async def test_oauth2_authorize(): oauth = OAuth() app = AsyncPathMapDispatch({'/token': {'body': get_bearer_token()}}) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={ 'app': app, }) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.authorize_redirect(req, 'https://b.com/bar') assert resp.status_code == 302 url = resp.headers.get('Location') assert 'state=' in url state = req.session.get('_dev_authlib_state_') assert state is not None req_scope.update({ 'path': '/', 'query_string': f'code=a&state={state}', 'session': req.session, }) req = Request(req_scope) token = await client.authorize_access_token(req) assert token['access_token'] == 'a'
async def test_force_fetch_jwks_uri(): secret_keys = read_file_path('jwks_private.json') token = get_bearer_token() id_token = generate_id_token( token, {'sub': '123'}, secret_keys, alg='RS256', iss='https://i.b', aud='dev', exp=3600, nonce='n', ) app = AsyncPathMapDispatch({ '/jwks': {'body': read_file_path('jwks_public.json')} }) oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', fetch_token=get_bearer_token, jwks_uri='https://i.b/jwks', issuer='https://i.b', client_kwargs={ 'app': app, } ) req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}} req = Request(req_scope) token['id_token'] = id_token user = await client.parse_id_token(req, token) assert user.sub == '123'
async def test_with_fetch_token_in_register(): async def fetch_token(request): return {'access_token': 'dev', 'token_type': 'bearer'} dispatch = PathMapDispatch({ '/user': {'body': {'sub': '123'}} }) oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', fetch_token=fetch_token, client_kwargs={ 'dispatch': dispatch, } ) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.get('/user', request=req) assert resp.json()['sub'] == '123'
async def test_oauth2_authorize_with_metadata(): oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', ) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) with pytest.raises(RuntimeError): await client.create_authorization_url(req) app = AsyncPathMapDispatch({ '/.well-known/openid-configuration': { 'body': { 'authorization_endpoint': 'https://i.b/authorize' } } }) client = oauth.register( 'dev2', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', server_metadata_url='https://i.b/.well-known/openid-configuration', client_kwargs={ 'app': app, }) resp = await client.authorize_redirect(req, 'https://b.com/bar') assert resp.status_code == 302
async def test_runtime_error_fetch_jwks_uri(): key = jwk.dumps('secret', 'oct', kid='f') token = get_bearer_token() id_token = generate_id_token( token, {'sub': '123'}, key, alg='HS256', iss='https://i.b', aud='dev', exp=3600, nonce='n', ) oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', fetch_token=get_bearer_token, issuer='https://i.b', id_token_signing_alg_values_supported=['HS256'], ) req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}} req = Request(req_scope) token['id_token'] = id_token with pytest.raises(RuntimeError): await client.parse_id_token(req, token)
async def run_fetch_userinfo(payload, compliance_fix=None): oauth = OAuth() async def fetch_token(request): return get_bearer_token() app = AsyncPathMapDispatch({ '/userinfo': {'body': payload} }) client = oauth.register( 'dev', client_id='dev', client_secret='dev', fetch_token=fetch_token, userinfo_endpoint='https://i.b/userinfo', userinfo_compliance_fix=compliance_fix, client_kwargs={ 'app': app, } ) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) user = await client.userinfo(request=req) assert user.sub == '123'
async def test_oauth1_authorize(): oauth = OAuth() app = AsyncPathMapDispatch({ '/request-token': { 'body': 'oauth_token=foo&oauth_verifier=baz' }, '/token': { 'body': 'oauth_token=a&oauth_token_secret=b' }, }) client = oauth.register('dev', client_id='dev', client_secret='dev', request_token_url='https://i.b/request-token', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={ 'app': app, }) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.authorize_redirect(req, 'https://b.com/bar') assert resp.status_code == 302 url = resp.headers.get('Location') assert 'oauth_token=foo' in url req_token = req.session.get('_dev_authlib_request_token_') assert req_token is not None req.scope['query_string'] = 'oauth_token=foo&oauth_verifier=baz' token = await client.authorize_access_token(req) assert token['oauth_token'] == 'a'
def test_register_remote_app(): oauth = OAuth() with pytest.raises(AttributeError): assert oauth.dev.name == 'dev' oauth.register( 'dev', client_id='dev', client_secret='dev', ) assert oauth.dev.name == 'dev' assert oauth.dev.client_id == 'dev'
def init(app): import json from fastapi import FastAPI from starlette.config import Config from starlette.requests import Request from starlette.middleware.sessions import SessionMiddleware from starlette.responses import HTMLResponse, RedirectResponse from authlib.integrations.starlette_client import OAuth, OAuthError from .config import get_sso_config, GOOGLE_CONF_URL from meerschaum import get_connector prepend_path = get_sso_config('prepend') google_client_id = get_sso_config('google', 'id') google_client_secret = get_sso_config('google', 'secret') google_callback_url = get_sso_config('google', 'callback') oauth = OAuth() oauth.register( name='google', client_id=google_client_id, client_secret=google_client_secret, server_metadata_url=GOOGLE_CONF_URL, client_kwargs={ 'scope': 'openid email profile', }, ) app.add_middleware(SessionMiddleware, secret_key=google_client_secret) sso_google_path = prepend_path + '/sso/google' @app.get(sso_google_path) async def login_sso(request: Request): redirect_uri = google_callback_url return await oauth.google.authorize_redirect(request, redirect_uri) @app.get(sso_google_path + '/callback') async def google_callback(request: Request): token = await oauth.google.authorize_access_token(request) user = await oauth.google.parse_id_token(request, token) conn = get_connector('sql', 'wedding_s') q = f"SELECT address FROM \"people-with-contact-info\" WHERE email = '{user.email}'" address = conn.value(q) response = RedirectResponse('/login_success') response.set_cookie(key='login_name', value=user.name) response.set_cookie(key='login_email', value=user.email) response.set_cookie(key='login_address', value=address) return response
async def test_request_withhold_token(): oauth = OAuth() app = AsyncPathMapDispatch({'/user': {'body': {'sub': '123'}}}) client = oauth.register("dev", client_id="dev", client_secret="dev", api_base_url="https://i.b/api", access_token_url="https://i.b/token", authorize_url="https://i.b/authorize", client_kwargs={ 'app': app, }) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.get('/user', request=req, withhold_token=True) assert resp.json()['sub'] == '123'
async def test_oauth2_authorize_code_challenge(): dispatch = PathMapDispatch({ '/token': {'body': get_bearer_token()} }) oauth = OAuth() client = oauth.register( 'dev', client_id='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={ 'code_challenge_method': 'S256', 'dispatch': dispatch, }, ) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.authorize_redirect(req, redirect_uri='https://b.com/bar') assert resp.status_code == 302 url = resp.headers.get('Location') assert 'code_challenge=' in url assert 'code_challenge_method=S256' in url state = req.session['_dev_authlib_state_'] assert state is not None verifier = req.session['_dev_authlib_code_verifier_'] assert verifier is not None req_scope.update( { 'path': '/', 'query_string': 'code=a&state={}'.format(state).encode(), 'session': req.session, } ) req = Request(req_scope) token = await client.authorize_access_token(req) assert token['access_token'] == 'a'
async def test_parse_id_token(): key = jwk.dumps('secret', 'oct', kid='f') token = get_bearer_token() id_token = generate_id_token( token, {'sub': '123'}, key, alg='HS256', iss='https://i.b', aud='dev', exp=3600, nonce='n', ) oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', fetch_token=get_bearer_token, jwks={'keys': [key]}, issuer='https://i.b', id_token_signing_alg_values_supported=['HS256', 'RS256'], ) req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}} req = Request(req_scope) user = await client.parse_id_token(req, token) assert user is None token['id_token'] = id_token user = await client.parse_id_token(req, token) assert user.sub == '123' claims_options = {'iss': {'value': 'https://i.b'}} user = await client.parse_id_token(req, token, claims_options) assert user.sub == '123' with pytest.raises(InvalidClaimError): claims_options = {'iss': {'value': 'https://i.c'}} await client.parse_id_token(req, token, claims_options)
async def test_oauth2_authorize_access_denied(): oauth = OAuth() app = AsyncPathMapDispatch({'/token': {'body': get_bearer_token()}}) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={ 'app': app, }) req = Request({ 'type': 'http', 'session': {}, 'path': '/', 'query_string': 'error=access_denied&error_description=Not+Allowed', }) with pytest.raises(OAuthError): await client.authorize_access_token(req)
def test_register_with_config(): config = Config(environ={'DEV_CLIENT_ID': 'dev'}) oauth = OAuth(config) oauth.register('dev') assert oauth.dev.name == 'dev' assert oauth.dev.client_id == 'dev'
def attach_auth(app: FastAPI): """Attach authentication endpoints to an app. These endpoints allow for login, logout and session check """ app.add_middleware(SessionMiddleware, secret_key=config.secret_session_key) oauth = OAuth() oauth.register( name='google', server_metadata_url= 'https://accounts.google.com/.well-known/openid-configuration', client_kwargs={'scope': 'openid email profile'}, client_secret=config.sso_google_secret, client_id=config.sso_google_client_id, ) @app.get("/login/googlelogin") async def login(request: Request): redirect_uri = request.url_for('googleauth') if 'X-Forwarded-Proto' in request.headers: redirect_uri = redirect_uri.replace( 'http:', request.headers['X-Forwarded-Proto'] + ':') # additional security, nonce is random and validated in case the URL # is read but not the session cookie request.session['nonce'] = generate_token() return await oauth.google.authorize_redirect( request, redirect_uri, nonce=request.session['nonce']) @app.get('/login/googleauth') async def googleauth(request: Request): token = await oauth.google.authorize_access_token(request) user = await oauth.google.parse_id_token(request, token) if user['nonce'] != request.session['nonce']: raise HTTPException(status_code=401, detail="Wrong nonce value, weird...") async with get_conn() as conn: found = await conn.fetchrow( """ SELECT id, mail FROM account_google WHERE mail = $1 """, user['email']) if found is None: res = await conn.fetchrow( """ INSERT INTO account_google(mail) VALUES ($1) RETURNING id """, user['email'], ) id_ = res['id'] else: id_ = found['id'] request.session['id'] = id_ request.session['name'] = user['given_name'] del request.session['nonce'] return RedirectResponse(url='/') @app.post('/login/logout') async def logout(request: Request): if 'name' in request.session: del request.session['name'] if 'id' in request.session: del request.session['id'] return 'Logged out' @app.get('/login/whoami') async def whoami(request: Request): if 'name' not in request.session: return dict(authenticated=False) return dict( authenticated=True, name=request.session['name'], id=request.session['id'], )
from authlib.oauth2.rfc6749 import OAuth2Token from starlette.requests import Request from .vk_auth_method import client_secret_get from src.conf import settings async def fetch_token(name, request: Request): token = request.session.get('token', None) if token: token = OAuth2Token.from_dict(token) return token oauth = OAuth(fetch_token=fetch_token) oauth.register(name='vk', client_id=settings.CLIENT_ID_VK, client_secret=settings.CLIENT_SECRET_VK, authorize_url='https://oauth.vk.com/authorize', access_token_url='https://oauth.vk.com/access_token', client_kwargs={ 'scope': 'email', 'token_endpoint_auth_method': 'vk_get' }, client_auth_methods=[('vk_get', client_secret_get)]) oauth.register(name='github', client_id=settings.CLIENT_ID_GITHUB, client_secret=settings.CLIENT_SECRET_GITHUB,
async def fetch_token(name: str, request: Request) -> dict: logging.debug('fetch_token') logging.debug(name) for token in tokens: if token.name == name: return token.dict(exclude={'name'}) token = Token(name=name, token_type='Bearer', access_token='cafe', expires_at=1) return token.dict(exclude={'name'}) async def update_token( name: str, token: OAuth2Token, refresh_token: Optional[str] = None, access_token: Optional[str] = None, expires_at: Optional[int] = None, ) -> None: for i, _token in enumerate(tokens): if _token.name == name and _token.access_token == access_token: tokens[i] = Token(name=name, **token) return tokens.append(Token(name=name, **token)) oauth = OAuth(fetch_token=fetch_token, update_token=update_token)
import logging import pendulum from fastapi import APIRouter, Request from starlette.config import Config from authlib.integrations.starlette_client import OAuth from config import Settings log = logging.getLogger(__name__) router = APIRouter() settings = Settings() conf = Config(environ=settings.dict()) oauth = OAuth(conf) oauth.register(name='google', server_metadata_url=settings.GOOGLE_CONF_URL, client_kwargs={'scope': 'openid email profile'}) @router.get('/signin') async def login(request: Request): if request.session.get('user') is not None: return redirect_uri = settings.GOOGLE_REDIRECT_URL log.info('Preparing oauth with redirect_uri', redirect_uri) return await oauth.google.authorize_redirect(request, redirect_uri)
import json from fastapi import FastAPI, APIRouter from starlette.config import Config from starlette.requests import Request #from starlette.middleware.sessions import SessionMiddleware from starlette.responses import HTMLResponse, RedirectResponse from authlib.integrations.starlette_client import OAuth, OAuthError from app.configs import googleinfo router = APIRouter() #router.add_middleware(SessionMiddleware, secret_key="!secret") def google_config(): return googleinfo.setting() # config = Config('.env') oauth = OAuth(google_config) print(oauth) CONF_URL = 'https://accounts.google.com/.well-known/openid-configuration' oauth.register( name='google', server_metadata_url=CONF_URL, client_kwargs={ 'scope': 'openid email profile' } ) @router.get('/') async def homepage(request: Request): user = request.session.get('user')
from starlette.responses import ( RedirectResponse, Response, ) from starlette.schemas import ( SchemaGenerator, ) # Local libraries from four_shells import ( accounts, authz, config, ) # Constants OAUTH = OAuth() OAUTH.register( name='google', client_id=config.GOOGLE_OAUTH_CLIENT_ID_SERVER, client_secret=config.GOOGLE_OAUTH_SECRET_SERVER, server_metadata_url=( 'https://accounts.google.com/.well-known/openid-configuration'), client_kwargs={'scope': 'email'}, ) SCHEMA = SchemaGenerator({ "openapi": "3.0.0", "info": { "title": "Four Shells", }, })
# # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from authlib.integrations.starlette_client import OAuth from nwastdlib.url import URL from oauth2_lib.fastapi import OIDCUser, opa_decision from orchestrator.settings import oauth2_settings oauth_client_credentials = OAuth() well_known_endpoint = URL(oauth2_settings.OIDC_CONF_WELL_KNOWN_URL) oauth_client_credentials.register( "connext", server_metadata_url=well_known_endpoint / ".well-known" / "openid-configuration", client_id=oauth2_settings.OAUTH2_RESOURCE_SERVER_ID, client_secret=oauth2_settings.OAUTH2_RESOURCE_SERVER_SECRET, request_token_params={"grant_type": "client_credentials"}, ) oidc_user = OIDCUser( oauth2_settings.OIDC_CONF_WELL_KNOWN_URL, oauth2_settings.OAUTH2_RESOURCE_SERVER_ID,
class OAuthAuthenticator(BaseAuthenticator): """Base class for authenticators using Oauth2 protocol and its variants. The :py:meth:`authenticate` method is already implemented, but you will need to override some of the following variables in sublasses to make it work: :var str provider: name of the provider (it will be used in the url) :var handler_cls: class with handlers for all oauth2 relevant endpoints in Quetz server :type handler_cls: sublass of :py:class:`OauthHandlers` :var client_id: required, client id registered with the provider :var client_secret: required, likewise :var bool is_enabled: True if authenticator is enabled, can be configured in :py:meth:`configure` method :var access_token_url: URL of the OAuth2 endpoint ot request a token :var authorize_url: URL of the OAuth2 ``authorize`` endpoint :var api_base_url: URL of the API root of the provider server :var validate_token_url: path of endpoint to validate the token """ oauth = OAuth() provider = "oauth" handler_cls = OAuthHandlers # client credentials and state # they can be also set in configure method client_id: str = "" client_secret: str = "" is_enabled = False # oauth client params access_token_url: Optional[str] = None authorize_url: Optional[str] = None api_base_url: Optional[str] = None scope: Optional[str] = None server_metadata_url: Optional[str] = None prompt: Optional[str] = None client_kwargs: dict = {} # provider's api endpoint urls validate_token_url: Optional[str] = None revoke_url: Optional[str] = None @property def router(self): return self.handler.router def __init__(self, config: Config, client_kwargs=None, provider=None, app=None): super().__init__(config, provider, app) if self.is_enabled: self.register(client_kwargs=client_kwargs) async def userinfo(self, request, token): raise NotImplementedError("subclasses need to implement userinfo") async def authenticate(self, request, data=None, dao=None, config=None): token = await self.client.authorize_access_token(request) profile = await self.userinfo(request, token) username = profile["login"] auth_state = {"token": json.dumps(token), "provider": self.provider} return { "username": username, "profile": profile, "auth_state": auth_state } def register(self, client_kwargs=None): if client_kwargs is None: client_kwargs = {} if self.scope: client_kwargs["scope"] = self.scope client_kwargs.update(self.client_kwargs) self.client = self.oauth.register( name=self.provider, client_id=self.client_id, client_secret=self.client_secret, access_token_url=self.access_token_url, authorize_url=self.authorize_url, api_base_url=self.api_base_url, server_metadata_url=self.server_metadata_url, prompt=self.prompt, client_kwargs=client_kwargs, ) async def validate_token(self, token): try: resp = await self.client.get(self.validate_token_url, token=json.loads(token)) return resp.status_code != 401 except Exception: return False
def test_register_with_overwrite(): config = Config(environ={'DEV_CLIENT_ID': 'dev'}) oauth = OAuth(config) oauth.register('dev', client_id='not-dev', overwrite=True) assert oauth.dev.name == 'dev' assert oauth.dev.client_id == 'dev'
get_medication_views, update_medication_tap, get_unused_medication_tap_blocks_for_day, add_medication from views import MainTemplateData templates = Jinja2Templates(directory="templates/") log = logging.getLogger(__name__) app = FastAPI() config = Config(".env") if config.get("GOOGLE_CLIENT_ID", default=None) is None \ or config.get("GOOGLE_CLIENT_SECRET", default=None) is None \ or config.get("SESSION_SECRET", default=None) is None: raise Exception( "Configuration error. GOOGLE_CLIENT_ID or GOOGLE_CLIENT_SECRET or SESSION_SECRET not specified." ) oauth = OAuth(config) oauth.register(name='google', server_metadata_url= 'https://accounts.google.com/.well-known/openid-configuration', client_kwargs={'scope': 'openid email profile'}) app.add_middleware(SessionMiddleware, secret_key=config.get("SESSION_SECRET")) @app.get("/") async def homepage(request: Request, target_date: Optional[datetime.date] = None): user = request.session.get('user') if target_date is None: target_date = datetime.date.today() if user is None:
# LOL try: from httpx._config import UNSET except ImportError: UNSET = None router = Router() DISCORD_API_BASE = "https://discord.com/api" DISCORD_OAUTH_URL_BASE = DISCORD_API_BASE + "/oauth2" DISCORD_OAUTH_URL_AUTHORIZE = DISCORD_OAUTH_URL_BASE + "/authorize" DISCORD_OAUTH_URL_TOKEN = DISCORD_OAUTH_URL_BASE + "/token" DISCORD_OAUTH_URL_TOKEN_REVOKE = DISCORD_OAUTH_URL_BASE + "/token/revoke" oauth = OAuth(settings.config) oauth.register( name="discord", authorization_endpoint=DISCORD_OAUTH_URL_AUTHORIZE, token_endpoint=DISCORD_OAUTH_URL_TOKEN, revocation_endpoint=DISCORD_OAUTH_URL_TOKEN_REVOKE, client_kwargs={"scope": "identify"}, ) @router.route("/") async def sign_in(request: HTTPConnection): redirect_uri = request.url_for("auth_cb") return await oauth.discord.authorize_redirect(request, redirect_uri) @router.route("/auth")
name=name, access_token=access_token).first()) else: db.close() return # update old token item.access_token = token["access_token"] item.refresh_token = token.get("refresh_token") item.expires_at = token["expires_at"] db.add(item) db.commit() db.close() oauth = OAuth(update_token=update_token) def fetch_discord_token(current_user: Player = Depends(get_current_user), db: Session = Depends(get_db)): token = (db.query(OAuth2Token).filter_by( name="discord", player_id=current_user.id).first()) if token: return token.to_token() # OAuth with discord setup oauth.register( name="discord", client_id=settings.DISCORD_CLIENT_ID, client_secret=settings.DISCORD_CLIENT_SECRET,
from authlib.integrations.starlette_client import OAuth social_oauth = OAuth() social_oauth.register( name='github', client_id='99118809b9098fa3fa00', client_secret='a5899c5cb8ddc411a241880d0ebf362a3098cb8a', access_token_url='https://github.com/login/oauth/access_token', access_token_params=None, authorize_url='https://github.com/login/oauth/authorize', authorize_params=None, api_base_url='https://api.github.com/', client_kwargs={'scope': 'user:email'}, )
from authlib.integrations.starlette_client import OAuthError from fastapi import FastAPI from fastapi import Request from starlette.config import Config from starlette.middleware.sessions import SessionMiddleware from starlette.responses import HTMLResponse from starlette.responses import RedirectResponse logger = logging.getLogger("uvicorn") # Create the APP app = FastAPI() # Set up OAuth starlette_config = Config('.env') print(starlette_config.__dict__) oauth = OAuth(starlette_config) oauth.register( name='google', server_metadata_url= 'https://accounts.google.com/.well-known/openid-configuration', client_kwargs={'scope': 'openid email profile'}, ) # Set up the middleware to read the request session SECRET_KEY = os.environ.get( 'SECRET_KEY') or "OulLJiqkldb436-X6M11hKvr7wvLyG8TPi5PkLf4" if SECRET_KEY is None: raise 'Missing SECRET_KEY' app.add_middleware(SessionMiddleware, secret_key=SECRET_KEY)
# in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in all # copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. from authlib.integrations.starlette_client import OAuth from distrobuild.settings import settings oauth = OAuth() oauth.register( name="oidc", client_id=settings.oidc_client_id, client_secret=settings.oidc_client_secret, server_metadata_url= f"{settings.oidc_issuer}/.well-known/openid-configuration", client_kwargs={"scope": f"openid profile groups {settings.oidc_scopes}"}) oidc = oauth.oidc
from starlette.responses import HTMLResponse, RedirectResponse #from starlette.middleware.sessions import SessionMiddleware from authlib.integrations.starlette_client import OAuth from fastapi import FastAPI, APIRouter from app.configs import twitterinfo router = APIRouter #router.add_middleware(SessionMiddleware, secret_key="!secret") def twitter_config(): return twitterinfo.setting() # config = Config('.env') oauth = OAuth(twitter_config) oauth.register( name='twitter', api_base_url='https://api.twitter.com/1.1/', request_token_url='https://api.twitter.com/oauth/request_token', access_token_url='https://api.twitter.com/oauth/access_token', authorize_url='https://api.twitter.com/oauth/authenticate', ) @router.route('/') async def homepage(request: Request): user = request.session.get('user') if user: data = json.dumps(user)