|
13 | 13 | from flask import session |
14 | 14 | from flask import url_for |
15 | 15 | from flask_oauthlib.client import OAuth |
16 | | -from jose import jwt |
17 | 16 | from six.moves.urllib.parse import urlencode |
18 | | -from six.moves.urllib.request import urlopen |
| 17 | +import requests |
19 | 18 |
|
20 | 19 | import constants |
21 | 20 |
|
|
27 | 26 | AUTH0_CLIENT_ID = env.get(constants.AUTH0_CLIENT_ID) |
28 | 27 | AUTH0_CLIENT_SECRET = env.get(constants.AUTH0_CLIENT_SECRET) |
29 | 28 | AUTH0_DOMAIN = env.get(constants.AUTH0_DOMAIN) |
30 | | -AUTH0_AUDIENCE = env.get(constants.API_ID) |
| 29 | +AUTH0_AUDIENCE = env.get(constants.AUTH0_AUDIENCE) |
| 30 | +if AUTH0_AUDIENCE is '': |
| 31 | + AUTH0_AUDIENCE = 'https://' + AUTH0_DOMAIN + '/userinfo' |
31 | 32 |
|
32 | 33 | APP = Flask(__name__, static_url_path='/public', static_folder='./public') |
33 | 34 | APP.secret_key = constants.SECRET_KEY |
@@ -62,7 +63,7 @@ def handle_auth_error(ex): |
62 | 63 | consumer_secret=AUTH0_CLIENT_SECRET, |
63 | 64 | request_token_params={ |
64 | 65 | 'scope': 'openid profile', |
65 | | - 'audience': 'https://' + AUTH0_DOMAIN + '/userinfo' |
| 66 | + 'audience': AUTH0_AUDIENCE |
66 | 67 | }, |
67 | 68 | base_url='https://%s' % AUTH0_DOMAIN, |
68 | 69 | access_token_method='POST', |
@@ -93,26 +94,26 @@ def callback_handling(): |
93 | 94 | raise AuthError({'code': request.args['error'], |
94 | 95 | 'description': request.args['error_description']}, 401) |
95 | 96 |
|
96 | | - # Obtain JWT and the keys to validate the signature |
97 | | - id_token = resp['id_token'] |
98 | | - jwks = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json") |
| 97 | + url = 'https://' + AUTH0_DOMAIN + '/userinfo' |
| 98 | + headers = {'authorization': 'Bearer ' + resp['access_token']} |
| 99 | + resp = requests.get(url, headers=headers) |
| 100 | + userinfo = resp.json() |
99 | 101 |
|
100 | | - payload = jwt.decode(id_token, jwks.read(), algorithms=['RS256'], |
101 | | - audience=AUTH0_CLIENT_ID, issuer="https://"+AUTH0_DOMAIN+"/") |
102 | | - |
103 | | - session[constants.JWT_PAYLOAD] = payload |
| 102 | + session[constants.JWT_PAYLOAD] = userinfo |
104 | 103 |
|
105 | 104 | session[constants.PROFILE_KEY] = { |
106 | | - 'user_id': payload['sub'], |
107 | | - 'name': payload['name'], |
108 | | - 'picture': payload['picture'] |
| 105 | + 'user_id': userinfo['sub'], |
| 106 | + 'name': userinfo['name'], |
| 107 | + 'picture': userinfo['picture'] |
109 | 108 | } |
110 | 109 |
|
111 | 110 | return redirect('/dashboard') |
112 | 111 |
|
| 112 | + |
113 | 113 | @APP.route('/login') |
114 | 114 | def login(): |
115 | | - return auth0.authorize(callback=AUTH0_CALLBACK_URL if AUTH0_CALLBACK_URL is not '' else "http://localhost:3000/callback") |
| 115 | + return auth0.authorize(callback=AUTH0_CALLBACK_URL) |
| 116 | + |
116 | 117 |
|
117 | 118 | @APP.route('/logout') |
118 | 119 | def logout(): |
|
0 commit comments