-
Notifications
You must be signed in to change notification settings - Fork 38
/
app.py
83 lines (66 loc) · 2.76 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import datetime
import flask
import logging
from flask import Flask, jsonify
from flask_pyoidc import OIDCAuthentication
from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata
from flask_pyoidc.user_session import UserSession
app = Flask(__name__)
# See https://flask.palletsprojects.com/en/2.0.x/config/
app.config.update({'OIDC_REDIRECT_URI': 'http://localhost:5000/redirect_uri',
'SECRET_KEY': 'dev_key', # make sure to change this!!
'PERMANENT_SESSION_LIFETIME': datetime.timedelta(days=7).total_seconds(),
'DEBUG': True})
ISSUER1 = 'https://provider1.example.com'
CLIENT1 = 'client@provider1'
PROVIDER_NAME1 = 'provider1'
PROVIDER_CONFIG1 = ProviderConfiguration(issuer=ISSUER1,
client_metadata=ClientMetadata(CLIENT1, 'secret1'))
ISSUER2 = 'https://provider2.example.com'
CLIENT2 = 'client@provider2'
PROVIDER_NAME2 = 'provider2'
PROVIDER_CONFIG2 = ProviderConfiguration(issuer=ISSUER2,
client_metadata=ClientMetadata(CLIENT2, 'secret2'))
auth = OIDCAuthentication({PROVIDER_NAME1: PROVIDER_CONFIG1, PROVIDER_NAME2: PROVIDER_CONFIG2})
@app.route('/')
@auth.oidc_auth(PROVIDER_NAME1)
def login1():
user_session = UserSession(flask.session)
return jsonify(access_token=user_session.access_token,
id_token=user_session.id_token,
userinfo=user_session.userinfo)
@app.route('/login2')
@auth.oidc_auth(PROVIDER_NAME2)
def login2():
user_session = UserSession(flask.session)
return jsonify(access_token=user_session.access_token,
id_token=user_session.id_token,
userinfo=user_session.userinfo)
@app.route('/api')
@auth.token_auth(PROVIDER_NAME1,
scopes_required=['read', 'write'])
def api():
current_token_identity = auth.current_token_identity
return current_token_identity
@app.route('/profile')
@auth.access_control(PROVIDER_NAME1,
scopes_required=['read', 'write'])
def profile():
if auth.current_token_identity:
return auth.current_token_identity
else:
user_session = UserSession(flask.session)
return jsonify(access_token=user_session.access_token,
id_token=user_session.id_token,
userinfo=user_session.userinfo)
@app.route('/logout')
@auth.oidc_logout
def logout():
return "You've been successfully logged out!"
@auth.error_view
def error(error=None, error_description=None):
return jsonify({'error': error, 'message': error_description})
if __name__ == '__main__':
logging.basicConfig(level=logging.DEBUG, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
auth.init_app(app)
app.run()