local-it/dashboard
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Use code instead of authorization_response

Browse source
This commit is contained in:
Luka Radenovic 2022-01-20 07:40:11 +01:00
parent 5290bedc77
commit 34796a7d82
2 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
areas/auth/auth.py
View file

@ -19,10 +19,14 @@ def login():
@cross_origin() @cross_origin()
def hydra_callback(): def hydra_callback():
state = request.args.get("state") state = request.args.get("state")
code = request.args.get("code")
if state == None: if state == None:
raise BadRequest("Missing state query param") raise BadRequest("Missing state query param")
token = HydraOauth.get_token(state) if code == None:
raise BadRequest("Missing code query param")
token = HydraOauth.get_token(state, code)
access_token = create_access_token( access_token = create_access_token(
identity=token, expires_delta=timedelta(days=365) identity=token, expires_delta=timedelta(days=365)
) )

6
helpers/hydra_oauth.py
View file

@ -24,14 +24,14 @@ class HydraOauth:
raise HydraError(str(err), 500) raise HydraError(str(err), 500)
@staticmethod @staticmethod
def get_token(state): def get_token(state, code):
try: try:
hydra = OAuth2Session(HYDRA_CLIENT_ID, state=state) hydra = OAuth2Session(HYDRA_CLIENT_ID, state=state)
token = hydra.fetch_token( token = hydra.fetch_token(
TOKEN_URL, TOKEN_URL,
code=code,
state=state,
client_secret=HYDRA_CLIENT_SECRET, client_secret=HYDRA_CLIENT_SECRET,
authorization_response="https://dashboard.init.stackspin.net"
+ request.path,
) )
session["hydra_token"] = token session["hydra_token"] = token