Last active
August 3, 2022 10:38
-
-
Save deangrant/986867d29e5a8d942e684e0eaa2f4cc3 to your computer and use it in GitHub Desktop.
Contains code blocks from script files to initialize Flask-OIDC to add OpenID Connect based authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /app/__init__.py | |
import json | |
from flask import ( | |
Flask | |
) | |
from flask_oidc import ( | |
OpenIDConnect | |
) | |
oidc = OpenIDConnect() | |
def create_app( | |
config | |
): | |
app = Flask( | |
__name__ | |
) | |
app.config.from_object( | |
config | |
) | |
client_secrets = { | |
"web": { | |
"issuer": app.config['OIDC_ISSUER'], | |
"auth_uri": app.config['OIDC_AUTHORIZATION_URI'], | |
"client_id": app.config['OIDC_CLIENT_ID'], | |
"client_secret": app.config['OIDC_CLEINT_SECRET'], | |
"redirect_uris": app.config['OIDC_REDIRECT_URIS'], | |
"userinfo_uri": app.config['OIDC_USERINFO_URI'], | |
"token_uri": app.config['OIDC_TOKEN_URI'], | |
"token_introspection_uri": app.config['OIDC_TOKEN_INTROSPECTION_URI'], | |
"bearer_only": app.config['OIDC_BEARER_ONLY'] | |
} | |
} | |
with open( | |
'client_secrets.json', | |
'w', | |
encoding='utf-8' | |
) as data: | |
json.dump( | |
client_secrets, | |
data, | |
indent=2 | |
) | |
app.config.update( | |
{ | |
'SECRET_KEY': app.config['OIDC_SECRET_KEY'], | |
'TESTING': app.config['OIDC_TESTING'], | |
'DEBUG': app.config['OIDC_DEBUG'], | |
'OIDC_CLIENT_SECRETS': 'client_secrets.json', | |
'OIDC_OPENID_REALM': app.config['OIDC_OPENID_REALM'], | |
'OIDC_INTROSPECTION_AUTH_METHOD': app.config['OIDC_INTROSPECTION_AUTH_METHOD'], | |
'OIDC_TOKEN_TYPE_HINT': app.config['OIDC_TOKEN_TYPE_HINT'], | |
'OIDC-SCOPES': app.config['OIDC_SCOPES'] | |
} | |
) | |
oidc.init_app(app) | |
return app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /app/config.py | |
# Specifies configuration values for code blocks in scripts to add OpenID | |
# based authentication. | |
class Config(): | |
HOST = {{ host }} | |
PORT = {{ port }} | |
class Development(Config): | |
OIDC_SCHEME = {{ scheme }} | |
OIDC_DOMAIN = {{ domain }} | |
OIDC_PORT = {{ port }} | |
OIDC_OPENID_REALM = {{ realm }} | |
OIDC_ISSUER = f'{OIDC_SCHEME}://{OIDC_DOMAIN}:{OIDC_PORT}/realms/{OIDC_OPENID_REALM}' | |
OIDC_AUTHORIZATION_URI = f'{OIDC_ISSUER}/protocol/openid-connect/auth' | |
OIDC_CLIENT_ID = {{ client_id }} | |
OIDC_CLEINT_SECRET = {{ client_secret }} | |
OIDC_REDIRECT_URIS = [{{ redirect_uris }}] | |
OIDC_USERINFO_URI = f'{OIDC_ISSUER}/protocol/openid-connect/userinfo' | |
OIDC_TOKEN_URI = f'{OIDC_ISSUER}/protocol/openid-connect/token' | |
OIDC_TOKEN_INTROSPECTION_URI = f'{OIDC_ISSUER}/protocol/openid-connect/token/introspect' | |
OIDC_BEARER_ONLY = "true" | |
OIDC_SECRET_KEY = {{ secret_key }} | |
OIDC_TESTING = True | |
OIDC_DEBUG = True | |
OIDC_INTROSPECTION_AUTH_METHOD = "client_secret_post" | |
OIDC_TOKEN_TYPE_HINT = "access_token" # nosec | |
OIDC_SCOPES = ['openid'] | |
config_dict = { | |
'Development': DevelopmentConfig | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#/run.py | |
import os | |
import sys | |
from app import ( | |
create_app | |
) | |
from app.config import ( | |
config_dict | |
) | |
from app.views import ( | |
test | |
) | |
CONFIG_MODE = os.getenv( | |
'CONFIG_MODE' | |
) | |
try: | |
app_config = config_dict[CONFIG_MODE.capitalize()] | |
except KeyError: | |
sys.exit( | |
'Error: Invalid <config_mode>. Expected values ' | |
'[Production, Staging, Development, Testing]' | |
) | |
app = create_app( | |
app_config | |
) | |
CORS( | |
app | |
) | |
app.register_blueprint( | |
test.app | |
) | |
# Runs the application. | |
if __name__ == "__main__": | |
app.run( | |
host=app.config['HOST'], | |
port=app.config['PORT'], | |
debug=app.config['DEBUG'] | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /app/views/test.py | |
from flask import ( | |
Blueprint, | |
jsonify | |
) | |
from app import ( | |
oidc | |
) | |
app = Blueprint( | |
'test', | |
__name__, | |
url_prefix='/test' | |
) | |
@app.route( | |
'/', | |
methods=['GET'] | |
) | |
@oidc.accept_token(require_token=True) | |
def test_return(): | |
return jsonify( | |
{'message': 'this is a test message'} | |
), 200 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment