Skip to content

Instantly share code, notes, and snippets.

@kain-jy
Created December 15, 2018 07:38
Show Gist options
  • Save kain-jy/c7bb90113ad1af4492e855cfd5a32251 to your computer and use it in GitHub Desktop.
Save kain-jy/c7bb90113ad1af4492e855cfd5a32251 to your computer and use it in GitHub Desktop.
Get Vault Auth Token from Google Account
import request
from flask import Flask, request, redirect
BASE_URL = os.environ.get('BASE_URL') or 'http://localhost:5000'
VAULT_ADDR = os.environ['VAULT_ADDR']
VAULT_ROLE = os.environ['VAULT_ROLE']
GOOGLE_CLIENT_ID = os.environ['GOOGLE_CLIENT_ID']
GOOGLE_CLIENT_SECRET = os.environ['GOOGLE_CLIENT_SECRET']
app = Flask(__name__)
@app.route('/')
def index():
url = "https://accounts.google.com/o/oauth2/v2/auth?"
url += "client_id={}&".format(GOOGLE_CLIENT_ID)
url += "response_type=code&"
url += "scope=openid%20email&"
url += "redirect_uri={}&".format(BASE_URL + "/callback")
return redirect(url)
@app.route('/callback')
def callback():
code = request.args.get('code')
if not code:
raise abort(400)
role = request.cookies.get('role', None)
if not role:
raise abort(400)
res = requests.post("https://www.googleapis.com/oauth2/v4/token", data={
'code': code,
'client_id': GOOGLE_CLIENT_ID,
'client_secret': GOOGLE_CLIENT_SECRET,
'redirect_uri': BASE_URL + "/callback",
'grant_type': 'authorization_code'
})
if not res.ok:
raise abort(400)
creds = res.json()
res = requests.post(VAULT_GOOGLE_LOGIN_URL, json={
'role': VAULT_ROLE,
'jwt': creds['id_token']
})
if not res.ok:
raise abort(400)
data = res.json()
return data['auth']['client_token']
if __name__ == '__main__':
app.run()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment