Use IBM Cloud App ID with OpenID Connect client in Python Flask app

IBMCloud-AppID-OIDC-Flask.py

# for full example visit https://github.com/IBM-Cloud/github-traffic-stats/blob/master/backend/ghstats.py
# as part of this tutorial: https://console.bluemix.net/docs/tutorials/serverless-github-traffic-analytics.html


# import all kinds of modules

# this one is needed for the OIDC client
from flask_pyoidc.flask_pyoidc import OIDCAuthentication

# initialize Flask, etc.


# Check if we are in a Cloud Foundry environment, i.e., on IBM Cloud
# If we are on IBM Cloud, obtain the credentials from the environment.
# Else, read them from file.
# Thereafter, set up the services and module with the obtained credentials.
if 'VCAP_SERVICES' in os.environ:
   vcapEnv=json.loads(os.environ['VCAP_SERVICES'])

   # Obtain configuration for
   appIDInfo = vcapEnv['AppID'][0]['credentials']
else:
  # some other stuff

  

# Configure access to App ID service for the OpenID Connect client
provider_config={
     "issuer": "appid-oauth.ng.bluemix.net",
     "authorization_endpoint": appIDInfo['oauthServerUrl']+"/authorization",
     "token_endpoint": appIDInfo['oauthServerUrl']+"/token",
     "userinfo_endpoint": appIDInfo['profilesUrl']+"/api/v1/attributes",
     "jwks_uri": appIDInfo['oauthServerUrl']+"/publickeys"
}
client_info={
    "client_id": appIDInfo['clientId'],
    "client_secret": appIDInfo['secret']
}


# Initialize OpenID Connect client
auth = OIDCAuthentication(app, provider_configuration_info=provider_config, client_registration_info=client_info,userinfo_endpoint_method=None)



# define protected route by attaching decorator
@app.route('/protected/page1', methods=['GET'])
@auth.oidc_auth
def protectedPage1():
    # some tasks
    return "I am protected"

# other routes and general app handling