This repository has been archived by the owner on Mar 10, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.py
68 lines (51 loc) · 2.11 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
"""Demo for OpenID Connect login."""
import logging
import os
import flask
from authlib.integrations.flask_client import OAuth
app = flask.Flask(__name__) # pylint: disable=invalid-name
app.config["SECRET_KEY"] = os.environ.get("SECRET_KEY")
oauth = OAuth(app)
oauth.register("oidc_entry",
client_secret=os.environ.get("CLIENT_SECRET"),
client_id=os.environ.get("CLIENT_ID"),
server_metadata_url=os.environ.get("SERVER_METADATA_URL"),
client_kwargs={"scope": "openid profile email roles"})
@app.route("/")
def render_home():
"""List available entries."""
return flask.render_template("base.html", user_info=flask.session.get("user_info"))
@app.route("/login")
def oidc_login():
"""Perform a login using OpenID Connect."""
redirect_uri = flask.url_for("oidc_authorize",
_external=True)
return oauth.oidc_entry.authorize_redirect(redirect_uri)
@app.route("/login/authorize")
def oidc_authorize():
"""Authorize a login using OpenID Connect (e.g. Elixir AAI)."""
token = oauth.oidc_entry.authorize_access_token()
flask.session["user_info"] = token["userinfo"]
return flask.redirect("/")
@app.route("/logout")
def oidc_logout():
"""Log out from the oidc session"""
flask.session.clear()
logout_url = os.environ.get("LOGOUT_URL")
if logout_url:
redirect_uri = flask.url_for("render_home",
_external=True)
return flask.redirect(f"{logout_url}?redirect_uri={redirect_uri}")
return flask.redirect(redirect_uri)
@app.route("/external-logout", methods=["GET", "POST"])
def oidc_external_logout():
"""Log out from the oidc session"""
flask.current_app.logger.info(dict(flask.request.args))
flask.current_app.logger.info(flask.request.data)
flask.session.clear()
return flask.jsonify(flask.request.json)
if __name__ != '__main__':
# assume the container is running in gunicorn
gunicorn_logger = logging.getLogger('gunicorn.error')
app.logger.handlers = gunicorn_logger.handlers
app.logger.setLevel(gunicorn_logger.level)