-
-
Save ib-lundgren/6507798 to your computer and use it in GitHub Desktop.
| from requests_oauthlib import OAuth2Session | |
| from flask import Flask, request, redirect, session, url_for | |
| from flask.json import jsonify | |
| import os | |
| app = Flask(__name__) | |
| # This information is obtained upon registration of a new GitHub | |
| client_id = "<your client key>" | |
| client_secret = "<your client secret>" | |
| authorization_base_url = 'https://github.com/login/oauth/authorize' | |
| token_url = 'https://github.com/login/oauth/access_token' | |
| @app.route("/") | |
| def demo(): | |
| """Step 1: User Authorization. | |
| Redirect the user/resource owner to the OAuth provider (i.e. Github) | |
| using an URL with a few key OAuth parameters. | |
| """ | |
| github = OAuth2Session(client_id) | |
| authorization_url, state = github.authorization_url(authorization_base_url) | |
| # State is used to prevent CSRF, keep this for later. | |
| session['oauth_state'] = state | |
| return redirect(authorization_url) | |
| # Step 2: User authorization, this happens on the provider. | |
| @app.route("/callback", methods=["GET"]) | |
| def callback(): | |
| """ Step 3: Retrieving an access token. | |
| The user has been redirected back from the provider to your registered | |
| callback URL. With this redirection comes an authorization code included | |
| in the redirect URL. We will use that to obtain an access token. | |
| """ | |
| github = OAuth2Session(client_id, state=session['oauth_state']) | |
| token = github.fetch_token(token_url, client_secret=client_secret, | |
| authorization_response=request.url) | |
| # At this point you can fetch protected resources but lets save | |
| # the token and show how this is done from a persisted token | |
| # in /profile. | |
| session['oauth_token'] = token | |
| return redirect(url_for('.profile')) | |
| @app.route("/profile", methods=["GET"]) | |
| def profile(): | |
| """Fetching a protected resource using an OAuth 2 token. | |
| """ | |
| github = OAuth2Session(client_id, token=session['oauth_token']) | |
| return jsonify(github.get('https://api.github.com/user').json()) | |
| if __name__ == "__main__": | |
| # This allows us to use a plain HTTP callback | |
| os.environ['DEBUG'] = "1" | |
| app.secret_key = os.urandom(24) | |
| app.run(debug=True) |
There is a small race condition here. After the first time through callback() will get called nearly immediately and session['oauth_state'] might not be set yet. If you put a time.sleep(1) at the beginning of callback() everything is fine... but I suspect that's not the right answer...
Thanks so much for putting together this example! It really does help!
STRTM+TCPHTTPML://127.0.0.1:5000
STRTM+TCP+HTTPML://127.0.0.1:5000
STRTM+TCP+HTTP+ML://127.0.0.1.COM.NE:5000
Great example can you please help me with the same example falcon that would be help full
Hello! I am trying to use your gist above, but I get the following Bad Request Error 400:
127.0.0.1 - - [16/Feb/2017 18:15:19] code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x00\xb2\x01\x00\x00\xae\x03\x03S\x1b1N\xc6\xc08\xbf\xa07\x137\x104X\xb9\x89I78;\x9eo\x89\xbe\xc9\xdb\xaa\x01d\x06i\x00\x00')
127.0.0.1 - - [16/Feb/2017 18:15:19] "??SN??8??774X??I78;?o???۪di ZZ?+?/?,?0̨̩??????/5" 400 -
127.0.0.1 - - [16/Feb/2017 18:15:20] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [16/Feb/2017 18:15:20] code 400, message Bad request syntax ("\x16\x03\x01\x00\xb2\x01\x00\x00\xae\x03\x03\\\x14K4\xa1k\x12\x90J\x18|\x82\x81\xa5Yl\xfc\x0f%\r\x1d\x9eD'\xcbD\x10\xa3\xa4 \x04y\x00\x00 ZZ\xc0+\xc0/\xc0,\xc00\xcc\xa9\xcc\xa8\xcc\x14\xcc\x13\xc0\x13\xc0\x14\x00\x9c\x00\x9d\x00/\x005\x00")
?D'?D?? y ZZ?+?/?,?0̨̩??????/5" 400 -] "??\K4?k?J|???Yl?%
127.0.0.1 - - [16/Feb/2017 18:15:20] code 400, message Bad request version ('\xba\xba\xc0+\xc0/\xc0,\xc00\xcc\xa9\xcc\xa8\xcc\x14\xcc\x13\xc0\x13\xc0\x14\x00\x9c\x00\x9d\x00/\x005\x00')
127.0.0.1 - - [16/Feb/2017 18:15:20] "????b??a?s?g9??2?
9?[O??R?Ց?}? ???+?/?,?0̨̩??????/5" 400 -
127.0.0.1 - - [16/Feb/2017 18:15:25] code 400, message Bad request version ('zz\xc0+\xc0/\xc0,\xc00\xcc\xa9\xcc\xa8\xcc\x14\xcc\x13\xc0\x13\xc0\x14\x00\x9c\x00\x9d\x00/\x005\x00')
127.0.0.1 - - [16/Feb/2017 18:15:25] "??r?????(?Uq:?<???@Kd??1??G?H
??{C zz?+?/?,?0̨̩??????/5" 400 -
I see the following URL in my browser with the code and state parameters in query strings:
https://127.0.0.1:5000/callback?code=41d9acb83e123cf5c3e2&state=Erq3uN7oX0APIEcQeIKhHclLU8A0CD
I have been stuck on this for a long time now, can you please help me ? Here is my link to the repo:
https://github.com/ghoshabhi/commit-reminder/tree/feat_oauth/commit-reminder
Thank You!
Solved the error above! Notice I am using https instead of http for the localhost url. And that server was treating this as a Bad Request. Removed the s and everything worked as expected! :)
Hahahahaah this just happened to me, took me finding this message after 40 mins of research
Add _scheme='https' in url_for(...). This will make a URL and redirect it.
A solution while getting Bad Request when you use https instead of http.
Hope it does help you. 🙂
Try it out by typing in your key and secret on line 10 & 11 then
and go to 127.0.0.1:5000/