def revoke_auth(): """ This API essentially unauthorize and removes the customer from the Nylas authentication, along with auth for the Calendar and email accounts. """ from cloud_sql import sql_handler uid = flask.session['uid'] access_token = sql_handler.get_nylas_access_token(uid) if not access_token: logging.info(f'The account {uid} has not authorized yet') response = flask.jsonify({'status': 'no auth'}) response.status_code = 402 return response nylas_client = APIClient( app_id=app.config["NYLAS_OAUTH_CLIENT_ID"], app_secret=app.config["NYLAS_OAUTH_CLIENT_SECRET"], access_token=access_token, ) nylas_client.revoke_all_tokens() response = flask.jsonify('OK') response.status_code = 200 return response
def authorize(): """ This API authenticate for a chosen scope, and saves the nylas access code to cloud sql. Note: this API is the single entry point for authorization flow, and it will deactivate all previous access tokens for the given Nylas id. :return: flask response, 200 if success, 400 if failed. """ from cloud_sql import sql_handler nylas_code = flask.request.args.get('code') error = flask.request.args.get('error') uid = flask.session['uid'] logging.info(f'verifying auth sync status for uid {uid}') access_token = sql_handler.get_nylas_access_token(uid) # this is to handle potential authorization errors including access denied by customers. if error: logging.error(f'Authorization failed due to error: {error}') response = flask.jsonify(error) response.status_code = 400 return response nylas_client = APIClient(app_id=app.config["NYLAS_OAUTH_CLIENT_ID"], app_secret=app.config["NYLAS_OAUTH_CLIENT_SECRET"]) if not nylas_code: scope = flask.request.args.get('scope') if not scope: logging.error('Need a valid scope string, currently supporting: calendar,email.send,email.modify') scope = 'calendar,email.send,email.modify' redirect_url = 'http://auth.lifo.ai/authorize' logging.info(f'receiving request for scope {scope}, and redirect to {redirect_url}') flask.session['scope'] = scope # Redirect your user to the auth_url auth_url = nylas_client.authentication_url( redirect_url, scopes=scope ) return flask.redirect(auth_url) else: # note, here we have not handled the declined auth case logging.info(f'authentication success with code: {nylas_code}') access_token = nylas_client.token_for_code(nylas_code) nylas_client = APIClient( app_id=app.config["NYLAS_OAUTH_CLIENT_ID"], app_secret=app.config["NYLAS_OAUTH_CLIENT_SECRET"], access_token=access_token, ) # Revoke all tokens except for the new one nylas_client.revoke_all_tokens(keep_access_token=access_token) account = nylas_client.account nylas_account_id = account.id nylas_email = account.email_address uid = flask.session['uid'] scope = flask.session['scope'] logging.info(f'handling auth for firebase uid: {uid} for scope {scope} and nylas id {nylas_account_id}') # Note: here we automatically handle the Nylas id changing case, as each user is recognized by their firebase # uid, and any new Nylas ids will be overwritten. This does bring in limitations: a user can only authorize one # Calendar account, which is not an issue for foreseeable future. sql_handler.save_nylas_token(uid, nylas_access_token=access_token, nylas_account_id=nylas_account_id, email=nylas_email) return render_template("authorize_succeed.html")