def errors():
"""Error view in case of invalid oauth requests."""
from oauthlib.oauth2.rfc6749.errors import raise_from_error
try:
raise_from_error(request.values.get('error'), params=dict())
return render_template('oauth2server/errors.html', error=None)
except OAuth2Error as e:
return render_template('oauth2server/errors.html', error=e)
def errors():
"""Error view in case of invalid oauth requests."""
from oauthlib.oauth2.rfc6749.errors import raise_from_error
try:
error = None
raise_from_error(request.values.get('error'), params=dict())
except OAuth2Error as raised:
error = raised
return jsonify({"error": error.error}), 400
def errors():
"""Error view in case of invalid oauth requests."""
from oauthlib.oauth2.rfc6749.errors import raise_from_error
try:
error = None
raise_from_error(request.values.get('error'), params=dict())
except OAuth2Error as raised:
error = raised
return jsonify({"error": error.error}), 400
def authorized():
"""
OAuth 2.0 redirection point.
"""
# Pass in our client side crypto state; requests-oauthlib will
# take care of matching it in the OAuth2 response.
authentiq = OAuth2Session(CLIENT_ID, state=session.get("state"))
try:
error = request.args["error"]
oauth2_errors.raise_from_error(error, request.args)
except KeyError:
pass
except oauth2_errors.OAuth2Error as e:
code = e.status_code or 400
description = "Provider returned: " + (e.description or e.error)
abort(code, description=description)
try:
# Use our client_secret to exchange the authorization code for a
# token. Requests-oauthlib parses the redirected URL for us.
# The token will contain the access_token, a refresh_token, and the
# scope the end-user consented to.
token = authentiq.fetch_token(TOKEN_URL,
client_secret=CLIENT_SECRET,
authorization_response=request.url)
app.logger.info("Received token: %s" % token)
# The incoming request looks flaky, let's not handle it further.
except oauth2_errors.OAuth2Error as e:
description = "Request to token endpoint failed: " + \
(e.description or e.error)
abort(code=e.status_code or 400, description=description)
# The HTTP request to the token endpoint failed.
except requests.exceptions.HTTPError as e:
code = e.response.status_code or 502
description = "Request to token endpoint failed: " + e.response.reason
abort(code, description=description)
# Now we can use the access_token to retrieve an OpenID Connect
# compatible UserInfo structure from the provider. Once again,
# requests-oauthlib adds a valid Authorization header for us.
#
# Note that this request can be optimized out if using an OIDC or
# native Authentiq Connect client.
try:
userinfo = authentiq.get(USERINFO_URL).json()
# The HTTP request to the UserInfo endpoint failed.
except requests.exceptions.HTTPError as e:
abort(code=e.response.status_code or 502,
description="Request to userinfo endpoint failed: " +
e.response.reason)
except ValueError as e:
abort(code=502,
description="Could not decode userinfo response: " + e.message)
# Here you would save the identity information in database or session
# and sign the user in. For now just display the USerInfo structure.
# Use userinfo["sub"] as the user's UUID within a single sign-on sector.
return jsonify(userinfo)
def authorized():
"""
OAuth 2.0 redirection point.
"""
# Pass in our client side crypto state; requests-oauthlib will
# take care of matching it in the OAuth2 response.
authentiq = OAuth2Session(CLIENT_ID, state=session.get("state"))
try:
error = request.args["error"]
oauth2_errors.raise_from_error(error, request.args)
except KeyError:
pass
except oauth2_errors.OAuth2Error as e:
code = e.status_code or 400
description = "Provider returned: " + (e.description or e.error)
abort(code, description=description)
try:
# Use our client_secret to exchange the authorization code for a
# token. Requests-oauthlib parses the redirected URL for us.
# The token will contain the access_token, a refresh_token, and the
# scope the end-user consented to.
token = authentiq.fetch_token(TOKEN_URL,
client_secret=CLIENT_SECRET,
authorization_response=request.url)
app.logger.info("Received token: %s" % token)
# The incoming request looks flaky, let's not handle it further.
except oauth2_errors.OAuth2Error as e:
description = "Request to token endpoint failed: " + \
(e.description or e.error)
abort(code=e.status_code or 400, description=description)
# The HTTP request to the token endpoint failed.
except requests.exceptions.HTTPError as e:
code = e.response.status_code or 502
description = "Request to token endpoint failed: " + e.response.reason
abort(code, description=description)
# Now we can use the access_token to retrieve an OpenID Connect
# compatible UserInfo structure from the provider. Once again,
# requests-oauthlib adds a valid Authorization header for us.
#
# Note that this request can be optimized out if using an OIDC or
# native Authentiq Connect client.
try:
userinfo = authentiq.get(USERINFO_URL).json()
# The HTTP request to the UserInfo endpoint failed.
except requests.exceptions.HTTPError as e:
abort(code=e.response.status_code or 502,
description="Request to userinfo endpoint failed: " +
e.response.reason)
except ValueError as e:
abort(code=502,
description="Could not decode userinfo response: " + e.message)
# Here you would save the identity information in database or session
# and sign the user in. For now just display the USerInfo structure.
# Use userinfo["sub"] as the user's UUID within a single sign-on sector.
return jsonify(userinfo)
def authorized():
"""
OAuth 2.0 redirection point.
"""
# Pass in our client side crypto state; requests-oauthlib will
# take care of matching it in the OAuth2 response.
authentiq = OAuth2Session(CLIENT_ID, state=session.get("state"))
try:
error = request.args["error"]
oauth2_errors.raise_from_error(error, request.args)
except KeyError:
pass
except oauth2_errors.OAuth2Error as e:
code = e.status_code or 400
description = "Provider returned: " + (e.description or e.error)
app.logger.error("%d: %s" % (code, description))
# Redirect to the Authentiq Connect authentication endpoint.
return render_template("authorized.html",
provider_uri=AUTHENTIQ_BASE,
client_id=CLIENT_ID,
redirect_uri=REDIRECT_URL,
state=session.get("state"),
display=DISPLAY,
redirect_to=url_for(".index"))
try:
# Use our client_secret to exchange the authorization code for a
# token. Requests-oauthlib parses the redirected URL for us.
# The token will contain the access_token, a refresh_token, and the
# scope the end-user consented to.
token = authentiq.fetch_token(TOKEN_URL,
client_secret=CLIENT_SECRET,
authorization_response=request.url)
session["token"] = token
app.logger.info("Received token: %s" % token)
# The incoming request looks flaky, let's not handle it further.
except oauth2_errors.OAuth2Error as e:
description = "Request to token endpoint failed: " + \
(e.description or e.error)
abort(e.status_code or 400, description=description)
# The HTTP request to the token endpoint failed.
except requests.exceptions.HTTPError as e:
code = e.response.status_code or 502
description = "Request to token endpoint failed: " + e.response.reason
abort(code, description=description)
# Display the structure, use userinfo["sub"] as the user's UUID.
# return jsonify(userinfo)
# Redirect to the Authentiq Connect authentication endpoint.
return render_template("authorized.html",
provider_uri=AUTHENTIQ_BASE,
client_id=CLIENT_ID,
redirect_uri=REDIRECT_URL,
state=session.get("state"),
display=DISPLAY,
redirect_to=url_for(".index"))
def authorized():
"""
OAuth 2.0 redirection point.
"""
# Pass in our client side crypto state; requests-oauthlib will
# take care of matching it in the OAuth2 response.
authentiq = OAuth2Session(CLIENT_ID, state=session.get("state"))
try:
error = request.args["error"]
oauth2_errors.raise_from_error(error, request.args)
except KeyError:
pass
except oauth2_errors.OAuth2Error as e:
code = e.status_code or 400
description = "Provider returned: " + (e.description or e.error)
app.logger.error("%d: %s" % (code, description))
# Redirect to the Authentiq Connect authentication endpoint.
return render_template("authorized.html",
provider_uri=AUTHENTIQ_BASE,
client_id=CLIENT_ID,
redirect_uri=REDIRECT_URL,
state=session.get("state"),
display=DISPLAY,
redirect_to=url_for(".index"))
try:
# Use our client_secret to exchange the authorization code for a
# token. Requests-oauthlib parses the redirected URL for us.
# The token will contain the access_token, a refresh_token, and the
# scope the end-user consented to.
token = authentiq.fetch_token(TOKEN_URL,
client_secret=CLIENT_SECRET,
authorization_response=request.url)
session["token"] = token
app.logger.info("Received token: %s" % token)
# The incoming request looks flaky, let's not handle it further.
except oauth2_errors.OAuth2Error as e:
description = "Request to token endpoint failed: " + \
(e.description or e.error)
abort(e.status_code or 400, description=description)
# The HTTP request to the token endpoint failed.
except requests.exceptions.HTTPError as e:
code = e.response.status_code or 502
description = "Request to token endpoint failed: " + e.response.reason
abort(code, description=description)
# Display the structure, use userinfo["sub"] as the user's UUID.
# return jsonify(userinfo)
# Redirect to the Authentiq Connect authentication endpoint.
return render_template("authorized.html",
provider_uri=AUTHENTIQ_BASE,
client_id=CLIENT_ID,
redirect_uri=REDIRECT_URL,
state=session.get("state"),
display=DISPLAY,
redirect_to=url_for(".index"))