def callback():
"""Handles the interaction with Globus Auth."""
# If we're coming back from Globus Auth in an error state, the error
# will be in the "error" query string parameter.
if 'error' in request.args:
flash("You could not be logged into the portal: " +
request.args.get('error_description', request.args['error']))
return redirect(url_for('home'))
# Set up our Globus Auth/OAuth2 state
# redirect_uri = url_for('callback', _external=True)
redirect_uri = f'https://{SERVER_DOMAIN}/callback'
client = _load_funcx_client()
client.oauth2_start_flow(redirect_uri, refresh_tokens=False)
# If there's no "code" query string parameter, we're in this route
# starting a Globus Auth login flow.
if 'code' not in request.args:
additional_authorize_params = ({
'signup': 1
} if request.args.get('signup') else {})
auth_uri = client.oauth2_get_authorize_url()
# additional_params=additional_authorize_params)
return redirect(auth_uri)
else:
# If we do have a "code" param, we're coming back from Globus Auth
# and can start the process of exchanging an auth code for a token.
code = request.args.get('code')
tokens = client.oauth2_exchange_code_for_tokens(code)
id_token = tokens.decode_id_token(client)
print(id_token)
session.update(tokens=tokens.by_resource_server, is_authenticated=True)
return redirect(f'https://{SERVER_DOMAIN}')
def logout():
"""
- Revoke the tokens with Globus Auth.
- Destroy the session state.
- Redirect the user to the Globus Auth logout page.
"""
client = _load_funcx_client()
# Revoke the tokens with Globus Auth
for token, token_type in (
(token_info[ty], ty)
# get all of the token info dicts
for token_info in session['tokens'].values()
# cross product with the set of token types
for ty in ('access_token', 'refresh_token')
# only where the relevant token is actually present
if token_info[ty] is not None):
client.oauth2_revoke_token(
token, additional_params={'token_type_hint': token_type})
# Destroy the session state
session.clear()
redirect_uri = url_for('home', _external=True)
ga_logout_url = list()
ga_logout_url.append('https://auth.globus.org/v2/web/logout')
ga_logout_url.append(f'?client={GLOBUS_CLIENT}')
ga_logout_url.append('&redirect_uri={}'.format(redirect_uri))
ga_logout_url.append(f'&redirect_name=https://{SERVER_DOMAIN}')
# Redirect the user to the Globus Auth logout page
return redirect(''.join(ga_logout_url))
def decorated_function(*args, **kwargs):
# check auth if in prod
# if not in_production:
# return f(*args, **kwargs)
# if user already has auth'd session, continue call
if not in_production or session.get('is_authenticated') == True:
return f(*args, **kwargs)
# if use set Authorization header, check if token is valid
elif 'Authorization' in request.headers:
at = request.headers.get('Authorization').replace('Bearer',
'').strip()
if at:
client = _load_funcx_client()
data = client.oauth2_token_introspect(at)
if data.get('active', False) != True:
return "Invalid token - token not active for client", 401
else: # valid token
return f(*args, **kwargs)
# no auth, redirect to login
else:
return redirect(url_for('login', next=request.url))