use dummy server

2024-06-25 18:53:25 +02:00 · 2024-06-25 18:53:25 +02:00 · 7478dee246
commit 7478dee246
parent 3cf1f5c1c8
3 changed files with 14 additions and 37 deletions
--- a/app.py
+++ b/app.py
@ -1,5 +1,4 @@
 import requests
-import jwt

 from authlib.integrations.base_client import OAuthError
 from authlib.integrations.flask_client import OAuth
@ -33,23 +32,10 @@ oauth.register(

@app.route("/api")
 def api():
-    not_auth_warn = True
-    # is it OK to use access token to check API authorization on server side
-    # it is not OK to use ID token to check API authorization on server side
-    if 'accessToken' in request.args:
-        access_token = request.args['accessToken']
-        jwks_uri = f"{issuer}/protocol/openid-connect/certs"
-        jwks_client = jwt.PyJWKClient(jwks_uri)
-        key = jwks_client.get_signing_key_from_jwt(access_token)
-        data = jwt.decode(access_token, key.key, algorithms=["RS256"], audience='client-oidc', options={'verify_signature': True, 'verify_aud': True})
-        print(data)
-        not_auth_warn = False
-        # TODO verify token and check role
-    return render_template(
-        'api.html',
-        not_auth_warn=not_auth_warn,
-    )
-
+    if 'accessToken' in request.cookies:
+        access_token = request.cookies['access_token']
+        print(access_token)
+    return make_response(redirect('http://localhost:5002/api?callbackUrl=http%3A%2F%2Flocalhost%3A5001'))

@app.route("/auth")
 def auth():
@ -60,13 +46,13 @@ def auth():
    response = make_response(redirect('/'))
    access_token = token_response['access_token']
    if access_token:
-        response.set_cookie('accessToken', access_token, httponly=True)
+        response.set_cookie('access_token', access_token, httponly=True)
    refresh_token = token_response['refresh_token']
    if refresh_token:
-        response.set_cookie('refreshToken', refresh_token, httponly=True)
+        response.set_cookie('refresh_token', refresh_token, httponly=True)
    id_token = token_response['id_token']
    if id_token:
-        response.set_cookie('idToken', id_token, httponly=True)
+        response.set_cookie('id_token', id_token, httponly=True)
    if token_response['userinfo']:
        session['name'] = token_response['userinfo']['name']
        session['email'] = token_response['userinfo']['email']
@ -76,7 +62,6 @@ def auth():
@app.route("/", methods=['GET', 'POST'])
 def index():
    attributes = False
-    access_token = False
    paint_logout = False
    not_auth_warn = False
    user_name = False
@ -94,9 +79,9 @@ def index():
                "refresh_token": refresh_token,
            })
        response = make_response(redirect('/'))
-        response.set_cookie('accessToken', '', expires=0)
-        response.set_cookie('refreshToken', '', expires=0)
-        response.set_cookie('idToken', '', expires=0)
+        response.set_cookie('access_token', '', expires=0)
+        response.set_cookie('refresh_token', '', expires=0)
+        response.set_cookie('id_token', '', expires=0)
        if 'name' in session:
            del session['name']
        if 'email' in session:
@ -107,9 +92,9 @@ def index():

    # it is OK to use ID token to display user info on client side
    # is it not OK to use access token on client side
-    if 'idToken' in request.cookies:
+    if 'id_token' in request.cookies:
        paint_logout = True
-        attributes = {'idToken': [request.cookies['idToken']]}.items()
+        attributes = {'id_token': [request.cookies['id_token']]}.items()

    if 'name' in session:
        user_name = session['name']
@ -117,13 +102,9 @@ def index():
    if 'email' in session:
        user_email = session['email']

-    if 'accessToken' in request.cookies:
-        access_token = request.cookies['accessToken']
-
    return render_template(
        'index.html',
        attributes=attributes,
-        access_token=access_token,
        not_auth_warn=not_auth_warn,
        paint_logout=paint_logout,
        user_name=user_name,
--- a/requirements.txt
+++ b/requirements.txt
@ -1,3 +1,3 @@
 authlib
 flask
-PyJWT
+requests
--- a/templates/index.html
+++ b/templates/index.html
@ -36,10 +36,6 @@
  <a href="?sso" class="btn btn-primary">Login</a>
 {% endif %}

-{% if access_token %}
-  <a href="/api?accessToken={{ access_token }}" class="btn btn-secondary">Call protected API</a>
-{% else %}
-  <a href="/api" class="btn btn-secondary">Call protected API</a>
-{% endif %}
+<a href="/api" class="btn btn-secondary">Call API</a>

 {% endblock %}