harshavardhana/web-identity.py

## web-identity.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import logging
import boto3

from botocore.session import get_session
from boto3.session import Session

import requests, json
import subprocess
import sys

boto3.set_stream_logger('boto3.resources', logging.DEBUG)

authorize_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/auth"
token_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token"

# callback url specified when the application was defined
callback_uri = "http://localhost:8000/oauth2/callback"

# keycloak id and secret
client_id = 'account'
client_secret = 'daaa3008-80f0-40f7-80d7-e15167531ff0'

from flask import Flask
from uuid import uuid4

app = Flask(__name__)
@app.route('/')
def homepage():
    text = '<a href="%s">Authenticate with reddit</a>'
    return text % make_authorization_url()

def make_authorization_url():
    # Generate a random string for the state parameter
    # Save it for use later to prevent xsrf attacks

    state = str(uuid4())
    params = {"client_id": client_id,
	      "response_type": "code",
	      "state": state,
	      "redirect_uri": callback_uri,
	      "scope": "openid"}
    import urllib
    url = authorize_url + "?" + urllib.parse.urlencode(params)
    return url

from flask import abort, request
@app.route('/oauth2/callback')
def callback():
    error = request.args.get('error', '')
    if error:
        return "Error: " + error

    authorization_code = request.args.get('code')

    data = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': callback_uri }
    print("requesting access token")
    access_token_response = requests.post(token_url, data=data, verify=False, allow_redirects=False, auth=(client_id, client_secret))

    print("response")
    print(access_token_response.headers)
    print('body: ' + access_token_response.text)

    # we can now use the access_token as much as we want to access protected resources.
    tokens = json.loads(access_token_response.text)
    access_token = tokens['access_token']
    return "access token: " + access_token

if __name__ == '__main__':
    app.run(debug=True, port=8000)
	#!/usr/bin/env python
	# -- coding: utf-8 --
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	import logging
	import boto3

	from botocore.session import get_session
	from boto3.session import Session

	import requests, json
	import subprocess
	import sys

	boto3.set_stream_logger('boto3.resources', logging.DEBUG)

	authorize_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/auth"
	token_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token"

	# callback url specified when the application was defined
	callback_uri = "http://localhost:8000/oauth2/callback"

	# keycloak id and secret
	client_id = 'account'
	client_secret = 'daaa3008-80f0-40f7-80d7-e15167531ff0'

	from flask import Flask
	from uuid import uuid4

	app = Flask(__name__)
	@app.route('/')
	def homepage():
	text = '<a href="%s">Authenticate with reddit</a>'
	return text % make_authorization_url()

	def make_authorization_url():
	# Generate a random string for the state parameter
	# Save it for use later to prevent xsrf attacks

	state = str(uuid4())
	params = {"client_id": client_id,
	"response_type": "code",
	"state": state,
	"redirect_uri": callback_uri,
	"scope": "openid"}
	import urllib
	url = authorize_url + "?" + urllib.parse.urlencode(params)
	return url

	from flask import abort, request
	@app.route('/oauth2/callback')
	def callback():
	error = request.args.get('error', '')
	if error:
	return "Error: " + error

	authorization_code = request.args.get('code')

	data = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': callback_uri }
	print("requesting access token")
	access_token_response = requests.post(token_url, data=data, verify=False, allow_redirects=False, auth=(client_id, client_secret))

	print("response")
	print(access_token_response.headers)
	print('body: ' + access_token_response.text)

	# we can now use the access_token as much as we want to access protected resources.
	tokens = json.loads(access_token_response.text)
	access_token = tokens['access_token']
	return "access token: " + access_token

	if __name__ == '__main__':
	app.run(debug=True, port=8000)