def get_userinfo(cls, client_id, client_secret, code, authorization_response): client = WebApplicationClient(client_id) base_url = authorization_response.replace( '?' + urlparse(authorization_response).query, '') # get access token token_url, headers, body = client.prepare_token_request( cls.token_endpoint, authorization_response=authorization_response, redirect_url=base_url, code=code, ) token_response = requests.post( token_url, headers=headers, data=body, auth=(client_id, client_secret), ) client.parse_request_body_response(token_response.text) # get user information uri, headers, body = client.add_token(cls.userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body) data = userinfo_response.json() return data
def auth_callback(): global authorization_requests global tokens print(request.args) print(authorization_requests) state = request.args.get('state') authorization_request = authorization_requests.pop(state) oauth = WebApplicationClient(os.environ.get("AUTH0_CLIENT_ID")) url, headers, body = oauth.prepare_token_request( f'https://{os.environ.get("AUTH0_DOMAIN")}/oauth/token', authorization_response=request.url, state=authorization_request.get('state'), code_verifier=authorization_request.get('code_verifier'), redirect_url=os.environ.get("AUTH0_REDIRECT_URL")) print(url) print(headers) print(body) req = urllib.request.Request(url, body.encode(), headers=headers) with urllib.request.urlopen(req) as res: response = oauth.parse_request_body_response(res.read()) token = jwt.decode(response.get('access_token'), verify=False) tokens[token.get('sub')] = token return 'OK'
def callback(): google_provider_cfg = get_google_provider_cfg() token_endpoint = google_provider_cfg["token_endpoint"] code = request.args.get("code") client = WebApplicationClient(GOOGLE_CLIENT_ID) token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=force_https(request.url), redirect_url=force_https(request.base_url), code=code ) token_response = requests.post( force_https(token_url), headers=headers, data=body, auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET), ) client.parse_request_body_response(json.dumps(token_response.json())) userinfo_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = client.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body) logging.info('Logging user') login_user(User(userinfo_response.json()["email"])) return redirect(url_for('main'))
def callback(): logger.debug("callback()") code = request.args.get("code") client = WebApplicationClient(oauth_credential["client_id"]) token_endpoint = requests.get( GOOGLE_DISCOVERY_URL).json()["token_endpoint"] token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=request.url, redirect_url=request.base_url, code=code) token_response = requests.post( token_url, headers=headers, data=body, auth=(oauth_credential["client_id"], oauth_credential["client_secret"])) client.parse_request_body_response(json.dumps(token_response.json())) userinfo_endpoint = requests.get( GOOGLE_DISCOVERY_URL).json()["userinfo_endpoint"] uri, headers, body = client.add_token(userinfo_endpoint) uri = uri.replace("http:", "https:") userinfo_response = requests.get(uri, headers=headers, data=body).json() member = remote_db.get("member", userinfo_response["email"].split('@')[0]) login_user(member, remember=True) return redirect(url_for("index"))
def get_google_user_info(req: Request): client = WebApplicationClient(current_app.config['GOOGLE_CLIENT_ID']) code = req.args.get('code') callback_uri = current_app.config.get('GOOGLE_CLIENT_CALLBACK') # Find out what URL to hit to get tokens that allow you to ask for things on behalf of a user google_provider_cfg = get_google_provider_cfg() token_endpoint = google_provider_cfg['token_endpoint'] userinfo_endpoint = google_provider_cfg['userinfo_endpoint'] # Prepare and send a req to get tokens token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=translate_url_https(req.url), redirect_url=callback_uri, code=code ) token_response = requests.post( token_url, headers=headers, data=body, auth=(current_app.config.get('GOOGLE_CLIENT_ID'), current_app.config.get('GOOGLE_CLIENT_SECRET')), ) client.parse_request_body_response(json.dumps(token_response.json())) # let's find and hit the URL from Google that gives you the user's profile information uri, headers, body = client.add_token(userinfo_endpoint) userinfo = requests.get(uri, headers=headers, data=body).json() return userinfo
def login(): # provder (github) sends the authorization code back code = request.args.get('code') client = WebApplicationClient( client_id=os.getenv("GIT_CLIENT_ID"), client_secret=os.getenv("GIT_CLIENT_SECRET"), code=code) # client then sends he authorization code back to the providers token URL to exchange for token url, headers, body = client.prepare_token_request( 'https://github.com/login/oauth/access_token', client_secret=os.getenv("GIT_CLIENT_SECRET"), code=code) # parse the JSON response body post token validation, receives an access token or key token_response = requests.post(url, headers=headers, data=body, auth=(os.getenv("GIT_CLIENT_ID"), os.getenv("GIT_CLIENT_SECRET"))) # parse the token from the response token = client.parse_request_body_response(token_response.text) # save the token session['oauth_token'] = token # get user id details by passing above git token github = OAuth2Session(os.getenv("GIT_CLIENT_ID"), token=session['oauth_token']) # can see my details in response 200 userinfo_response = jsonify( github.get('https://api.github.com/user').json()) # prints out logged in user, TheLegendaryPan in this case! user_id = userinfo_response.json['login'] user = User(user_id) login_user(user) return redirect(url_for('getAll'))
class OAuth2: def __init__( self, *, client_id: str, client_secret: str, authorization_url: str, token_url: str, userinfo_url: str, scope: list ): self.client_id = client_id self.client_secret = client_secret self.authorization_url = authorization_url self.token_url = token_url self.userinfo_url = userinfo_url self.scope = scope # see https://oauthlib.readthedocs.io/en/latest/oauth2/clients/webapplicationclient.html # noqa self.oauth2_client = WebApplicationClient(client_id) def get_redirect_url(self, callback_url: str): # Prepare the authorization code request URI request_uri = self.oauth2_client.prepare_request_uri( self.authorization_url, redirect_uri=callback_url, scope=self.scope ) return request_uri def get_user_info(self, request_url: str, code: str) -> dict: # Get request url without query parameter base_url = urljoin(request_url, urlparse(request_url).path) # Prepare a token creation request. token_url, headers, body = self.oauth2_client.prepare_token_request( self.token_url, authorization_response=request_url, redirect_url=base_url, code=code ) token_response = requests.post( token_url, headers=headers, data=body, auth=(self.client_id, self.client_secret) ) # Parse the JSON response body. self.oauth2_client.parse_request_body_response( json.dumps(token_response.json()) ) # Add token to the request uri, body or authorization header. uri, headers, body = self.oauth2_client.add_token( self.userinfo_url ) userinfo_response = requests.get(uri, headers=headers, data=body) return userinfo_response.json()
class GoogleSignIn(OAuthSignIn): def __init__(self): super(GoogleSignIn, self).__init__('google') self.client = WebApplicationClient(self.consumer_id) @classmethod def get_google_provider_cfg(cls): return requests.get(app.config["GOOGLE_DISCOVERY_URL"]).json() def authorize(self): google_provider_cfg = self.get_google_provider_cfg() authorization_endpoint = google_provider_cfg["authorization_endpoint"] request_uri = self.client.prepare_request_uri( authorization_endpoint, redirect_uri=request.base_url + "/callback", scope=["openid", "email", "profile"], ) return jsonify({'uri': request_uri}) def callback(self): code = request.args.get("code") google_provider_cfg = self.get_google_provider_cfg() token_endpoint = google_provider_cfg["token_endpoint"] token_url, headers, body = self.client.prepare_token_request( token_endpoint, authorization_response=request.url, redirect_url=request.base_url, code=code ) token_response = requests.post( token_url, headers=headers, data=body, auth=( self.consumer_id, self.consumer_secret ), ) self.client.parse_request_body_response( json.dumps(token_response.json()) ) userinfo_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = self.client.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body) if userinfo_response.json().get("email_verified"): user_email = userinfo_response.json()["email"] else: return jsonify( "User email not available or not verified by Google."), 400 return super().check_for_user_in_database(user_email)
class Authentication: def __init__(self, req): self.authorization_endpoint = "https://accounts.google.com/o/oauth2/v2/auth" self.token_endpoint = "https://www.googleapis.com/oauth2/v4/token" self.url = req.url self.base_url = req.base_url self.full_path = req.full_path self.redirect_url = f'{req.url}/callback' self.args = req.args self.client_id = os.getenv('GOOGLE_CLIENT_ID') self.client_secret = os.getenv('GOOGLE_CLIENT_SECRET') self.client = WebApplicationClient(os.getenv('GOOGLE_CLIENT_ID')) self.scopes = [ "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/spreadsheets" ] self.tokens_json = {} def google_login(self): state = hashlib.sha256(os.urandom(1024)).hexdigest() request_uri = self.client.prepare_request_uri( self.authorization_endpoint, redirect_uri=self.redirect_url, state=state, scope=self.scopes) return {'request_uri': request_uri, 'state': state} def google_login_callback(self): code = self.args.get('code') token_url, headers, body = self.client.prepare_token_request( self.token_endpoint, code=code, authorization_response=self.url, redirect_url=self.base_url) ## TODO handle error unauthorized! token_response = requests.post(token_url, headers=headers, data=body, auth=(self.client_id, self.client_secret)) self.tokens_json = token_response.json() user_data = jwt.decode(self.tokens_json['id_token'], verify=False) return { 'user_data': user_data, 'jwt': self.tokens_json['id_token'], 'access_token': self.tokens_json['access_token'] } def get_access_token(self): return self.tokens_json
def callback(client: WebApplicationClient): # Get authorization code Google sent back to you code = request.args.get("code") # Find out what URL to hit to get tokens that allow you to ask for # things on behalf of a user google_provider_cfg = get_google_provider_cfg() token_endpoint = google_provider_cfg["token_endpoint"] # Prepare and send a request to get tokens! Yay tokens! token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=request.url, redirect_url=request.base_url, code=code) token_response = requests.post( token_url, headers=headers, data=body, auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET), ) # Parse the tokens! client.parse_request_body_response(json.dumps(token_response.json())) # Now that you have tokens (yay) let's find and hit the URL # from Google that gives you the user's profile information, # including their Google profile image and email user_info_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = client.add_token(user_info_endpoint) user_info_response = requests.get(uri, headers=headers, data=body) # You want to make sure their email is verified. # The user authenticated with Google, authorized your # app, and now you've verified their email through Google! if user_info_response.json().get("email_verified"): unique_id = user_info_response.json()["sub"] users_email = user_info_response.json()["email"] picture = user_info_response.json()["picture"] users_name = user_info_response.json()["name"] else: return "User email not available or not verified by Google.", 400 # Create a user in your db with the information provided by Google user = user_dao.get_user_by_google_id(unique_id) if user is None: user = User(unique_id, users_name, users_email, picture, "") user_dao.save_user(user) # TODO send request about birthday else: if user.profile_pic != picture: user.profile_pic = picture user_dao.update_picture(user.id, picture) # Begin user session by logging the user in login_user(user)
def callback(): """ This deals with the Google API token for user authentification. """ client = WebApplicationClient(current_app.config['GOOGLE_CLIENT_ID']) code = request.args.get("code") google_provider_cfg = get_google_provider_cfg() token_endpoint = google_provider_cfg["token_endpoint"] print(request.base_url) print(code) print(request.url) if request.url[4] == 's': url = "https" + request.url[5:] print(url) token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=url, redirect_url=request.base_url, code=code) token_response = requests.post( token_url, headers=headers, data=body, auth=(current_app.config['GOOGLE_CLIENT_ID'], current_app.config['GOOGLE_CLIENT_SECRET']), ) client.parse_request_body_response(json.dumps(token_response.json())) userinfo_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = client.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body) if userinfo_response.json().get("email_verified"): unique_id = userinfo_response.json()["sub"] users_email = userinfo_response.json()["email"] users_name = userinfo_response.json()["given_name"] if User.query.filter_by(email=users_email).first(): user = User.query.filter_by(email=users_email).first() if user is None or not user.check_password(unique_id): return redirect(url_for('shop.index')) login_user(user, remember=False) next_page = request.args.get('next') if not next_page or url_parse(next_page).netloc != '': next_page = url_for('shop.index') return redirect(next_page) else: user = User(username=users_name, email=users_email) user.set_password(unique_id) db.session.add(user) db.session.commit() else: return _("User email not available or not verified by Google."), 400 return redirect(url_for("shop.index"))
class GoogleAuth(object): AUTHORIZATION_ENDPOINT_URL = "https://accounts.google.com/o/oauth2/v2/auth" TOKEN_ENDPOINT_URL = "https://oauth2.googleapis.com/token" USERINFO_ENDPOINT_URL = "https://openidconnect.googleapis.com/v1/userinfo" def __init__(self, client_id, client_secret): self.CLIENT_ID = client_id self.CLIENT_SECRET = client_secret self.client = WebApplicationClient(self.CLIENT_ID) def get_requests_uri(self, redirect_uri, scope): request_uri = self.client.prepare_request_uri( self.AUTHORIZATION_ENDPOINT_URL, redirect_uri=redirect_uri, scope=scope, state=str(time.time())) return request_uri def get_user_info(self, code, redirect_url): token_url, headers, body = self.client.prepare_token_request( self.TOKEN_ENDPOINT_URL, client_secret=self.CLIENT_SECRET, client_id=self.CLIENT_ID, redirect_url=redirect_url, code=code) token_response = requests.post( token_url, headers=headers, data=body, auth=(self.CLIENT_ID, self.CLIENT_SECRET), ) self.client.parse_request_body_response( json.dumps(token_response.json())) uri, headers, body = self.client.add_token(self.USERINFO_ENDPOINT_URL) userinfo_response = requests.get(uri, headers=headers) if userinfo_response.json().get("email_verified"): _id = userinfo_response.json()["sub"] email = userinfo_response.json()["email"] name = userinfo_response.json()["given_name"] return {"id": _id, "email": email, "name": name} else: return {}
def google_callback(): google_provider_cfg = get_google_provider_cfg() token_endpoint = google_provider_cfg["token_endpoint"] oauth = WebApplicationClient(settings.GOOGLE_CLIENT_ID) if request.args.get("error"): flash('Error! ' + request.args.get("error"), 'alert-warning') return redirect(url_for('main')) state = request.args.get("state") if state != session.get("state"): flash('Error! state not match.', 'alert-warning') return redirect(url_for('main')) session.pop('state', None) url, headers, body = oauth.prepare_token_request( token_endpoint, authorization_response=request.url, redirect_url=request.base_url, state='', body='', client_secret=settings.GOOGLE_CLIENT_SECRET) token_response = requests.post( url, headers=headers, data=body, auth=(settings.GOOGLE_CLIENT_ID, settings.GOOGLE_CLIENT_SECRET), ) oauth.parse_request_body_response(json.dumps(token_response.json())) userinfo_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = oauth.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body) if userinfo_response.status_code != 200: flash('Error! ' + userinfo_response.json(), 'alert-warning') return redirect(url_for('main')) unique_id = userinfo_response.json()["sub"] users_name = userinfo_response.json()["name"] picture = userinfo_response.json()["picture"] user = User(id_=unique_id, name=users_name, profile_pic=picture) if not User.get(unique_id): User.create(unique_id, users_name, picture) login_user(user) session["newregister"] = 1 flash('You have been successfully created an account.', 'alert-success') return redirect(url_for('pushtime')) login_user(user) return redirect(url_for('channellist'))
def get_access_token(code, state): auth_client = WebApplicationClient(OAUTH_ID) token_request = auth_client.prepare_token_request( 'https://github.com/login/oauth/access_token', client_id=OAUTH_ID, client_secret=OAUTH_SECRET, code=code, state=state ) print(token_request) token_request[1]['Accept'] = 'application/json' access_token_response = requests.post(token_request[0], data=token_request[2], headers=token_request[1]).content token_params = auth_client.parse_request_body_response(access_token_response) return token_params['access_token']
def callback(): client = WebApplicationClient(app.config.get("CLIENT_ID")) token = client.prepare_token_request( "https://github.com/login/oauth/access_token", code=request.args.get("code")) access = requests.post(token[0], headers=token[1], data=token[2], auth=(app.config.get("CLIENT_ID"), app.config.get("CLIENT_SECRET"))) client.parse_request_body_response(access.text) params = client.add_token("https://api.github.com/user") github_user = requests.get(params[0], headers=params[1]).json() login_user(User(github_user['id'])) return index()
def login_callback(): callback_code = request.args.get("code") github_client = WebApplicationClient(os.environ.get('clientId')) github_token = github_client.prepare_token_request("https://github.com/login/oauth/access_token", code=callback_code) github_access = requests.post(github_token[0], headers=github_token[1], data=github_token[2], auth=(os.environ.get('clientId'), os.environ.get('client_secret'))) github_json = github_client.parse_request_body_response(github_access.text) github_user_request_param = github_client.add_token("https://api.github.com/user") github_user = requests.get(github_user_request_param[0], headers=github_user_request_param[1]).json() login_user(User(github_user)) mongo.add_user_mongo(current_user) app.logger.info("User '%s' logged in successfully", current_user.name) return redirect('/')
def callback(app, request): # Get authorization code Google sent back to you code = request.args.get("code") client = WebApplicationClient(app.config["GOOGLE_CLIENT_ID"]) # Find out what URL to hit to get tokens that allow you to ask for # things on behalf of a user google_provider_cfg = get_google_provider_cfg(app) token_endpoint = google_provider_cfg["token_endpoint"] # Prepare and send request to get tokens! Yay tokens! token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=request.url, redirect_url=request.base_url, code=code, ) token_response = requests.post( token_url, headers=headers, data=body, auth=(app.config["GOOGLE_CLIENT_ID"], app.config["GOOGLE_CLIENT_SECRET"]), ) # Parse the tokens! client.parse_request_body_response(json.dumps(token_response.json())) # Now that we have tokens (yay) let's find and hit URL # from Google that gives you user's profile information, # including their Google Profile Image and Email userinfo_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = client.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body) # We want to make sure their email is verified. # The user authenticated with Google, authorized our # app, and now we've verified their email through Google! if userinfo_response.json().get("email_verified"): return { "unique_id": userinfo_response.json()["sub"], "users_name": userinfo_response.json()["given_name"], "users_email": userinfo_response.json()["email"], "picture": userinfo_response.json()["picture"], } else: return None
class FacebookAuth(object): AUTHORIZATION_ENDPOINT_URL = "https://www.facebook.com/v4.0/dialog/oauth" TOKEN_ENDPOINT_URL = "https://graph.facebook.com/v4.0/oauth/access_token" USERINFO_ENDPOINT_URL = "https://graph.facebook.com/me" def __init__(self, client_id, client_secret): self.CLIENT_ID = client_id self.CLIENT_SECRET = client_secret self.client = WebApplicationClient(self.CLIENT_ID) def get_requests_uri(self, redirect_uri, scope): request_uri = self.client.prepare_request_uri( self.AUTHORIZATION_ENDPOINT_URL, redirect_uri=redirect_uri, scope=scope, state=str(time.time())) return request_uri def get_user_info(self, code, redirect_url): token_url, headers, body = self.client.prepare_token_request( self.TOKEN_ENDPOINT_URL, client_secret=self.CLIENT_SECRET, client_id=self.CLIENT_ID, redirect_url=redirect_url, code=code) token_response = requests.post( token_url, headers=headers, data=body, auth=(self.CLIENT_ID, self.CLIENT_SECRET), ) self.client.parse_request_body_response( json.dumps(token_response.json())) uri, headers, body = self.client.add_token(self.USERINFO_ENDPOINT_URL) params = {"fields": "email,name"} userinfo_response = requests.get(uri, headers=headers, params=params) return userinfo_response.json()
class FacebookSignIn(OAuthSignIn): def __init__(self): super(FacebookSignIn, self).__init__('facebook') self.client = WebApplicationClient(self.consumer_id) self.authorize_url = app.config["FACEBOOK_AUTHORIZE_URL"] self.access_token_url = app.config["FACEBOOK_ACCESS_TOKEN_URL"] self.user_info_url = app.config["FACEBOOK_USER_INFO_URL"] def authorize(self): request_uri = self.client.prepare_request_uri( self.authorize_url, redirect_uri=request.base_url + "/callback", scope=["email"], ) return jsonify({'uri': request_uri}) def callback(self): code = request.args.get("code") token_url, headers, body = self.client.prepare_token_request( self.access_token_url, authorization_response=request.url, redirect_url=request.base_url, code=code ) token_response = requests.post( token_url, headers=headers, data=body, auth=( self.consumer_id, self.consumer_secret ), ) self.client.parse_request_body_response( json.dumps(token_response.json()) ) uri, headers, body = self.client.add_token(self.user_info_url) userinfo_response = requests.get(uri, headers=headers, data=body) user_email = userinfo_response.json()["email"] return super().check_for_user_in_database(user_email)
def callback(): get_code = request.args.get('code') client = WebApplicationClient(client_id=client_id) url, headers, body = client.prepare_token_request( 'https://github.com/login/oauth/access_token', code=get_code) git_access_key = requests.post(url, headers=headers, data=body, auth=(client_id, client_secret)) git_json = client.parse_request_body_response(git_access_key.text) git_user_request = client.add_token("https://api.github.com/user") git_user = requests.get(git_user_request[0], headers=git_user_request[1]).json() git_login = User(git_user['login']) login_user(git_login) return redirect('/')
def login_with_google_callback(): if app.config.get('GOOGLE_CLIENT_ID') \ and not request.is_secure \ and request.headers.get('X-Forwarded-Proto', 'http') == 'https': os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' client = WebApplicationClient(app.config.get('GOOGLE_CLIENT_ID')) google_provider_cfg = requests.get(app.config.get('GOOGLE_DISCOVERY_URL')).json() code = request.args.get("code") token_endpoint = google_provider_cfg["token_endpoint"] token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=request.url, redirect_url=url_for('login_with_google_callback', _external=True), code=code, ) token_response = requests.post( token_url, headers=headers, data=body, auth=( app.config.get('GOOGLE_CLIENT_ID'), app.config.get('GOOGLE_CLIENT_SECRET'), ), ).json() client.parse_request_body_response(json.dumps(token_response)) userinfo_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = client.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body).json() user = app.datamapper.user.getByGoogleId(userinfo_response["sub"]) if user is None: response = redirect(url_for('login')) flash("Login failed", 'error') return response else: session['user_id'] = user.id flash("Welcome %s" % userinfo_response.get('name', user.name), 'success') return redirect(url_for('home'))
def link_google_callback(self): if self.config.get('GOOGLE_CLIENT_ID') \ and not request.is_secure \ and request.headers.get('X-Forwarded-Proto', 'http') == 'https': os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' client = WebApplicationClient(self.config.get('GOOGLE_CLIENT_ID')) google_provider_cfg = requests.get( self.config.get('GOOGLE_DISCOVERY_URL')).json() code = request.args.get("code") token_endpoint = google_provider_cfg["token_endpoint"] token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=request.url, redirect_url=url_for('user.link_google_callback', _external=True), code=code, ) token_response = requests.post( token_url, headers=headers, data=body, auth=( self.config.get('GOOGLE_CLIENT_ID'), self.config.get('GOOGLE_CLIENT_SECRET'), ), ).json() client.parse_request_body_response(json.dumps(token_response)) userinfo_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = client.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body).json() user = self.datamapper.getById(request.user.id) user.google_id = userinfo_response["sub"] self.datamapper.update(user) return redirect(url_for('user.edit', obj_id=user.id))
def login(): request_code = request.args.get('code') client = WebApplicationClient(github_oauth_client_id) token_url, headers, body = client.prepare_token_request( github_oauth_token_url, authorization_response=request.url, code=request_code, client_secret=github_oauth_client_secret) token_resp = requests.post(token_url, headers=headers, data=body) client.parse_request_body_response(token_resp.text) get_user_uri, headers, body = client.add_token( 'https://api.github.com/user') user_profile = requests.get(get_user_uri, headers=headers, data=body) user_profile_id = user_profile.json()["id"] user = User(user_profile_id) login_user(user) return redirect('/')
def login(): github_code = request.args.get('code') client = WebApplicationClient(os.environ.get('AUTH_CLIENTID')) token = client.prepare_token_request(os.environ.get('AUTH_TOKEN_URL'), code=github_code) access = requests.post(token[0], headers=token[1], data=token[2], auth=(os.environ.get('AUTH_CLIENTID'), os.environ.get('AUTH_SECRET'))) client.parse_request_body_response(access.text) github_user_request_param = client.add_token( os.environ.get('AUTH_API_URL')) user_id = requests.get( github_user_request_param[0], headers=github_user_request_param[1]).json()['login'] print(user_id) login_user(User(user_id)) app.logger.info(f"User {current_user.id} logged in") return redirect('/')
def notifycallback(): oauth = WebApplicationClient(settings.LINE_NOTIFY_ID) if request.args.get("error"): flash('Error! ' + request.args.get("error_description"), 'alert-warning') return redirect(url_for('main')) state = request.args.get("state") if state != session.get("state"): flash('Error! state not match.', 'alert-warning') return redirect(url_for('main')) session.pop('state', None) url, headers, body = oauth.prepare_token_request( 'https://notify-bot.line.me/oauth/token', authorization_response=request.url, redirect_url=request.base_url, client_secret=settings.LINE_NOTIFY_SECRET) req = urllib.request.Request(url, body.encode(), headers=headers) try: with urllib.request.urlopen(req) as res: response_body = res.read() except urllib.error.HTTPError as err: return err.read() oauth_res = json.loads(response_body) if oauth_res.get('access_token'): db = get_db() db.execute( "UPDATE user set notify_token = ? WHERE id = ?", (oauth_res.get('access_token'), current_user.id), ) db.commit() flash('Line notify has been successfully linked!', 'alert-success') if session.get("newregister") == 1: return redirect(url_for("channellist")) else: return redirect(url_for("account")) else: return 'err: access_token not found'
def login_callback(): callback_code = request.args.get("code") github_client = WebApplicationClient(os.environ.get('GHOAUTHCLIENTID')) github_token = github_client.prepare_token_request( "https://github.com/login/oauth/access_token", code=callback_code) github_access = requests.post( github_token[0], headers=github_token[1], data=github_token[2], auth=(os.environ.get('GHOAUTHCLIENTID'), os.environ.get('GHOAUTHCLIENTSECRET'))) github_json = github_client.parse_request_body_response( github_access.text) github_user_request_param = github_client.add_token( "https://api.github.com/user") github_user = requests.get( github_user_request_param[0], headers=github_user_request_param[1]).json() login_user(User(github_user['login'])) app.logger.info("Github User %s successfully logged in", github_user['login']) return redirect('/')
def callback(): client = WebApplicationClient(os.getenv("CLIENT_ID")) client.state = request.args.get('state') code = request.args.get('code') tokenurl, headers, body = client.prepare_token_request( 'https://github.com/login/oauth/access_token', state=client.state, code=code) secret = os.getenv('OAUTH_SECRET') clientid = os.getenv("CLIENT_ID") tokenresponse = requests.post(tokenurl, data=body, auth=(clientid, secret)) client.parse_request_body_response(tokenresponse.text) userinfo_endpoint = "https://api.github.com/user" uri, headers, body = client.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body) userinfo_json = userinfo_response.json() id = userinfo_json['id'] flask_login.login_user(load_user(id)) app.logger.info("user logged in Succesfully", extra={"user_id": flask_login.current_user.get_id()}) return redirect("/")
def callback(): # Get authorization code Google sent back to you code = request.args.get("code") google_provider_cfg = get_google_provider_cfg() token_endpoint = google_provider_cfg["token_endpoint"] token_url = "https://accounts.google.com/o/oauth2/token" refresh_url = token_url client = WebApplicationClient(GOOGLE_CLIENT_ID) token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=request.url, redirect_url=request.base_url, code=code) token_response = requests.post( token_url, headers=headers, data=body, auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET), ) client.parse_request_body_response(json.dumps(token_response.json())) userinfo_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = client.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body) if userinfo_response.json().get("email_verified"): unique_id = userinfo_response.json()["sub"] users_email = userinfo_response.json()["email"] users_name = userinfo_response.json()["given_name"] else: return "User email not available or not verified by Google.", 400 employee = Employee.query.filter_by(email=users_email).first() login_user(employee) if employee.email == '*****@*****.**': employee.is_admin = 1 return redirect(url_for("home.admin_dashboard")) else: return redirect(url_for("home.dashboard"))
def callback(): ''' Exchange authorization code for access token Send: client_id, client_secret, redirect_uricode, grant_type Receive: access_token, token_type, expire_in, refresh_token, xoauth_yahoo_guid ''' client = WebApplicationClient(app.config['CLIENT_ID']) req = client.prepare_token_request( yahoo_oauth2.request_token_url, authorization_response=request.url, ##what is this? redirect_url=yahoo_oauth2.redirect_url, client_secret=app.config['CLIENT_SECRET']) token_url, headers, body = req resp = requests.post(token_url, headers=headers, data=body) #update the user object with the (response) token data current_user.set_oauth_tokens(resp.json()) #permanently store user's oauth credentials db.session.add(current_user) db.session.commit() return redirect(url_for('teams'))
def api_auth_callback(self): s = self._settings d = settings_defaults() code = flask.request.args.get("code") token_endpoint = s.get(['token_endpoint']) client_id = s.get(['client_id']) client_secret = s.get(['client_secret']) userinfo_endpoint = s.get(['userinfo_endpoint']) orguser_endpoint = s.get(['orguser_endpoint']) organization = s.get(['organization']) username_key = s.get(['username_key']) self._logger.info('token_endpoint: ' + str(token_endpoint)) client = WebApplicationClient(client_id) token_url, headers, body = client.prepare_token_request( token_endpoint, # authorization_response=flask.request.url, # redirect_url=flask.request.base_url, code=code ) headers['Accept'] = 'application/json' token_response = requests.post( token_url, headers=headers, data=body, auth=(client_id, client_secret), ) client.parse_request_body_response(json.dumps(token_response.json())) uri, headers, body = client.add_token(userinfo_endpoint) headers['Accept'] = 'application/json' userinfo_response = requests.get(uri, headers=headers, data=body) userinfo = userinfo_response.json() username = userinfo[username_key] uri, headers, body = client.add_token(orguser_endpoint.format(organization, username)) headers['Accept'] = 'application/json' orguser_response = requests.get(uri, headers=headers, data=body) if orguser_response.status_code == 204: # User is part of the specified organization, find user or create it if it doesn't exist user = self._user_manager.login_user(OAuth2PGCUser(username)) flask.session["usersession.id"] = user.session flask.g.user = user self._logger.info("authenticated: " + str(user.is_authenticated)) self._logger.info("user: "******"Actively logging in user {} from {}".format(user.get_id(), remote_addr)) r = flask.redirect('/') r.delete_cookie("active_logout") eventManager().fire(Events.USER_LOGGED_IN, payload=dict(username=user.get_id())) return r return flask.redirect('/?error=unauthorized')