local-it/dashboard
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Take state from query param on hydra callback

Browse source
This commit is contained in:
Luka Radenovic 2022-01-19 09:16:22 +01:00
parent 2160f634d1
commit 45728d1383
3 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
areas/auth/auth.py
View file

@ -1,11 +1,11 @@
from flask import jsonify from flask import jsonify, request
from flask_jwt_extended import create_access_token from flask_jwt_extended import create_access_token
from flask_cors import cross_origin from flask_cors import cross_origin
from datetime import timedelta from datetime import timedelta
from areas import api_v1 from areas import api_v1
from config import * from config import *
from helpers import HydraOauth from helpers import HydraOauth, BadRequest
@api_v1.route("/login", methods=["POST"]) @api_v1.route("/login", methods=["POST"])
@ -18,7 +18,11 @@ def login():
@api_v1.route("/hydra/callback") @api_v1.route("/hydra/callback")
@cross_origin() @cross_origin()
def hydra_callback(): def hydra_callback():
token = HydraOauth.get_token() state = request.args.get("state")
if state == None:
raise BadRequest("Missing state query param")
token = HydraOauth.get_token(state)
access_token = create_access_token( access_token = create_access_token(
identity=token, expires_delta=timedelta(days=365) identity=token, expires_delta=timedelta(days=365)
) )

6
helpers/hydra_oauth.py
View file

@ -24,11 +24,9 @@ class HydraOauth:
raise HydraError(str(err), 500) raise HydraError(str(err), 500)
@staticmethod @staticmethod
def get_token(): def get_token(state):
try: try:
hydra = OAuth2Session( hydra = OAuth2Session(HYDRA_CLIENT_ID, state=state)
HYDRA_CLIENT_ID, state=session[HydraOauth.SESSION_KEY]
)
token = hydra.fetch_token( token = hydra.fetch_token(
TOKEN_URL, TOKEN_URL,
client_secret=HYDRA_CLIENT_SECRET, client_secret=HYDRA_CLIENT_SECRET,

2
run_app.sh
View file

@ -23,7 +23,7 @@ export FLASK_ENV=development
export SECRET_KEY="e38hq!@0n64g@qe6)5csk41t=ljo2vllog(%k7njnm4b@kh42c" export SECRET_KEY="e38hq!@0n64g@qe6)5csk41t=ljo2vllog(%k7njnm4b@kh42c"
export KRATOS_URL="http://127.0.0.1:8000" export KRATOS_URL="http://127.0.0.1:8000"
export HYDRA_CLIENT_ID="dashboard" export HYDRA_CLIENT_ID="dashboard"
export HYDRA_CLIENT_SECRET="BrYRtKygtrcwGHviUSqybvFTgfnaZgPh" export HYDRA_CLIENT_SECRET="gDSEuakxzybHBHJocnmtDOLMwlWWEvPh"
export HYDRA_AUTHORIZATION_BASE_URL="https://sso.init.stackspin.net/oauth2/auth" export HYDRA_AUTHORIZATION_BASE_URL="https://sso.init.stackspin.net/oauth2/auth"
export TOKEN_URL="https://sso.init.stackspin.net/oauth2/token" export TOKEN_URL="https://sso.init.stackspin.net/oauth2/token"
flask run flask run