def login(): code = request.values.get("code") if code is None: # Authorize the client from SSO, redirect as a query with "code" sl = "?".join([config.sso_params.get("cootek.authorize"), urlencode(config.authorize_params)]) return redirect(sl) else: config.token_params.update({"code": code}) ret = requests.post(config.sso_params.get("cootek.token"), data=config.token_params) token = json.loads(ret.text) if "access_token" in token and "id_token" in token: # Analyse username from id_token user_info = token['id_token'].split(".")[1] missing_padding = 4 - len(user_info) % 4 if missing_padding: user_info += '=' * missing_padding temp_user_info = base64.b64decode(user_info) user_info = json.loads(bytes.decode(temp_user_info)) username = user_info['upn'].split("@")[0] sid = user_info['sid'].split("@")[0] token = uuid.uuid4().hex user = User.query.filter_by(username=username).first() if not user: user = User() user.username = username user.access_token = token user.token_expired = time.time() + 8 * 60 * 60 user.save() login_user(user) return app.send_static_file('index.html') else: sl = "?".join([config.sso_params.get("cootek.authorize"), urlencode(config.authorize_params)]) return redirect(sl)