLIENT_SECRET"),
access_token_url="https://github.com/login/oauth/access_token",
access_token_params=None,
authorize_url="https://github.com/login/oauth/authorize",
authorize_params=None,
api_base_url="https://api.github.com/",
client_kwargs={"scope": "user:email"},
)
indexes_acl: Dict[str, List[config.Username]] = {}
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
from authlib.integrations.flask_client import OAuth
import flask
app = flask.Flask(__name__)
app.config.from_object("config")
oauth = OAuth(app)
oauth.register(name="toolhub")
@app.route("/")
def index():
"""Home screen."""
ctx = {
"profile": None,
}
if "token" in flask.session:
resp = oauth.toolhub.get("user/", token=flask.session["token"])
resp.raise_for_status()
ctx["profile"] = resp.json()
return flask.render_template("home.html", **ctx)
from authlib.integrations.flask_client import OAuth\ authlib_oauth_client = OAuth()
from rest_api_demo.api.restplus import api
from rest_api_demo.database import db
# Integrate security
from authlib.integrations.flask_client import OAuth
# decorator for routes that should be accessible only by logged in users
from auth_decorator import login_required
from datetime import timedelta
app = Flask(__name__)
logging_conf_path = os.path.normpath(
os.path.join(os.path.dirname(__file__), '../logging.conf'))
logging.config.fileConfig(logging_conf_path)
log = logging.getLogger(__name__)
# set oauth to the app
oauth = OAuth(app)
# Set oAuth Register for Google
google = oauth.register(
name='google',
client_id=
'917119924009-80eq2p27e8096ne7ecccmuvh08l3hbkv.apps.googleusercontent.com',
client_secret='yaHRsURbCudieEReNCARfZSP',
access_token_url='http://accounts.google.com/o/oauth2/token',
access_token_params=None,
authorize_url='http://accounts.google.com/o/oauth2/auth',
authorize_params=None,
api_base_url='https://www.googleapis.com/oauth2/v1/',
userinfo_endpoint=
'https://openidconnect.googleapis.com/v1/userinfo', # This is only needed if using openId to fetch user info
client_kwargs={'scope': 'openid profile email'},
def create_oauth_app(service_config, name): service_oauth = OAuth(app) service_app = service_oauth.register(name, **service_config) return service_app
from functools import wraps
from flask import Blueprint, url_for, session, request, g, jsonify, current_app
from authlib.integrations.flask_client import OAuth
from werkzeug.exceptions import abort
from werkzeug.utils import redirect
from dog_api_backend.db import db
from dog_api_backend.models import User
oauth = OAuth()
github = oauth.register('github')
auth = Blueprint('auth', __name__, url_prefix='/auth')
@auth.route('/login')
def login():
redirect_uri = url_for('auth.callback', _external=True)
if current_app.config.get('CUSTOM_REDIRECT'):
redirect_uri = current_app.config.get('CUSTOM_REDIRECT')
return oauth.github.authorize_redirect(redirect_uri)
@auth.route('/logout')
def logout():
session.clear()
return jsonify({"ok": True})
@auth.route('/callback')
"""Set Flask config variables."""
FLASK_ENV = 'development'
TESTING = True
SECRET_KEY = environ.get('SECRET_KEY')
# SQLALCHEMY_DATABASE_URI = os.environ['DATABASE_URL']
# for more redding use https://hackersandslackers.com/configure-flask-applications/
GOOGLE_CLIENT_ID = environ.get("GOOGLE_CLIENT_ID", None)
GOOGLE_CLIENT_SECRET = environ.get("GOOGLE_CLIENT_SECRET", None)
GOOGLE_DISCOVERY_URL = (
"https://accounts.google.com/.well-known/openid-configuration")
oauth = OAuth(app)
google = oauth.register(
name='google',
client_id=GOOGLE_CLIENT_ID,
client_secret=GOOGLE_CLIENT_SECRET,
access_token_url='https://accounts.google.com/o/oauth2/token',
access_token_params=None,
authorize_url='https://accounts.google.com/o/oauth2/auth',
authorize_params=None,
api_base_url='https://www.googleapis.com/oauth2/v1/',
jwks_uri="https://www.googleapis.com/oauth2/v3/certs",
userinfo_endpoint=
'https://openidconnect.googleapis.com/v1/userinfo', # This is only needed if using openId to fetch user info
client_kwargs={'scope': 'openid email profile'},
)
def create_app(test_config=None):
app = Flask(__name__)
setup_db(app)
CORS(app)
oauth = OAuth(app)
secret = secrets.token_urlsafe(32)
app.secret_key = secret
auth0 = oauth.register(
'auth0',
client_id=os.environ.get('CLIENT_ID'),
client_secret=os.environ.get('CLIENT_SECRET'),
api_base_url=os.environ.get('API_BASE_URL'),
access_token_url=os.environ.get('ACCESS_TOKEN_URL'),
authorize_url=os.environ.get('AUTHORIZE_URL'),
client_kwargs={
'scope': 'openid profile email',
},
)
AUTH0_URL = os.environ.get('AUTH0_LOGIN_URL')
CORS(app, resources={r"/api/*": {"origins": "*"}})
# ROUTES
@app.after_request
def after_request(response):
response.headers.add('Access-Control-Allow-Headers',
'Content-Type,Authorization,true')
response.headers.add('Access-Control-Allow-Methods',
'GET,PUT,POST,DELETE,OPTIONS')
return response
# main page
@app.route('/')
def index():
return 'Hello, friend !'
# login page
@app.route('/login')
def login():
return render_template('login.html', AUTH0_AUTHORIZE_URL=AUTH0_URL)
# logout
@app.route('/logout')
def logout():
# Clear session stored data
session.clear()
# Redirect user to logout endpoint
params = {'returnTo': url_for(
'index', _external=True), 'client_id': '5FmE550Gvrv7iLRl1WxYleKWZx44su3a'}
return redirect(auth0.api_base_url + '/v2/logout?' + urlencode(params))
# GET endpoints
##################################################################
# retrieves all the actors
@app.route('/actors', methods=['GET'])
@requires_auth('get:actors')
def show_actors(jwt):
actors = Actor.query.all()
if actors is None:
abort(404)
actors_list = []
for actor in actors:
actors_list.append({
'actor_id': actor.id,
'actor_name': actor.name,
'actor_age': actor.age,
'actor_gender': actor.gender
})
return jsonify({
'success': True,
'actors': actors_list
})
# retrieves all the movies
@app.route('/movies', methods=['GET'])
@requires_auth('get:movies')
def show_movies(jwt):
movies = Movie.query.all()
if movies is None:
abort(404)
movies_list = []
for movie in movies:
movies_list.append({
'movie_id': movie.id,
'movie_title': movie.title,
'movie_release_date': movie.release_date
})
return jsonify({
'success': True,
'movies': movies_list
})
# retrieves a certain actor
@app.route('/actors/<int:actor_id>', methods=['GET'])
@requires_auth('get:actor')
def show_actor(jwt, actor_id):
actor = Actor.query.filter(Actor.id == actor_id).one_or_none()
if actor is None:
abort(404)
return jsonify({
'success': True,
'name': actor.name,
'age': actor.age,
'gender': actor.gender
})
# retrieves a certain movie
@app.route('/movies/<int:movie_id>', methods=['GET'])
@requires_auth('get:movie')
def show_movie(jwt, movie_id):
movie = Movie.query.filter(Movie.id == movie_id).one_or_none()
if movie is None:
abort(404)
return jsonify({
'success': True,
'title': movie.title,
'release_date': movie.release_date
})
# Delete endpoints
##################################################################
# deletes a certain actor
@app.route('/actors/<int:actor_id>', methods=['DELETE'])
@requires_auth('delete:actor')
def delete_actor(jwt, actor_id):
try:
actor = Actor.query.filter(Actor.id == actor_id).one_or_none()
if actor is None:
abort(404)
actor.delete()
return jsonify({
"success": True,
"deleted": actor_id
})
except Exception:
abort(422)
# retrieves a certain movie
@app.route('/movies/<int:movie_id>', methods=['DELETE'])
@requires_auth('delete:movie')
def delete_movie(jwt, movie_id):
try:
movie = Movie.query.filter(Movie.id == movie_id).one_or_none()
if movie is None:
abort(404)
movie.delete()
return jsonify({
"success": True,
"deleted": movie_id
})
except Exception:
abort(422)
# POST endpoints
##################################################################
# adds a new actor
@app.route('/actors', methods=['POST'])
@requires_auth('post:actor')
def add_actor(jwt):
body = request.get_json()
if body is None:
abort(400)
new_name = body.get('name', None)
new_age = body.get('age', None)
new_gender = body.get('gender', None)
try:
if new_name and new_age and new_gender:
new_actor = Actor(
name=new_name,
age=new_age,
gender=new_gender
)
new_actor.insert()
return jsonify({
'success': True,
'created_id': new_actor.id,
'actors': [actor.format() for actor in Actor.query.all()]
})
else:
abort(422)
except Exception:
abort(422)
# adds a new movie
@app.route('/movies', methods=['POST'])
@requires_auth('post:movie')
def add_movie(jwt):
body = request.get_json()
if body is None:
abort(400)
new_title = body.get('title', None)
release_date_str = body.get('release_date', None)
y, m, d = release_date_str.split('-')
new_release_date = datetime(int(y), int(m), int(d)).date()
try:
if new_title and release_date_str:
new_movie = Movie(
title=new_title, release_date=new_release_date)
new_movie.insert()
return jsonify({
'success': True,
'created_id': new_movie.id,
'movies': [movie.format() for movie in Movie.query.all()]
})
else:
abort(422)
except Exception:
abort(422)
# PATCH endpoints
##################################################################
# updates an existing actor
@app.route('/actors/<int:actor_id>', methods=['PATCH'])
@requires_auth('patch:actor')
def update_actor(jwt, actor_id):
actor = Actor.query.filter(Actor.id == actor_id).one_or_none()
if actor is None:
abort(404)
body = request.get_json()
if body is None:
abort(400)
new_name = body.get('name', None)
new_age = body.get('age', None)
new_gender = body.get('gender', None)
try:
if new_name:
actor.name = new_name
if new_age:
actor.age = new_age
if new_gender:
actor.gender = new_gender
actor.update()
return jsonify({
"success": True,
"actor": [actor.format() for actor in Actor.query.all()]
})
except Exception:
abort(422)
# updates an existing movie
@app.route('/movies/<int:movie_id>', methods=['PATCH'])
@requires_auth('patch:movie')
def update_movie(jwt, movie_id):
movie = Movie.query.filter(Movie.id == movie_id).one_or_none()
if movie is None:
abort(404)
body = request.get_json()
if body is None:
abort(400)
new_title = body.get('title', None)
new_release_date_str = body.get('release_date', None)
try:
if new_title:
movie.title = new_title
if new_release_date_str:
y, m, d = new_release_date_str.split('-')
new_release_date = datetime(int(y), int(m), int(d)).date()
movie.release_date = new_release_date
movie.update()
return jsonify({
"success": True,
"movies": [movie.format() for movie in Movie.query.all()]
})
except Exception:
abort(422)
# Error Handling
@app.errorhandler(422)
def unprocessable(error):
return jsonify({
"success": False,
"error": 422,
"message": "unprocessable"
}), 422
@app.errorhandler(404)
def not_found(error):
return jsonify({
"success": False,
"error": 404,
"message": "resource not found"
}), 404
@app.errorhandler(AuthError)
def authentication_error(error):
return jsonify({
"success": False,
"error": 401,
"message": "AuthError"
}), 401
@app.errorhandler(400)
def bad_request(error):
return jsonify({
"success": False,
"error": 400,
"message": 'bad request'
}), 400
return app
# CONFIG
load_dotenv(verbose=True)
JWT_SECRET = os.getenv("JWT_SECRET")
REQUEST_CREDENTIALS_EXPIRE = int(os.getenv("REQUEST_CREDENTIALS_EXPIRE"))
PUBLICATIONS_ACCESS = int(os.getenv("PUBLICATIONS_ACCESS"))
API_URL = os.getenv("API_URL")
CLIENT_ID = os.getenv("CLIENT_ID")
CLIENT_SECRET = os.getenv("CLIENT_SECRET")
API_BASE_URL = os.getenv("API_BASE_URL")
ACCESS_TOKEN_URL = os.getenv("ACCESS_TOKEN_URL")
AUTHORIZE_URL = os.getenv("AUTHORIZE_URL")
app.config["SECRET_KEY"] = secrets.token_urlsafe(16)
oauth = OAuth(app)
auth0 = oauth.register(
'auth0',
client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
api_base_url=API_BASE_URL,
access_token_url=ACCESS_TOKEN_URL,
authorize_url=AUTHORIZE_URL,
client_kwargs={
'scope': 'openid profile email',
},
)
#######
from flask import Flask, url_for, session
from flask import render_template, redirect
from authlib.integrations.flask_client import OAuth
import sys
app = Flask(__name__)
app.secret_key = 'a-secret-key'
app.config.from_object('config')
oauth = OAuth(app)
oauth.register(name='donelogin',
server_metadata_url=app.config['DONELOGIN_CONFIG_URL'],
client_kwargs=app.config['DONELOGIN_CLIENT_KWARGS'])
@app.route('/')
def homepage():
user = session.get('user')
return render_template('home.html', user=user)
@app.route('/login')
def login():
print(session)
redirect_uri = url_for('auth', _external=True)
return oauth.donelogin.authorize_redirect(redirect_uri)
@app.route('/auth')
def auth():
print(session)
from flask import Flask, request
from authlib.integrations.flask_client import OAuth
from splitwise import Splitwise
from splitwise.expense import Expense, ExpenseUser
import configparser
import webbrowser
import urllib
import threading
import tempfile
import os
import json
import datetime
import argparse
app = Flask(__name__)
oauth = OAuth(app)
parser = argparse.ArgumentParser(description="Add T-Mobile bill to Splitwise")
parser.add_argument("-c", "--config", required=True, help="path to .ini config file")
parser.add_argument("-e", "--expense", required=True, help="path to JSON expense file")
parser.add_argument("-d", "--dry-run", action='store_true', default=False, help="show what would happen without actually creating the expense on Splitwise")
args = parser.parse_args()
CONFIG_PATH = args.config
EXPENSE_PATH = args.expense
DRY_RUN = args.dry_run
# https://stackoverflow.com/questions/15562446/how-to-stop-flask-application-without-using-ctrl-c
def shutdown_server():
func = request.environ.get('werkzeug.server.shutdown')
if func is None:
from auth.auth import AuthError, requires_auth
from authlib.integrations.flask_client import OAuth
def create_app(test_config=None):
# create and configure the app
app = Flask(__name__)
setup_db(app)
CORS(app)
# db_drop_and_create_all()
return app
app = create_app()
app.secret_key = os.urandom(24)
oauth = OAuth(app)
auth0 = oauth.register(
'auth0',
client_id='sTJG5iVLA8tx8loet75JrKYpTBmWTetY',
client_secret=
'lsWRwh0KUhyqx06hKNf8OWPs_qXVQpz7lL7Vvou9-D5L9R1IscpvEyehq3iOce6p',
api_base_url='https://full-stack-2020.us.auth0.com',
access_token_url='https://full-stack-2020.us.auth0.com/oauth/token',
authorize_url='https://full-stack-2020.us.auth0.com/authorize',
client_kwargs={
'scope': 'openid profile email',
},
)
if __name__ == '__main__':
from authlib.integrations.flask_client import OAuth
oauth = OAuth()
client_id = '3silBpYY8BSfVWca3Q0suIwB8h24vMzz'
domain = 'issue-tracker-7.auth0.com'
def configure_oauth(client_secret):
"""Configures Authlib with auth0's application info."""
auth0 = oauth.register(
'auth0',
client_id=client_id,
client_secret=client_secret,
api_base_url=f'https://{domain}',
access_token_url=f'https://{domain}/oauth/token',
authorize_url=f'https://{domain}/authorize',
client_kwargs={'scope': 'openid profile email'},
)
return auth0
from threading import __all__
from flask import Flask, render_template, request, redirect, url_for, flash, session
from flask_sqlalchemy import SQLAlchemy
from authlib.integrations.flask_client import OAuth
from flask_login import logout_user
import datetime
import json
from flask_mail import Mail, Message
app = Flask(__name__)
app.secret_key = "Secret Key"
oauth = OAuth(app)
app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql://root:@localhost/my_data'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config[
'GOOGLE_CLIENT_ID'] = "53375158605-vbg4tdc9jpa5g34cmo0j29lqbnspnjgc.apps.googleusercontent.com"
app.config['GOOGLE_CLIENT_SECRET'] = "N7mHeR7Ksqw3g79vxRfuZfcs"
app.config['MAIL_SERVER'] = 'smtp.gmail.com'
app.config['MAIL_PORT'] = 465
app.config['MAIL_USERNAME'] = "******"
app.config['MAIL_PASSWORD'] = "******"
app.config['MAIL_USE_TLS'] = False
app.config['MAIL_USE_SSL'] = True
mail = Mail(app)
google = oauth.register(
name='google',
client_id=app.config["GOOGLE_CLIENT_ID"],
#Load this config object for development mode
app.config.from_object('configs.DevelopmentConfig')
class Cache(object):
def __init__(self):
self._data = {}
def get(self, k):
return self._data.get(k)
def set(self, k, v, timeout=None):
self._data[k] = v
def delete(self, k):
if k in self._data:
del self._data[k]
# Cache is used for OAuth 1 services. You MUST use a real
# cache service like memcache/redis on production.
# THIS IS JUST A DEMO.
oauth = OAuth(app, Cache())
def handle_authorize(remote, token, user_info):
user_info = jsonify(user_info)
return user_info
for backend in OAUTH_BACKENDS:
bp = create_flask_blueprint(backend, oauth, handle_authorize)
app.register_blueprint(bp, url_prefix='/{}'.format(backend.OAUTH_NAME))
app.run()
import braintree
from app import app
import boto3, botocore
from authlib.integrations.flask_client import OAuth
oauth = OAuth()
oauth.register('google',
client_id=app.config.get("G_CLIENT_ID"),
client_secret=app.config.get("G_CLIENT_SECRET"),
access_token_url='https://accounts.google.com/o/oauth2/token',
access_token_params=None,
refresh_token_url=None,
authorize_url='https://accounts.google.com/o/oauth2/auth',
api_base_url='https://www.googleapis.com/oauth2/v1/',
client_kwargs={
'scope': 'https://www.googleapis.com/auth/userinfo.email',
'token_endpoint_auth_method': 'client_secret_basic',
'token_placement': 'header',
'prompt': 'consent'
})
gateway = braintree.BraintreeGateway(
braintree.Configuration(braintree.Environment.Sandbox,
merchant_id=app.config.get("BT_MERCHANT_ID"),
public_key=app.config.get("BT_PUBLIC_KEY"),
private_key=app.config.get("BT_PRIVATE_KEY")))
s3 = boto3.client("s3",
aws_access_key_id=app.config.get("S3_KEY"),
aws_secret_access_key=app.config.get("S3_SECRET"))
import jwt
from flask import Blueprint, url_for, request, session, redirect
from authlib.integrations.flask_client import OAuth
from flask import Flask
APP_KEY = '...'
APP_SECRET = '...'
ALLOWED_IDS = ['*****@*****.**']
admin_auth_blueprint = Blueprint('admin_auth', __name__)
app = Flask(__name__)
oauth = OAuth(app)
azure = oauth.register(
'azure',
consumer_key=APP_KEY,
consumer_secret=APP_SECRET,
request_token_params={'scope': 'openid profile email'},
base_url='https://graph.microsoft.com/v1.0/',
request_token_url=None,
access_token_method='POST',
access_token_url=
'https://login.microsoftonline.com/common/oauth2/v2.0/token',
authorize_url=
'https://login.microsoftonline.com/common/oauth2/v2.0/authorize')
def is_authenticated():
return session.get('admin_authenticated', False)
from flask import url_for, request, g, redirect
from flask_restful import Resource, Api
from flask_restful.reqparse import RequestParser
from app.models import User, PlaylistLink
from flask_sqlalchemy import SQLAlchemy
import app.spotifyWrapper as abc
from authlib.integrations.flask_client import OAuth
# from flask_oauthlib.client import OAuth
import json
import uuid
import functools
#initialisation
# app.config.from_object(Config)
oauth = OAuth(app)
def fetch_spotify_token():
# if not 'access_token' in fk.session:
# return "no token
# authorisation = request.headers['Authorization'].split(' ')
# if authorisation[0] == 'Bearer':
# return authorisation[1]
# else:
return fk.session['access_token']
spotify = oauth.register(
'spotify',
client_id=app.config['CLIENTKEY'],
