facebook.py

facebook = oauth.remote_app(
    'facebook',
    base_url='https://graph.facebook.com/v2.5',
    request_token_url=None,
    access_token_url='/oauth/access_token',
    authorize_url='https://www.facebook.com/dialog/oauth',
    consumer_key=config.FACEBOOK_APP_ID,
    consumer_secret=config.FACEBOOK_APP_SECRET,
    request_token_params={'scope': 'email'},
)

@fb.route('/login', methods=['GET'])
def facebook_login():
    next_url = get_next(request.referrer)
    redirect_uri = url_for(
        'fb.facebook_authorized', next=next_url, _external=True)
    return facebook.authorize(callback=redirect_uri)

@fb.route('/authorized', methods=['GET'])
def facebook_authorized():
    resp = facebook.authorized_response()

    next_url = get_next()
    if resp is None:
        flash(u'You denied the request to sign in.')
        return redirect(next_url)

    if isinstance(resp, OAuthException):
        current_app.logger.error("%s: %s", resp.message, resp.data, exc_info=True)
        return redirect(next_url)
    elif isinstance(resp, Exception):
        current_app.logger.error(resp, exc_info=True)
        return redirect(next_url)

    result = handle_facebook_request(resp.get('access_token'))
    if result['status'] == AUTH_NO_USER:
        next_url = result.get('next', next_url)

    return redirect(next_url)