def authorized(provider): provider_instance = get_provider(provider) if not provider_instance: abort(404) resp = provider_instance.authorized_response() next = _get_next(request.args.get("state")) _validate_next(next) user = models.User.login(provider, resp) session.create_session_token(user) if user.is_new: return redirect(url_for("auth.signup", next=next)) return redirect(next)
def provider_login(provider): """Log in with the given provider.""" # The next_token doesn't only store the 'next' value, but it also acts as a CSRF token. next = request.args.get("next") or "/" next_token = _save_next(next) provider_instance = get_provider(provider) if not provider_instance: abort(404) # Twitter uses OAuth 1.0a, which doesn't support the 'state' parameter, so we include it in the callback url. callback_state = None if provider == "twitter": callback_state = next_token return provider_instance.authorize(callback=url_for("auth.authorized", _external=True, provider=provider, state=callback_state), state=next_token)