charlesreid1/simple-flask-auth.py

## simple-flask-auth.py
from requests_oauthlib import OAuth2Session
from flask import Flask, request, redirect, session, url_for
from flask.json import jsonify
import os

app = Flask(__name__)

# This information is obtained upon registration of a new GitHub OAuth
# application here: https://github.com/settings/applications/new
client_id = "XXX"
client_secret = "XXX"
authorization_base_url = 'https://github.com/login/oauth/authorize'
token_url = 'https://github.com/login/oauth/access_token'

contents403 = "<html><body><h1>Status: Error 403 Access Denied</h1></body></html>"

@app.route("/")
def demo():
    """Step 1: User Authorization.

    Redirect the user/resource owner to the OAuth provider (i.e. Github)
    using an URL with a few key OAuth parameters.
    """
    github = OAuth2Session(client_id)
    authorization_url, state = github.authorization_url(authorization_base_url)

    # State is used to prevent CSRF, keep this for later.
    session['oauth_state'] = state
    return redirect(authorization_url)

# Step 2: User authorization, this happens on the provider.

@app.route("/callback", methods=["GET"])
def callback():
    """ Step 3: Retrieving an access token.

    The user has been redirected back from the provider to your registered
    callback URL. With this redirection comes an authorization code included
    in the redirect URL. We will use that to obtain an access token.
    """

    github = OAuth2Session(client_id, state=session['oauth_state'])
    token = github.fetch_token(token_url, client_secret=client_secret,
                               authorization_response=request.url)

    # save the token to make it persistent
    # (usable in other routes)
    session['oauth_token'] = token

    # check if user is member of dcppc org
    user_info = jsonify(github.get('https://api.github.com/user').json()).get_json()
    user_orgs = jsonify(github.get(user_info['organizations_url']).json()).get_json()
    for user_org in user_orgs:
        if user_org['login']=='dcppc':
            # yes, redirect to /profile
            session['in_dcppc'] = True
            return redirect(url_for('.profile'))

    # nope
    return contents403


@app.route("/profile", methods=["GET"])
def profile():
    """Fetching a protected resource using an OAuth 2 token.
    """
    github = OAuth2Session(client_id, token=session['oauth_token'])

    if 'in_dcppc' in session.keys():
        if session['in_dcppc']:
            return jsonify(github.get('https://api.github.com/user').json())

    # nope
    return contents403

if __name__ == "__main__":
    # This allows us to use a plain HTTP callback
    os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = "1"

    app.secret_key = os.urandom(24)
    app.run(debug=True)
	from requests_oauthlib import OAuth2Session
	from flask import Flask, request, redirect, session, url_for
	from flask.json import jsonify
	import os

	app = Flask(__name__)

	# This information is obtained upon registration of a new GitHub OAuth
	# application here: https://github.com/settings/applications/new
	client_id = "XXX"
	client_secret = "XXX"
	authorization_base_url = 'https://github.com/login/oauth/authorize'
	token_url = 'https://github.com/login/oauth/access_token'

	contents403 = "<html><body><h1>Status: Error 403 Access Denied</h1></body></html>"

	@app.route("/")
	def demo():
	"""Step 1: User Authorization.

	Redirect the user/resource owner to the OAuth provider (i.e. Github)
	using an URL with a few key OAuth parameters.
	"""
	github = OAuth2Session(client_id)
	authorization_url, state = github.authorization_url(authorization_base_url)

	# State is used to prevent CSRF, keep this for later.
	session['oauth_state'] = state
	return redirect(authorization_url)

	# Step 2: User authorization, this happens on the provider.

	@app.route("/callback", methods=["GET"])
	def callback():
	""" Step 3: Retrieving an access token.

	The user has been redirected back from the provider to your registered
	callback URL. With this redirection comes an authorization code included
	in the redirect URL. We will use that to obtain an access token.
	"""

	github = OAuth2Session(client_id, state=session['oauth_state'])
	token = github.fetch_token(token_url, client_secret=client_secret,
	authorization_response=request.url)

	# save the token to make it persistent
	# (usable in other routes)
	session['oauth_token'] = token

	# check if user is member of dcppc org
	user_info = jsonify(github.get('https://api.github.com/user').json()).get_json()
	user_orgs = jsonify(github.get(user_info['organizations_url']).json()).get_json()
	for user_org in user_orgs:
	if user_org['login']=='dcppc':
	# yes, redirect to /profile
	session['in_dcppc'] = True
	return redirect(url_for('.profile'))

	# nope
	return contents403



	@app.route("/profile", methods=["GET"])
	def profile():
	"""Fetching a protected resource using an OAuth 2 token.
	"""
	github = OAuth2Session(client_id, token=session['oauth_token'])

	if 'in_dcppc' in session.keys():
	if session['in_dcppc']:
	return jsonify(github.get('https://api.github.com/user').json())

	# nope
	return contents403

	if __name__ == "__main__":
	# This allows us to use a plain HTTP callback
	os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = "1"

	app.secret_key = os.urandom(24)
	app.run(debug=True)