-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathget_token.py
95 lines (74 loc) · 2.81 KB
/
get_token.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import json
from requests_oauthlib import OAuth2Session
from flask import Flask, request, redirect, session, url_for, render_template
import os
from dotenv import load_dotenv
load_dotenv()
app = Flask(__name__)
# These are for the app setup in AD B2C
client_id = os.getenv("client_id")
client_secret = os.getenv("client_secret")
# This is the URI for this local app.
url_redirect = os.getenv("uri_redirect")
b2c_url_base = os.getenv("b2c_url_base")
url_authorization = f'{b2c_url_base}authorize'
url_token = f'{b2c_url_base}token'
api_url_base = os.getenv("api_url_base")
@app.route("/")
def user_authorization():
"""
Step 1: User Authorization.
Redirect the user/resource owner to the OAuth provider (i.e. Github)
using an URL with a few key OAuth parameters.
"""
MoCoAPI = OAuth2Session(client_id)
MoCoAPI.scope = f"{client_id} offline_access"
MoCoAPI.redirect_uri = url_redirect
authorization_url, state = MoCoAPI.authorization_url(
url_authorization,
response_mode="query",
nonce="anyRandomValue",
)
# State is used to prevent CSRF, keep this for later.
session['oauth_state'] = state
# Thie authorization URL is the local callback path.
return redirect(authorization_url)
# Step 2: User authorization, this happens on the provider.
@app.route("/callback", methods=["GET"])
def callback():
"""
Step 3: Retrieving an access/id/refresh token.
The user has been redirected back from the provider to your registered
callback URL. With this redirection comes an authorization code included
in the redirect URL. We will use that to obtain an access token.
"""
MoCoAPI = OAuth2Session(
client_id,
state=session['oauth_state'])
token = MoCoAPI.fetch_token(
url_token,
client_secret=client_secret,
authorization_response=request.url)
# At this point you can fetch protected resources but lets save
# the token and show how this is done from a persisted token
# in /profile.
session['oauth_token'] = token
print(f"Received Access token: {token}")
# Write out the token.
with open("./access.json", "w") as f:
f.write(json.dumps(token, indent=4))
return redirect(url_for('.aknowledgement'))
@app.route("/aknowledgement", methods=["GET"])
def aknowledgement():
"""
Step 4: This simple message aknowledge the credential has been properly obtained.
Tell the user that a token has been properly obtained
:return:
"""
content="Thanks. Access token has been saved properly."
return render_template("aknowledgement.html", content=content)
if __name__ == "__main__":
# This allows us to use a plain HTTP callback
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = "1"
app.secret_key = os.urandom(24)
app.run(ssl_context='adhoc', debug=True)