-
-
Save kaanoguzhan/35a66bc968e741597c4ea157cd083639 to your computer and use it in GitHub Desktop.
Revisions
-
kaanoguzhan revised this gist
Aug 16, 2021 . 1 changed file with 9 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,10 @@ # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Forked from https://gist.github.com/thomasdarimont/145dc9aa857b831ff2eff221b79d179a # # Credits: https://gist.github.com/thomasdarimont # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Adapted the original code to Python3 import json import logging @@ -51,12 +58,12 @@ def hello_me(): try: from oauth2client.client import OAuth2Credentials access_token = OAuth2Credentials.from_json(oidc.credentials_store[user_id]).access_token print('access_token=<%s>' % access_token) headers = {'Authorization': 'Bearer %s' % (access_token)} # YOLO greeting = requests.get('http://localhost:8080/greeting', headers=headers).text except: print("Could not access greeting-service") greeting = "Hello %s" % username -
thomasdarimont revised this gist
Aug 16, 2021 . No changes.There are no files selected for viewing
-
Jul 19, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,88 @@ import json import logging from flask import Flask, g from flask_oidc import OpenIDConnect import requests logging.basicConfig(level=logging.DEBUG) app = Flask(__name__) app.config.update({ 'SECRET_KEY': 'SomethingNotEntirelySecret', 'TESTING': True, 'DEBUG': True, 'OIDC_CLIENT_SECRETS': 'client_secrets.json', 'OIDC_ID_TOKEN_COOKIE_SECURE': False, 'OIDC_REQUIRE_VERIFIED_EMAIL': False, 'OIDC_USER_INFO_ENABLED': True, 'OIDC_OPENID_REALM': 'flask-demo', 'OIDC_SCOPES': ['openid', 'email', 'profile'], 'OIDC_INTROSPECTION_AUTH_METHOD': 'client_secret_post' }) oidc = OpenIDConnect(app) @app.route('/') def hello_world(): if oidc.user_loggedin: return ('Hello, %s, <a href="/private">See private</a> ' '<a href="/logout">Log out</a>') % \ oidc.user_getfield('preferred_username') else: return 'Welcome anonymous, <a href="/private">Log in</a>' @app.route('/private') @oidc.require_login def hello_me(): """Example for protected endpoint that extracts private information from the OpenID Connect id_token. Uses the accompanied access_token to access a backend service. """ info = oidc.user_getinfo(['preferred_username', 'email', 'sub']) username = info.get('preferred_username') email = info.get('email') user_id = info.get('sub') if user_id in oidc.credentials_store: try: from oauth2client.client import OAuth2Credentials access_token = OAuth2Credentials.from_json(oidc.credentials_store[user_id]).access_token print 'access_token=<%s>' % access_token headers = {'Authorization': 'Bearer %s' % (access_token)} # YOLO greeting = requests.get('http://localhost:8080/greeting', headers=headers).text except: print "Could not access greeting-service" greeting = "Hello %s" % username return ("""%s your email is %s and your user_id is %s! <ul> <li><a href="/">Home</a></li> <li><a href="//localhost:8081/auth/realms/pysaar/account?referrer=flask-app&referrer_uri=http://localhost:5000/private&">Account</a></li> </ul>""" % (greeting, email, user_id)) @app.route('/api', methods=['POST']) @oidc.accept_token(require_token=True, scopes_required=['openid']) def hello_api(): """OAuth 2.0 protected API endpoint accessible via AccessToken""" return json.dumps({'hello': 'Welcome %s' % g.oidc_token_info['sub']}) @app.route('/logout') def logout(): """Performs local logout by removing the session cookie.""" oidc.logout() return 'Hi, you have been logged out! <a href="/">Return</a>' if __name__ == '__main__': app.run() This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,14 @@ { "web": { "issuer": "http://localhost:8081/auth/realms/pysaar", "auth_uri": "http://localhost:8081/auth/realms/pysaar/protocol/openid-connect/auth", "client_id": "flask-app", "client_secret": "a41060dd-b5a8-472e-a91f-6a3ab0e04714", "redirect_uris": [ "http://localhost:5000/*" ], "userinfo_uri": "http://localhost:8081/auth/realms/pysaar/protocol/openid-connect/userinfo", "token_uri": "http://localhost:8081/auth/realms/pysaar/protocol/openid-connect/token", "token_introspection_uri": "http://localhost:8081/auth/realms/pysaar/protocol/openid-connect/token/introspect" } }