async def test_oauth2_authorize_with_metadata():
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
with pytest.raises(RuntimeError):
await client.create_authorization_url(req)
app = AsyncPathMapDispatch({
'/.well-known/openid-configuration': {
'body': {
'authorization_endpoint': 'https://i.b/authorize'
}
}
})
client = oauth.register(
'dev2',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
server_metadata_url='https://i.b/.well-known/openid-configuration',
client_kwargs={
'app': app,
})
resp = await client.authorize_redirect(req, 'https://b.com/bar')
assert resp.status_code == 302
def test_register_remote_app():
oauth = OAuth()
with pytest.raises(AttributeError):
assert oauth.dev.name == 'dev'
oauth.register(
'dev',
client_id='dev',
client_secret='dev',
)
assert oauth.dev.name == 'dev'
assert oauth.dev.client_id == 'dev'
def init(app):
import json
from fastapi import FastAPI
from starlette.config import Config
from starlette.requests import Request
from starlette.middleware.sessions import SessionMiddleware
from starlette.responses import HTMLResponse, RedirectResponse
from authlib.integrations.starlette_client import OAuth, OAuthError
from .config import get_sso_config, GOOGLE_CONF_URL
from meerschaum import get_connector
prepend_path = get_sso_config('prepend')
google_client_id = get_sso_config('google', 'id')
google_client_secret = get_sso_config('google', 'secret')
google_callback_url = get_sso_config('google', 'callback')
oauth = OAuth()
oauth.register(
name='google',
client_id=google_client_id,
client_secret=google_client_secret,
server_metadata_url=GOOGLE_CONF_URL,
client_kwargs={
'scope': 'openid email profile',
},
)
app.add_middleware(SessionMiddleware, secret_key=google_client_secret)
sso_google_path = prepend_path + '/sso/google'
@app.get(sso_google_path)
async def login_sso(request: Request):
redirect_uri = google_callback_url
return await oauth.google.authorize_redirect(request, redirect_uri)
@app.get(sso_google_path + '/callback')
async def google_callback(request: Request):
token = await oauth.google.authorize_access_token(request)
user = await oauth.google.parse_id_token(request, token)
conn = get_connector('sql', 'wedding_s')
q = f"SELECT address FROM \"people-with-contact-info\" WHERE email = '{user.email}'"
address = conn.value(q)
response = RedirectResponse('/login_success')
response.set_cookie(key='login_name', value=user.name)
response.set_cookie(key='login_email', value=user.email)
response.set_cookie(key='login_address', value=address)
return response
async def test_with_fetch_token_in_register():
async def fetch_token(request):
return {'access_token': 'dev', 'token_type': 'bearer'}
dispatch = PathMapDispatch({
'/user': {'body': {'sub': '123'}}
})
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
fetch_token=fetch_token,
client_kwargs={
'dispatch': dispatch,
}
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.get('/user', request=req)
assert resp.json()['sub'] == '123'
async def test_oauth1_authorize():
oauth = OAuth()
app = AsyncPathMapDispatch({
'/request-token': {
'body': 'oauth_token=foo&oauth_verifier=baz'
},
'/token': {
'body': 'oauth_token=a&oauth_token_secret=b'
},
})
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/request-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'app': app,
})
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req, 'https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'oauth_token=foo' in url
req_token = req.session.get('_dev_authlib_request_token_')
assert req_token is not None
req.scope['query_string'] = 'oauth_token=foo&oauth_verifier=baz'
token = await client.authorize_access_token(req)
assert token['oauth_token'] == 'a'
async def test_oauth2_authorize():
oauth = OAuth()
app = AsyncPathMapDispatch({'/token': {'body': get_bearer_token()}})
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'app': app,
})
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req, 'https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'state=' in url
state = req.session.get('_dev_authlib_state_')
assert state is not None
req_scope.update({
'path': '/',
'query_string': f'code=a&state={state}',
'session': req.session,
})
req = Request(req_scope)
token = await client.authorize_access_token(req)
assert token['access_token'] == 'a'
async def test_force_fetch_jwks_uri():
secret_keys = read_file_path('jwks_private.json')
token = get_bearer_token()
id_token = generate_id_token(
token, {'sub': '123'}, secret_keys,
alg='RS256', iss='https://i.b',
aud='dev', exp=3600, nonce='n',
)
app = AsyncPathMapDispatch({
'/jwks': {'body': read_file_path('jwks_public.json')}
})
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
fetch_token=get_bearer_token,
jwks_uri='https://i.b/jwks',
issuer='https://i.b',
client_kwargs={
'app': app,
}
)
req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}}
req = Request(req_scope)
token['id_token'] = id_token
user = await client.parse_id_token(req, token)
assert user.sub == '123'
async def run_fetch_userinfo(payload, compliance_fix=None):
oauth = OAuth()
async def fetch_token(request):
return get_bearer_token()
app = AsyncPathMapDispatch({
'/userinfo': {'body': payload}
})
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
fetch_token=fetch_token,
userinfo_endpoint='https://i.b/userinfo',
userinfo_compliance_fix=compliance_fix,
client_kwargs={
'app': app,
}
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
user = await client.userinfo(request=req)
assert user.sub == '123'
async def test_runtime_error_fetch_jwks_uri():
key = jwk.dumps('secret', 'oct', kid='f')
token = get_bearer_token()
id_token = generate_id_token(
token,
{'sub': '123'},
key,
alg='HS256',
iss='https://i.b',
aud='dev',
exp=3600,
nonce='n',
)
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
fetch_token=get_bearer_token,
issuer='https://i.b',
id_token_signing_alg_values_supported=['HS256'],
)
req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}}
req = Request(req_scope)
token['id_token'] = id_token
with pytest.raises(RuntimeError):
await client.parse_id_token(req, token)
async def test_request_withhold_token():
oauth = OAuth()
app = AsyncPathMapDispatch({'/user': {'body': {'sub': '123'}}})
client = oauth.register("dev",
client_id="dev",
client_secret="dev",
api_base_url="https://i.b/api",
access_token_url="https://i.b/token",
authorize_url="https://i.b/authorize",
client_kwargs={
'app': app,
})
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.get('/user', request=req, withhold_token=True)
assert resp.json()['sub'] == '123'
async def test_oauth2_authorize_code_challenge():
dispatch = PathMapDispatch({
'/token': {'body': get_bearer_token()}
})
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'code_challenge_method': 'S256',
'dispatch': dispatch,
},
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req, redirect_uri='https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'code_challenge=' in url
assert 'code_challenge_method=S256' in url
state = req.session['_dev_authlib_state_']
assert state is not None
verifier = req.session['_dev_authlib_code_verifier_']
assert verifier is not None
req_scope.update(
{
'path': '/',
'query_string': 'code=a&state={}'.format(state).encode(),
'session': req.session,
}
)
req = Request(req_scope)
token = await client.authorize_access_token(req)
assert token['access_token'] == 'a'
async def test_parse_id_token():
key = jwk.dumps('secret', 'oct', kid='f')
token = get_bearer_token()
id_token = generate_id_token(
token,
{'sub': '123'},
key,
alg='HS256',
iss='https://i.b',
aud='dev',
exp=3600,
nonce='n',
)
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
fetch_token=get_bearer_token,
jwks={'keys': [key]},
issuer='https://i.b',
id_token_signing_alg_values_supported=['HS256', 'RS256'],
)
req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}}
req = Request(req_scope)
user = await client.parse_id_token(req, token)
assert user is None
token['id_token'] = id_token
user = await client.parse_id_token(req, token)
assert user.sub == '123'
claims_options = {'iss': {'value': 'https://i.b'}}
user = await client.parse_id_token(req, token, claims_options)
assert user.sub == '123'
with pytest.raises(InvalidClaimError):
claims_options = {'iss': {'value': 'https://i.c'}}
await client.parse_id_token(req, token, claims_options)
async def test_oauth2_authorize_access_denied():
oauth = OAuth()
app = AsyncPathMapDispatch({'/token': {'body': get_bearer_token()}})
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'app': app,
})
req = Request({
'type':
'http',
'session': {},
'path':
'/',
'query_string':
'error=access_denied&error_description=Not+Allowed',
})
with pytest.raises(OAuthError):
await client.authorize_access_token(req)
from app.configs import googleinfo
router = APIRouter()
#router.add_middleware(SessionMiddleware, secret_key="!secret")
def google_config():
return googleinfo.setting()
# config = Config('.env')
oauth = OAuth(google_config)
print(oauth)
CONF_URL = 'https://accounts.google.com/.well-known/openid-configuration'
oauth.register(
name='google',
server_metadata_url=CONF_URL,
client_kwargs={
'scope': 'openid email profile'
}
)
@router.get('/')
async def homepage(request: Request):
user = request.session.get('user')
if user:
data = json.dumps(user)
html = (
f'<pre>{data}</pre>'
'<a href="/logout">logout</a>'
)
return HTMLResponse(html)
class TagItem(BaseModel):
tag: str
class TagReturnItem(TagItem):
id: int
oauth = OAuth(config)
# Keycloak details
CONF_URL = 'http://login.cancerdatasci.org/auth/realms/cancerdatasci/.well-known/openid-configuration'
oauth.register(name='keycloak_client',
server_metadata_url=CONF_URL,
client_id='login',
client_kwargs={'scope': 'openid email profile'})
# CONF_URL = 'https://accounts.google.com/.well-known/openid-configuration'
# oauth.register(
# name='google',
# server_metadata_url=CONF_URL,
# client_kwargs={
# 'scope': 'openid email profile',
# 'hostedDomain': 'gmail.com'
# }
# )
@app.route('/')
async def homepage(request):
from authlib.integrations.starlette_client import OAuth
social_oauth = OAuth()
social_oauth.register(
name='github',
client_id='99118809b9098fa3fa00',
client_secret='a5899c5cb8ddc411a241880d0ebf362a3098cb8a',
access_token_url='https://github.com/login/oauth/access_token',
access_token_params=None,
authorize_url='https://github.com/login/oauth/authorize',
authorize_params=None,
api_base_url='https://api.github.com/',
client_kwargs={'scope': 'user:email'},
)
return params
# And remap the configuration to be compatible with Starlette
environ["DISCORD_CLIENT_ID"] = environ["API_DISCORD_CLIENT_ID"]
environ["DISCORD_CLIENT_SECRET"] = environ["API_DISCORD_CLIENT_SECRET"]
config = Config(".env")
# Register the discord auth provider
oauth = OAuth(config)
oauth.register(
"discord",
api_base_url="https://discord.com/api/",
access_token_url="https://discord.com/api/oauth2/token",
authorize_url="https://discord.com/api/oauth2/authorize",
userinfo_endpoint="https://discord.com/api/users/%40me",
userinfo_compliance_fix=normalize_userinfo,
client_kwargs={
"token_endpoint_auth_method": "client_secret_post",
"scope": "identify guilds",
},
)
def get_discord_client():
"""
Get a Discord OAuth2 client
"""
return oauth.create_client("discord")
def test_register_with_overwrite():
config = Config(environ={'DEV_CLIENT_ID': 'dev'})
oauth = OAuth(config)
oauth.register('dev', client_id='not-dev', overwrite=True)
assert oauth.dev.name == 'dev'
assert oauth.dev.client_id == 'dev'
from .database import SessionLocal
from .dao_github import get_user_by_github_identity
from quetz import config
import json
import uuid
router = APIRouter()
oauth = OAuth()
# Register the app here: https://github.com/settings/applications/new
oauth.register(
name='github',
client_id=config.github_client_id,
client_secret=config.github_client_secret,
access_token_url='https://github.com/login/oauth/access_token',
access_token_params=None,
authorize_url='https://github.com/login/oauth/authorize',
authorize_params=None,
api_base_url='https://api.github.com/',
client_kwargs={'scope': 'user:email'},
)
async def validate_token(token):
# identity = get_identity(db, identity_id)
resp = await oauth.github.get('user', token=json.loads(token))
if resp.status_code == 401:
return False
return True
from web.data import database, get_session_id, logger, update_web_user, verify_session
router = APIRouter(prefix="/user", tags=["user"])
oauth = OAuth()
REL_REGEX = r"/[^/](?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))*"
relative_url_regex = re.compile(REL_REGEX)
DISCORD_CLIENT_SECRET = os.getenv("DISCORD_CLIENT_SECRET")
oauth.register(
name="discord",
client_id=601917808137338900,
client_secret=DISCORD_CLIENT_SECRET,
access_token_url="https://discord.com/api/oauth2/token",
access_token_params=None,
authorize_url="https://discord.com/api/oauth2/authorize",
authorize_params=None,
api_base_url="https://discord.com/api/",
client_kwargs={
"scope": "identify",
"prompt": "consent"
},
)
@router.get("/login")
async def login(
request: Request,
redirect: str = "/",
):
logger.info("endpoint: login")
def test_register_with_config():
config = Config(environ={'DEV_CLIENT_ID': 'dev'})
oauth = OAuth(config)
oauth.register('dev')
assert oauth.dev.name == 'dev'
assert oauth.dev.client_id == 'dev'
from authlib.integrations.starlette_client import OAuth
from starlette.responses import JSONResponse
from users.domain import services
from users.domain.services.social_login import SocialAccount, SocialLoginInput
from users.settings import GOOGLE_AUTH_CLIENT_ID, GOOGLE_AUTH_CLIENT_SECRET
oauth = OAuth()
CONF_URL = "https://accounts.google.com/.well-known/openid-configuration"
oauth.register(
name="google",
server_metadata_url=CONF_URL,
client_id=str(GOOGLE_AUTH_CLIENT_ID),
client_secret=str(GOOGLE_AUTH_CLIENT_SECRET),
client_kwargs={"scope": "openid email profile"},
)
async def google_login(request):
redirect_uri = request.url_for("auth")
return await oauth.google.authorize_redirect(request, redirect_uri)
async def google_login_auth(request):
token = await oauth.google.authorize_access_token(request)
user = await oauth.google.parse_id_token(request, token)
if not user["email_verified"]:
return JSONResponse({"error": "Email not verified"}, status_code=400)
from starlette.requests import Request
from starlette.responses import RedirectResponse
from app.libs.config import Config
from app.model import User
SESSION_USER_KEY = 'user'
router = APIRouter()
config = Config()
oauth = OAuth()
oauth.register(
name='discord',
client_id=config.get_client_id(),
client_secret=config.get_client_secret(),
authorize_url='https://discordapp.com/api/oauth2/authorize',
access_token_url='https://discordapp.com/api/oauth2/token',
client_kwargs={'scope': ' '.join(['identify', 'guilds', 'email'])},
)
def get_current_user(request: Request) -> Optional[User]:
if SESSION_USER_KEY not in request.session:
return
kwargs = request.session[SESSION_USER_KEY]
if time.time() >= kwargs.get('expires_at', 0):
return
try:
return User(**kwargs)
except:
from starlette.authentication import requires, has_required_scope # NOQA
from authlib.integrations.starlette_client import OAuth
from helpdesk.config import OPENID_PRIVIDERS, oauth_username_func
from helpdesk.models.user import User
from helpdesk.libs.rest import jsonize
from . import bp
logger = logging.getLogger(__name__)
oauth_clients = {}
for provider, info in OPENID_PRIVIDERS.items():
_auth = OAuth()
_auth.register(provider, **info)
client = _auth.create_client(provider)
oauth_clients[provider] = client
@bp.route('/oauth/{provider}')
async def oauth(request):
provider = request.path_params.get('provider', '')
client = oauth_clients[provider]
# FIXME: url_for behind proxy
url_path = request['router'].url_path_for('auth:callback', provider=provider)
server = request["server"]
if server[1] in (80, 443):
base_url = f"{request['scheme']}://{server[0]}{request.get('app_root_path', '/')}"
else:
from starlette.requests import Request
import aurweb.config
import aurweb.db
from aurweb import util
from aurweb.l10n import get_translator_for_request
from aurweb.schema import Bans, Sessions, Users
router = fastapi.APIRouter()
oauth = OAuth()
oauth.register(
name="sso",
server_metadata_url=aurweb.config.get("sso", "openid_configuration"),
client_kwargs={"scope": "openid"},
client_id=aurweb.config.get("sso", "client_id"),
client_secret=aurweb.config.get("sso", "client_secret"),
)
@router.get("/sso/login")
async def login(request: Request, redirect: str = None):
"""
Redirect the user to the SSO provider’s login page.
We specify prompt=login to force the user to input their credentials even
if they’re already logged on the SSO. This is less practical, but given AUR
has the potential to impact many users, better safe than sorry.
The `redirect` argument is a query parameter specifying the post-login
templates = Jinja2Templates(directory="templates/")
log = logging.getLogger(__name__)
app = FastAPI()
config = Config(".env")
if config.get("GOOGLE_CLIENT_ID", default=None) is None \
or config.get("GOOGLE_CLIENT_SECRET", default=None) is None \
or config.get("SESSION_SECRET", default=None) is None:
raise Exception(
"Configuration error. GOOGLE_CLIENT_ID or GOOGLE_CLIENT_SECRET or SESSION_SECRET not specified."
)
oauth = OAuth(config)
oauth.register(name='google',
server_metadata_url=
'https://accounts.google.com/.well-known/openid-configuration',
client_kwargs={'scope': 'openid email profile'})
app.add_middleware(SessionMiddleware, secret_key=config.get("SESSION_SECRET"))
@app.get("/")
async def homepage(request: Request,
target_date: Optional[datetime.date] = None):
user = request.session.get('user')
if target_date is None:
target_date = datetime.date.today()
if user is None:
template_data = MainTemplateData(
target_date=target_date,
time_taps=[],
# ALT: https://docs.authlib.org/en/latest/specs/rfc7523.html#jwt-grant-type
# https://docs.authlib.org/en/latest/client/starlette.html
# Overview: auth to keycloak to interconnect microservices on backend
from authlib.oauth2.rfc6749.grants import (ClientCredentialsGrant,
RefreshTokenGrant)
from authlib.integrations.starlette_client import OAuth
oauth = OAuth()
oauth.register(
name='webapp',
client_id='{{ your-github-client-id }}',
client_secret='{{ your-github-client-secret }}',
access_token_url='https://github.com/login/oauth/access_token',
authorize_url='https://github.com/login/oauth/authorize',
api_base_url='https://api.github.com/',
client_kwargs={'scope': 'user:email'},
)
class ClientCredentials(ClientCredentialsGrant):
TOKEN_ENDPOINT_AUTH_METHODS = ['client_secret_basic', 'client_secret_post']
class RefreshToken(RefreshTokenGrant):
TOKEN_ENDPOINT_AUTH_METHODS = ['client_secret_basic', 'client_secret_post']
def authenticate_refresh_token(self, refresh_token):
item = Token.query.filter_by(refresh_token=refresh_token).first()
from starlette.config import Config
from starlette.middleware.sessions import SessionMiddleware
from authlib.integrations.starlette_client import OAuth
app = FastAPI()
app.add_middleware(SessionMiddleware, secret_key="!secret")
config = Config('.env')
oauth = OAuth(config)
redirect_uri_google = "https://b553a103b824.ngrok.io/auth-google"
redirect_uri_facebook = "https://b553a103b824.ngrok.io/auth-facebook"
oauth.register(
name='google',
server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
client_kwargs={'scope': 'openid email profile'}
)
oauth.register(
name='facebook',
api_base_url='https://graph.facebook.com/v7.0/',
access_token_url='https://graph.facebook.com/v7.0/oauth/access_token',
authorize_url='https://www.facebook.com/v7.0/dialog/oauth',
client_kwargs={'scope': 'email public_profile'},
)
@app.get('/')
async def homepage(request: Request):
return HTMLResponse('<a href="/login-google">login google</a><br><br><a href="/login-facebook">login facebook</a>')
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
from authlib.integrations.starlette_client import OAuth
from distrobuild.settings import settings
oauth = OAuth()
oauth.register(
name="oidc",
client_id=settings.oidc_client_id,
client_secret=settings.oidc_client_secret,
server_metadata_url=
f"{settings.oidc_issuer}/.well-known/openid-configuration",
client_kwargs={"scope": f"openid profile groups {settings.oidc_scopes}"})
oidc = oauth.oidc
O = 'O' # owning
auth_scheme = HTTPBearer(bearerFormat='JWT')
if configs['auth'].get('oauth_connections', None):
google_config = configs['auth']['oauth_connections']['google']
oauth = OAuth()
oauth.register(
name='google',
client_id=google_config['client_id'],
client_secret=google_config['client_secret'],
api_base_url=google_config['api_base_url'],
request_token_url=None,
request_token_params={
'scope': 'email openid profile',
'access_type': 'offline',
'prompt': 'consent',
},
access_token_url=google_config['access_token_url'],
authorize_url=google_config['authorize_url'],
client_kwargs=google_config['client_kwargs'],
jwks_uri=google_config['jwks_uri'],
access_type='offline',
prompt='consent',
)
else:
oauth = None
privkey_path = configs['auth']['jwt'].get('privkey_path',
'configs/jwtRS256.key')
pubkey_path = configs['auth']['jwt'].get('pubkey_path',
'configs/jwtRS256.key.pub')