async def test_oauth2_authorize():
oauth = OAuth()
app = AsyncPathMapDispatch({'/token': {'body': get_bearer_token()}})
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'app': app,
})
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req, 'https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'state=' in url
state = req.session.get('_dev_authlib_state_')
assert state is not None
req_scope.update({
'path': '/',
'query_string': f'code=a&state={state}',
'session': req.session,
})
req = Request(req_scope)
token = await client.authorize_access_token(req)
assert token['access_token'] == 'a'
async def test_force_fetch_jwks_uri():
secret_keys = read_file_path('jwks_private.json')
token = get_bearer_token()
id_token = generate_id_token(
token, {'sub': '123'}, secret_keys,
alg='RS256', iss='https://i.b',
aud='dev', exp=3600, nonce='n',
)
app = AsyncPathMapDispatch({
'/jwks': {'body': read_file_path('jwks_public.json')}
})
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
fetch_token=get_bearer_token,
jwks_uri='https://i.b/jwks',
issuer='https://i.b',
client_kwargs={
'app': app,
}
)
req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}}
req = Request(req_scope)
token['id_token'] = id_token
user = await client.parse_id_token(req, token)
assert user.sub == '123'
async def test_with_fetch_token_in_register():
async def fetch_token(request):
return {'access_token': 'dev', 'token_type': 'bearer'}
dispatch = PathMapDispatch({
'/user': {'body': {'sub': '123'}}
})
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
fetch_token=fetch_token,
client_kwargs={
'dispatch': dispatch,
}
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.get('/user', request=req)
assert resp.json()['sub'] == '123'
async def test_oauth2_authorize_with_metadata():
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
with pytest.raises(RuntimeError):
await client.create_authorization_url(req)
app = AsyncPathMapDispatch({
'/.well-known/openid-configuration': {
'body': {
'authorization_endpoint': 'https://i.b/authorize'
}
}
})
client = oauth.register(
'dev2',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
server_metadata_url='https://i.b/.well-known/openid-configuration',
client_kwargs={
'app': app,
})
resp = await client.authorize_redirect(req, 'https://b.com/bar')
assert resp.status_code == 302
async def test_runtime_error_fetch_jwks_uri():
key = jwk.dumps('secret', 'oct', kid='f')
token = get_bearer_token()
id_token = generate_id_token(
token,
{'sub': '123'},
key,
alg='HS256',
iss='https://i.b',
aud='dev',
exp=3600,
nonce='n',
)
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
fetch_token=get_bearer_token,
issuer='https://i.b',
id_token_signing_alg_values_supported=['HS256'],
)
req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}}
req = Request(req_scope)
token['id_token'] = id_token
with pytest.raises(RuntimeError):
await client.parse_id_token(req, token)
async def run_fetch_userinfo(payload, compliance_fix=None):
oauth = OAuth()
async def fetch_token(request):
return get_bearer_token()
app = AsyncPathMapDispatch({
'/userinfo': {'body': payload}
})
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
fetch_token=fetch_token,
userinfo_endpoint='https://i.b/userinfo',
userinfo_compliance_fix=compliance_fix,
client_kwargs={
'app': app,
}
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
user = await client.userinfo(request=req)
assert user.sub == '123'
async def test_oauth1_authorize():
oauth = OAuth()
app = AsyncPathMapDispatch({
'/request-token': {
'body': 'oauth_token=foo&oauth_verifier=baz'
},
'/token': {
'body': 'oauth_token=a&oauth_token_secret=b'
},
})
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/request-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'app': app,
})
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req, 'https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'oauth_token=foo' in url
req_token = req.session.get('_dev_authlib_request_token_')
assert req_token is not None
req.scope['query_string'] = 'oauth_token=foo&oauth_verifier=baz'
token = await client.authorize_access_token(req)
assert token['oauth_token'] == 'a'
def test_register_remote_app():
oauth = OAuth()
with pytest.raises(AttributeError):
assert oauth.dev.name == 'dev'
oauth.register(
'dev',
client_id='dev',
client_secret='dev',
)
assert oauth.dev.name == 'dev'
assert oauth.dev.client_id == 'dev'
def init(app):
import json
from fastapi import FastAPI
from starlette.config import Config
from starlette.requests import Request
from starlette.middleware.sessions import SessionMiddleware
from starlette.responses import HTMLResponse, RedirectResponse
from authlib.integrations.starlette_client import OAuth, OAuthError
from .config import get_sso_config, GOOGLE_CONF_URL
from meerschaum import get_connector
prepend_path = get_sso_config('prepend')
google_client_id = get_sso_config('google', 'id')
google_client_secret = get_sso_config('google', 'secret')
google_callback_url = get_sso_config('google', 'callback')
oauth = OAuth()
oauth.register(
name='google',
client_id=google_client_id,
client_secret=google_client_secret,
server_metadata_url=GOOGLE_CONF_URL,
client_kwargs={
'scope': 'openid email profile',
},
)
app.add_middleware(SessionMiddleware, secret_key=google_client_secret)
sso_google_path = prepend_path + '/sso/google'
@app.get(sso_google_path)
async def login_sso(request: Request):
redirect_uri = google_callback_url
return await oauth.google.authorize_redirect(request, redirect_uri)
@app.get(sso_google_path + '/callback')
async def google_callback(request: Request):
token = await oauth.google.authorize_access_token(request)
user = await oauth.google.parse_id_token(request, token)
conn = get_connector('sql', 'wedding_s')
q = f"SELECT address FROM \"people-with-contact-info\" WHERE email = '{user.email}'"
address = conn.value(q)
response = RedirectResponse('/login_success')
response.set_cookie(key='login_name', value=user.name)
response.set_cookie(key='login_email', value=user.email)
response.set_cookie(key='login_address', value=address)
return response
async def test_request_withhold_token():
oauth = OAuth()
app = AsyncPathMapDispatch({'/user': {'body': {'sub': '123'}}})
client = oauth.register("dev",
client_id="dev",
client_secret="dev",
api_base_url="https://i.b/api",
access_token_url="https://i.b/token",
authorize_url="https://i.b/authorize",
client_kwargs={
'app': app,
})
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.get('/user', request=req, withhold_token=True)
assert resp.json()['sub'] == '123'
async def test_oauth2_authorize_code_challenge():
dispatch = PathMapDispatch({
'/token': {'body': get_bearer_token()}
})
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'code_challenge_method': 'S256',
'dispatch': dispatch,
},
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req, redirect_uri='https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'code_challenge=' in url
assert 'code_challenge_method=S256' in url
state = req.session['_dev_authlib_state_']
assert state is not None
verifier = req.session['_dev_authlib_code_verifier_']
assert verifier is not None
req_scope.update(
{
'path': '/',
'query_string': 'code=a&state={}'.format(state).encode(),
'session': req.session,
}
)
req = Request(req_scope)
token = await client.authorize_access_token(req)
assert token['access_token'] == 'a'
async def test_parse_id_token():
key = jwk.dumps('secret', 'oct', kid='f')
token = get_bearer_token()
id_token = generate_id_token(
token,
{'sub': '123'},
key,
alg='HS256',
iss='https://i.b',
aud='dev',
exp=3600,
nonce='n',
)
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
fetch_token=get_bearer_token,
jwks={'keys': [key]},
issuer='https://i.b',
id_token_signing_alg_values_supported=['HS256', 'RS256'],
)
req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}}
req = Request(req_scope)
user = await client.parse_id_token(req, token)
assert user is None
token['id_token'] = id_token
user = await client.parse_id_token(req, token)
assert user.sub == '123'
claims_options = {'iss': {'value': 'https://i.b'}}
user = await client.parse_id_token(req, token, claims_options)
assert user.sub == '123'
with pytest.raises(InvalidClaimError):
claims_options = {'iss': {'value': 'https://i.c'}}
await client.parse_id_token(req, token, claims_options)
async def test_oauth2_authorize_access_denied():
oauth = OAuth()
app = AsyncPathMapDispatch({'/token': {'body': get_bearer_token()}})
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'app': app,
})
req = Request({
'type':
'http',
'session': {},
'path':
'/',
'query_string':
'error=access_denied&error_description=Not+Allowed',
})
with pytest.raises(OAuthError):
await client.authorize_access_token(req)
def test_register_with_config():
config = Config(environ={'DEV_CLIENT_ID': 'dev'})
oauth = OAuth(config)
oauth.register('dev')
assert oauth.dev.name == 'dev'
assert oauth.dev.client_id == 'dev'
def attach_auth(app: FastAPI):
"""Attach authentication endpoints to an app.
These endpoints allow for login, logout and session check
"""
app.add_middleware(SessionMiddleware, secret_key=config.secret_session_key)
oauth = OAuth()
oauth.register(
name='google',
server_metadata_url=
'https://accounts.google.com/.well-known/openid-configuration',
client_kwargs={'scope': 'openid email profile'},
client_secret=config.sso_google_secret,
client_id=config.sso_google_client_id,
)
@app.get("/login/googlelogin")
async def login(request: Request):
redirect_uri = request.url_for('googleauth')
if 'X-Forwarded-Proto' in request.headers:
redirect_uri = redirect_uri.replace(
'http:', request.headers['X-Forwarded-Proto'] + ':')
# additional security, nonce is random and validated in case the URL
# is read but not the session cookie
request.session['nonce'] = generate_token()
return await oauth.google.authorize_redirect(
request, redirect_uri, nonce=request.session['nonce'])
@app.get('/login/googleauth')
async def googleauth(request: Request):
token = await oauth.google.authorize_access_token(request)
user = await oauth.google.parse_id_token(request, token)
if user['nonce'] != request.session['nonce']:
raise HTTPException(status_code=401,
detail="Wrong nonce value, weird...")
async with get_conn() as conn:
found = await conn.fetchrow(
"""
SELECT id, mail FROM
account_google
WHERE mail = $1
""", user['email'])
if found is None:
res = await conn.fetchrow(
"""
INSERT INTO account_google(mail)
VALUES ($1)
RETURNING id
""",
user['email'],
)
id_ = res['id']
else:
id_ = found['id']
request.session['id'] = id_
request.session['name'] = user['given_name']
del request.session['nonce']
return RedirectResponse(url='/')
@app.post('/login/logout')
async def logout(request: Request):
if 'name' in request.session:
del request.session['name']
if 'id' in request.session:
del request.session['id']
return 'Logged out'
@app.get('/login/whoami')
async def whoami(request: Request):
if 'name' not in request.session:
return dict(authenticated=False)
return dict(
authenticated=True,
name=request.session['name'],
id=request.session['id'],
)
from authlib.oauth2.rfc6749 import OAuth2Token
from starlette.requests import Request
from .vk_auth_method import client_secret_get
from src.conf import settings
async def fetch_token(name, request: Request):
token = request.session.get('token', None)
if token:
token = OAuth2Token.from_dict(token)
return token
oauth = OAuth(fetch_token=fetch_token)
oauth.register(name='vk',
client_id=settings.CLIENT_ID_VK,
client_secret=settings.CLIENT_SECRET_VK,
authorize_url='https://oauth.vk.com/authorize',
access_token_url='https://oauth.vk.com/access_token',
client_kwargs={
'scope': 'email',
'token_endpoint_auth_method': 'vk_get'
},
client_auth_methods=[('vk_get', client_secret_get)])
oauth.register(name='github',
client_id=settings.CLIENT_ID_GITHUB,
client_secret=settings.CLIENT_SECRET_GITHUB,
async def fetch_token(name: str, request: Request) -> dict:
logging.debug('fetch_token')
logging.debug(name)
for token in tokens:
if token.name == name:
return token.dict(exclude={'name'})
token = Token(name=name,
token_type='Bearer',
access_token='cafe',
expires_at=1)
return token.dict(exclude={'name'})
async def update_token(
name: str,
token: OAuth2Token,
refresh_token: Optional[str] = None,
access_token: Optional[str] = None,
expires_at: Optional[int] = None,
) -> None:
for i, _token in enumerate(tokens):
if _token.name == name and _token.access_token == access_token:
tokens[i] = Token(name=name, **token)
return
tokens.append(Token(name=name, **token))
oauth = OAuth(fetch_token=fetch_token, update_token=update_token)
import logging
import pendulum
from fastapi import APIRouter, Request
from starlette.config import Config
from authlib.integrations.starlette_client import OAuth
from config import Settings
log = logging.getLogger(__name__)
router = APIRouter()
settings = Settings()
conf = Config(environ=settings.dict())
oauth = OAuth(conf)
oauth.register(name='google',
server_metadata_url=settings.GOOGLE_CONF_URL,
client_kwargs={'scope': 'openid email profile'})
@router.get('/signin')
async def login(request: Request):
if request.session.get('user') is not None:
return
redirect_uri = settings.GOOGLE_REDIRECT_URL
log.info('Preparing oauth with redirect_uri', redirect_uri)
return await oauth.google.authorize_redirect(request, redirect_uri)
import json
from fastapi import FastAPI, APIRouter
from starlette.config import Config
from starlette.requests import Request
#from starlette.middleware.sessions import SessionMiddleware
from starlette.responses import HTMLResponse, RedirectResponse
from authlib.integrations.starlette_client import OAuth, OAuthError
from app.configs import googleinfo
router = APIRouter()
#router.add_middleware(SessionMiddleware, secret_key="!secret")
def google_config():
return googleinfo.setting()
# config = Config('.env')
oauth = OAuth(google_config)
print(oauth)
CONF_URL = 'https://accounts.google.com/.well-known/openid-configuration'
oauth.register(
name='google',
server_metadata_url=CONF_URL,
client_kwargs={
'scope': 'openid email profile'
}
)
@router.get('/')
async def homepage(request: Request):
user = request.session.get('user')
from starlette.responses import (
RedirectResponse,
Response,
)
from starlette.schemas import (
SchemaGenerator, )
# Local libraries
from four_shells import (
accounts,
authz,
config,
)
# Constants
OAUTH = OAuth()
OAUTH.register(
name='google',
client_id=config.GOOGLE_OAUTH_CLIENT_ID_SERVER,
client_secret=config.GOOGLE_OAUTH_SECRET_SERVER,
server_metadata_url=(
'https://accounts.google.com/.well-known/openid-configuration'),
client_kwargs={'scope': 'email'},
)
SCHEMA = SchemaGenerator({
"openapi": "3.0.0",
"info": {
"title": "Four Shells",
},
})
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from authlib.integrations.starlette_client import OAuth
from nwastdlib.url import URL
from oauth2_lib.fastapi import OIDCUser, opa_decision
from orchestrator.settings import oauth2_settings
oauth_client_credentials = OAuth()
well_known_endpoint = URL(oauth2_settings.OIDC_CONF_WELL_KNOWN_URL)
oauth_client_credentials.register(
"connext",
server_metadata_url=well_known_endpoint / ".well-known" /
"openid-configuration",
client_id=oauth2_settings.OAUTH2_RESOURCE_SERVER_ID,
client_secret=oauth2_settings.OAUTH2_RESOURCE_SERVER_SECRET,
request_token_params={"grant_type": "client_credentials"},
)
oidc_user = OIDCUser(
oauth2_settings.OIDC_CONF_WELL_KNOWN_URL,
oauth2_settings.OAUTH2_RESOURCE_SERVER_ID,
class OAuthAuthenticator(BaseAuthenticator):
"""Base class for authenticators using Oauth2 protocol and its variants.
The :py:meth:`authenticate` method is already implemented, but you will need to
override some of the following variables in sublasses to make it work:
:var str provider: name of the provider (it will be used in the url)
:var handler_cls: class with handlers for all oauth2
relevant endpoints in Quetz server
:type handler_cls: sublass of :py:class:`OauthHandlers`
:var client_id: required, client id registered with the provider
:var client_secret: required, likewise
:var bool is_enabled: True if authenticator is enabled, can be configured in
:py:meth:`configure` method
:var access_token_url: URL of the OAuth2 endpoint ot request a token
:var authorize_url: URL of the OAuth2 ``authorize`` endpoint
:var api_base_url: URL of the API root of the provider server
:var validate_token_url: path of endpoint to validate the token
"""
oauth = OAuth()
provider = "oauth"
handler_cls = OAuthHandlers
# client credentials and state
# they can be also set in configure method
client_id: str = ""
client_secret: str = ""
is_enabled = False
# oauth client params
access_token_url: Optional[str] = None
authorize_url: Optional[str] = None
api_base_url: Optional[str] = None
scope: Optional[str] = None
server_metadata_url: Optional[str] = None
prompt: Optional[str] = None
client_kwargs: dict = {}
# provider's api endpoint urls
validate_token_url: Optional[str] = None
revoke_url: Optional[str] = None
@property
def router(self):
return self.handler.router
def __init__(self,
config: Config,
client_kwargs=None,
provider=None,
app=None):
super().__init__(config, provider, app)
if self.is_enabled:
self.register(client_kwargs=client_kwargs)
async def userinfo(self, request, token):
raise NotImplementedError("subclasses need to implement userinfo")
async def authenticate(self, request, data=None, dao=None, config=None):
token = await self.client.authorize_access_token(request)
profile = await self.userinfo(request, token)
username = profile["login"]
auth_state = {"token": json.dumps(token), "provider": self.provider}
return {
"username": username,
"profile": profile,
"auth_state": auth_state
}
def register(self, client_kwargs=None):
if client_kwargs is None:
client_kwargs = {}
if self.scope:
client_kwargs["scope"] = self.scope
client_kwargs.update(self.client_kwargs)
self.client = self.oauth.register(
name=self.provider,
client_id=self.client_id,
client_secret=self.client_secret,
access_token_url=self.access_token_url,
authorize_url=self.authorize_url,
api_base_url=self.api_base_url,
server_metadata_url=self.server_metadata_url,
prompt=self.prompt,
client_kwargs=client_kwargs,
)
async def validate_token(self, token):
try:
resp = await self.client.get(self.validate_token_url,
token=json.loads(token))
return resp.status_code != 401
except Exception:
return False
def test_register_with_overwrite():
config = Config(environ={'DEV_CLIENT_ID': 'dev'})
oauth = OAuth(config)
oauth.register('dev', client_id='not-dev', overwrite=True)
assert oauth.dev.name == 'dev'
assert oauth.dev.client_id == 'dev'
get_medication_views, update_medication_tap, get_unused_medication_tap_blocks_for_day, add_medication
from views import MainTemplateData
templates = Jinja2Templates(directory="templates/")
log = logging.getLogger(__name__)
app = FastAPI()
config = Config(".env")
if config.get("GOOGLE_CLIENT_ID", default=None) is None \
or config.get("GOOGLE_CLIENT_SECRET", default=None) is None \
or config.get("SESSION_SECRET", default=None) is None:
raise Exception(
"Configuration error. GOOGLE_CLIENT_ID or GOOGLE_CLIENT_SECRET or SESSION_SECRET not specified."
)
oauth = OAuth(config)
oauth.register(name='google',
server_metadata_url=
'https://accounts.google.com/.well-known/openid-configuration',
client_kwargs={'scope': 'openid email profile'})
app.add_middleware(SessionMiddleware, secret_key=config.get("SESSION_SECRET"))
@app.get("/")
async def homepage(request: Request,
target_date: Optional[datetime.date] = None):
user = request.session.get('user')
if target_date is None:
target_date = datetime.date.today()
if user is None:
# LOL
try:
from httpx._config import UNSET
except ImportError:
UNSET = None
router = Router()
DISCORD_API_BASE = "https://discord.com/api"
DISCORD_OAUTH_URL_BASE = DISCORD_API_BASE + "/oauth2"
DISCORD_OAUTH_URL_AUTHORIZE = DISCORD_OAUTH_URL_BASE + "/authorize"
DISCORD_OAUTH_URL_TOKEN = DISCORD_OAUTH_URL_BASE + "/token"
DISCORD_OAUTH_URL_TOKEN_REVOKE = DISCORD_OAUTH_URL_BASE + "/token/revoke"
oauth = OAuth(settings.config)
oauth.register(
name="discord",
authorization_endpoint=DISCORD_OAUTH_URL_AUTHORIZE,
token_endpoint=DISCORD_OAUTH_URL_TOKEN,
revocation_endpoint=DISCORD_OAUTH_URL_TOKEN_REVOKE,
client_kwargs={"scope": "identify"},
)
@router.route("/")
async def sign_in(request: HTTPConnection):
redirect_uri = request.url_for("auth_cb")
return await oauth.discord.authorize_redirect(request, redirect_uri)
@router.route("/auth")
name=name, access_token=access_token).first())
else:
db.close()
return
# update old token
item.access_token = token["access_token"]
item.refresh_token = token.get("refresh_token")
item.expires_at = token["expires_at"]
db.add(item)
db.commit()
db.close()
oauth = OAuth(update_token=update_token)
def fetch_discord_token(current_user: Player = Depends(get_current_user),
db: Session = Depends(get_db)):
token = (db.query(OAuth2Token).filter_by(
name="discord", player_id=current_user.id).first())
if token:
return token.to_token()
# OAuth with discord setup
oauth.register(
name="discord",
client_id=settings.DISCORD_CLIENT_ID,
client_secret=settings.DISCORD_CLIENT_SECRET,
from authlib.integrations.starlette_client import OAuth
social_oauth = OAuth()
social_oauth.register(
name='github',
client_id='99118809b9098fa3fa00',
client_secret='a5899c5cb8ddc411a241880d0ebf362a3098cb8a',
access_token_url='https://github.com/login/oauth/access_token',
access_token_params=None,
authorize_url='https://github.com/login/oauth/authorize',
authorize_params=None,
api_base_url='https://api.github.com/',
client_kwargs={'scope': 'user:email'},
)
from authlib.integrations.starlette_client import OAuthError
from fastapi import FastAPI
from fastapi import Request
from starlette.config import Config
from starlette.middleware.sessions import SessionMiddleware
from starlette.responses import HTMLResponse
from starlette.responses import RedirectResponse
logger = logging.getLogger("uvicorn")
# Create the APP
app = FastAPI()
# Set up OAuth
starlette_config = Config('.env')
print(starlette_config.__dict__)
oauth = OAuth(starlette_config)
oauth.register(
name='google',
server_metadata_url=
'https://accounts.google.com/.well-known/openid-configuration',
client_kwargs={'scope': 'openid email profile'},
)
# Set up the middleware to read the request session
SECRET_KEY = os.environ.get(
'SECRET_KEY') or "OulLJiqkldb436-X6M11hKvr7wvLyG8TPi5PkLf4"
if SECRET_KEY is None:
raise 'Missing SECRET_KEY'
app.add_middleware(SessionMiddleware, secret_key=SECRET_KEY)
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
from authlib.integrations.starlette_client import OAuth
from distrobuild.settings import settings
oauth = OAuth()
oauth.register(
name="oidc",
client_id=settings.oidc_client_id,
client_secret=settings.oidc_client_secret,
server_metadata_url=
f"{settings.oidc_issuer}/.well-known/openid-configuration",
client_kwargs={"scope": f"openid profile groups {settings.oidc_scopes}"})
oidc = oauth.oidc
from starlette.responses import HTMLResponse, RedirectResponse
#from starlette.middleware.sessions import SessionMiddleware
from authlib.integrations.starlette_client import OAuth
from fastapi import FastAPI, APIRouter
from app.configs import twitterinfo
router = APIRouter
#router.add_middleware(SessionMiddleware, secret_key="!secret")
def twitter_config():
return twitterinfo.setting()
# config = Config('.env')
oauth = OAuth(twitter_config)
oauth.register(
name='twitter',
api_base_url='https://api.twitter.com/1.1/',
request_token_url='https://api.twitter.com/oauth/request_token',
access_token_url='https://api.twitter.com/oauth/access_token',
authorize_url='https://api.twitter.com/oauth/authenticate',
)
@router.route('/')
async def homepage(request: Request):
user = request.session.get('user')
if user:
data = json.dumps(user)