diff --git a/app.py b/app.py
index 7e284b4..510b9be 100644
--- a/app.py
+++ b/app.py
@@ -1,5 +1,4 @@
import requests
-import jwt
from authlib.integrations.base_client import OAuthError
from authlib.integrations.flask_client import OAuth
@@ -33,23 +32,10 @@ oauth.register(
@app.route("/api")
def api():
- not_auth_warn = True
- # is it OK to use access token to check API authorization on server side
- # it is not OK to use ID token to check API authorization on server side
- if 'accessToken' in request.args:
- access_token = request.args['accessToken']
- jwks_uri = f"{issuer}/protocol/openid-connect/certs"
- jwks_client = jwt.PyJWKClient(jwks_uri)
- key = jwks_client.get_signing_key_from_jwt(access_token)
- data = jwt.decode(access_token, key.key, algorithms=["RS256"], audience='client-oidc', options={'verify_signature': True, 'verify_aud': True})
- print(data)
- not_auth_warn = False
- # TODO verify token and check role
- return render_template(
- 'api.html',
- not_auth_warn=not_auth_warn,
- )
-
+ if 'accessToken' in request.cookies:
+ access_token = request.cookies['access_token']
+ print(access_token)
+ return make_response(redirect('http://localhost:5002/api?callbackUrl=http%3A%2F%2Flocalhost%3A5001'))
@app.route("/auth")
def auth():
@@ -60,13 +46,13 @@ def auth():
response = make_response(redirect('/'))
access_token = token_response['access_token']
if access_token:
- response.set_cookie('accessToken', access_token, httponly=True)
+ response.set_cookie('access_token', access_token, httponly=True)
refresh_token = token_response['refresh_token']
if refresh_token:
- response.set_cookie('refreshToken', refresh_token, httponly=True)
+ response.set_cookie('refresh_token', refresh_token, httponly=True)
id_token = token_response['id_token']
if id_token:
- response.set_cookie('idToken', id_token, httponly=True)
+ response.set_cookie('id_token', id_token, httponly=True)
if token_response['userinfo']:
session['name'] = token_response['userinfo']['name']
session['email'] = token_response['userinfo']['email']
@@ -76,7 +62,6 @@ def auth():
@app.route("/", methods=['GET', 'POST'])
def index():
attributes = False
- access_token = False
paint_logout = False
not_auth_warn = False
user_name = False
@@ -94,9 +79,9 @@ def index():
"refresh_token": refresh_token,
})
response = make_response(redirect('/'))
- response.set_cookie('accessToken', '', expires=0)
- response.set_cookie('refreshToken', '', expires=0)
- response.set_cookie('idToken', '', expires=0)
+ response.set_cookie('access_token', '', expires=0)
+ response.set_cookie('refresh_token', '', expires=0)
+ response.set_cookie('id_token', '', expires=0)
if 'name' in session:
del session['name']
if 'email' in session:
@@ -107,9 +92,9 @@ def index():
# it is OK to use ID token to display user info on client side
# is it not OK to use access token on client side
- if 'idToken' in request.cookies:
+ if 'id_token' in request.cookies:
paint_logout = True
- attributes = {'idToken': [request.cookies['idToken']]}.items()
+ attributes = {'id_token': [request.cookies['id_token']]}.items()
if 'name' in session:
user_name = session['name']
@@ -117,13 +102,9 @@ def index():
if 'email' in session:
user_email = session['email']
- if 'accessToken' in request.cookies:
- access_token = request.cookies['accessToken']
-
return render_template(
'index.html',
attributes=attributes,
- access_token=access_token,
not_auth_warn=not_auth_warn,
paint_logout=paint_logout,
user_name=user_name,
diff --git a/requirements.txt b/requirements.txt
index 4967fef..eeb50ed 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,3 @@
authlib
flask
-PyJWT
+requests
\ No newline at end of file
diff --git a/templates/index.html b/templates/index.html
index b5548ab..658ff4a 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -36,10 +36,6 @@
Login
{% endif %}
-{% if access_token %}
- Call protected API
-{% else %}
- Call protected API
-{% endif %}
+Call API
{% endblock %}
\ No newline at end of file