def revoke_auth():
"""
This API essentially unauthorize and removes the customer from the Nylas authentication, along with auth for the
Calendar and email accounts.
"""
from cloud_sql import sql_handler
uid = flask.session['uid']
access_token = sql_handler.get_nylas_access_token(uid)
if not access_token:
logging.info(f'The account {uid} has not authorized yet')
response = flask.jsonify({'status': 'no auth'})
response.status_code = 402
return response
nylas_client = APIClient(
app_id=app.config["NYLAS_OAUTH_CLIENT_ID"],
app_secret=app.config["NYLAS_OAUTH_CLIENT_SECRET"],
access_token=access_token,
)
nylas_client.revoke_all_tokens()
response = flask.jsonify('OK')
response.status_code = 200
return response
def authorize():
"""
This API authenticate for a chosen scope, and saves the nylas access code to cloud sql.
Note: this API is the single entry point for authorization flow, and it will deactivate all previous access tokens
for the given Nylas id.
:return: flask response, 200 if success, 400 if failed.
"""
from cloud_sql import sql_handler
nylas_code = flask.request.args.get('code')
error = flask.request.args.get('error')
uid = flask.session['uid']
logging.info(f'verifying auth sync status for uid {uid}')
access_token = sql_handler.get_nylas_access_token(uid)
# this is to handle potential authorization errors including access denied by customers.
if error:
logging.error(f'Authorization failed due to error: {error}')
response = flask.jsonify(error)
response.status_code = 400
return response
nylas_client = APIClient(app_id=app.config["NYLAS_OAUTH_CLIENT_ID"],
app_secret=app.config["NYLAS_OAUTH_CLIENT_SECRET"])
if not nylas_code:
scope = flask.request.args.get('scope')
if not scope:
logging.error('Need a valid scope string, currently supporting: calendar,email.send,email.modify')
scope = 'calendar,email.send,email.modify'
redirect_url = 'http://auth.lifo.ai/authorize'
logging.info(f'receiving request for scope {scope}, and redirect to {redirect_url}')
flask.session['scope'] = scope
# Redirect your user to the auth_url
auth_url = nylas_client.authentication_url(
redirect_url,
scopes=scope
)
return flask.redirect(auth_url)
else:
# note, here we have not handled the declined auth case
logging.info(f'authentication success with code: {nylas_code}')
access_token = nylas_client.token_for_code(nylas_code)
nylas_client = APIClient(
app_id=app.config["NYLAS_OAUTH_CLIENT_ID"],
app_secret=app.config["NYLAS_OAUTH_CLIENT_SECRET"],
access_token=access_token,
)
# Revoke all tokens except for the new one
nylas_client.revoke_all_tokens(keep_access_token=access_token)
account = nylas_client.account
nylas_account_id = account.id
nylas_email = account.email_address
uid = flask.session['uid']
scope = flask.session['scope']
logging.info(f'handling auth for firebase uid: {uid} for scope {scope} and nylas id {nylas_account_id}')
# Note: here we automatically handle the Nylas id changing case, as each user is recognized by their firebase
# uid, and any new Nylas ids will be overwritten. This does bring in limitations: a user can only authorize one
# Calendar account, which is not an issue for foreseeable future.
sql_handler.save_nylas_token(uid, nylas_access_token=access_token, nylas_account_id=nylas_account_id, email=nylas_email)
return render_template("authorize_succeed.html")
