I have integrated IBM Cloud App ID service in my Python Flask web application referring this link
The login is working through Google/Facebook but I am not able to logout from the application.
Does anyone know how to logout from this application?
That Python app is using Flask and its session to manage the authorization scope and tokens. You could implement a route logout that removes the stored information from session. Parts of it are already shown for invalid authorization requests in your linked sample:
if (not idTokenPayload or not accessTokenPayload):
session[WebAppStrategy['AUTH_CONTEXT']]=None
Related
I am trying to setup Azure AD authentication for a web application using FastAPI. I am using the fastapi_msal python package to do this. The problem I am having is that when I go to the web app, I am able to login, but once i am authenticated, it says the redirect URI that the application is using begins with HTTP. However, Azure requires the redirect uri begin with HTTPS unless running the app locally. Does anyone know how I can change the redirect uri to begin with https instead?
The code for my project pretty much exactly resembles the code from this example project here. However, I have found a similar project using Flask instead of FastAPI. And there is a specific portion of the code that addresses this redirect uri problem:
# This section is needed for url_for("foo", _external=True) to automatically
# generate http scheme when this sample is running on localhost,
# and to generate https scheme when it is deployed behind reversed proxy.
# See also https://flask.palletsprojects.com/en/1.0.x/deploying/wsgi-standalone/#proxy-setups
from werkzeug.middleware.proxy_fix import ProxyFix
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
Does anyone know how I can do something like this for a web app using FastAPI instead?
The full source code for the Flask app can be found here
Background:
I've built and deployed an app with Google Cloud Firebase. At a high level, I have a Python Flask server running on Cloud Run, and I serve static JS files with Firebase hosting.
Issue:
Sometimes, I want to redirect the user, but I'm sending them to the Cloud Run service URL rather than my app domain.
EDIT: I'm NOT experiencing this in the JS on the browser, but ONLY in the Python on the server.
Python
If a user navigates to a page without being signed in, e.g. following a link, they are redirected to my login page. For example, if someone who is not signed in tries to look at someone else's profile, the following code redirects them to the authentication blueprint's login endpoint:
if not session.get('user'):
return redirect(url_for('authentication.login'))
I would expect them to be redirected to my-app-name.web.app/auth/login but instead they're routed to my-cloudrun-service-name-XXXXX-region.run.app/auth/login. While the pages loaded look the same, they're really not. The second one redirects to the Cloud Run service URL, which doesn't have my static files served by Firebase Hosting.
I'm not really sure, but I believe this happens because Flask is generating the URL using the request context. So the request from the browser hits Cloud Run Load Balancer, which directs the request to my Cloud Run instance, but that means the Flask app in my Cloud Run instance only sees the internal Google Cloud redirect, and it doesn't know my domain.
I've tried solving this by setting app.config['SEVER_NAME'] = my-app-name.web.app, but I just get the "Not Found" page on each request. Is SEVER_NAME the solution but I'm not implementing it correctly, or is there another way to fix the Flask url_for generation?
I've found what I deem to be an effective solution / workaround.
I set the app config to store my BASE_URL when the app is created:
app.config['BASE_URL'] = 'https://my-url.domain'
Then I can access this as application context during requests, even from blueprints:
#blueprint.route('my_route/')
def my_route():
if not session.get('user'):
return redirect(current_app.config['BASE_URL'] + url_for('authentication.login', 302)
This has two key benefits for me:
There's only one place, the app config, to update if I change the domain
url_for is still used, so there's no hardcoding in case blueprints or routes change
I would like to send emails using the Gmail API from a python script I have on my computer.
Here is the code I have so far:
test.py
from google_auth_oauthlib.flow import InstalledAppFlow
flow = InstalledAppFlow.from_client_secrets_file('client_secret.json',scopes=['email'], redirect_uri='http://localhost/authorize/')
flow.run_local_server()
When I execute this, it redirects me to a separate url shows this
My understanding of this problem is that I need to have a redirect uri that matches one on my google cloud platform dashboard for this app. The only thing is I just want to run this locally so I placed the uri http://localhost/authorize instead.
To confirm, I did add http://localhost/authorize to my redirect uri on the Google Cloud Platform.
I referenced this answer I found but could not find my solution:
Correct redirect URI for Google API and OAuth 2.0
I figured out that I needed a Redirect URI because I made the OAuth2 Key for a Web App rather than a Desktop App. In this case, a redirect uri is not needed.
I went through the Flask OAuth api, and its pretty clear how to do authentication for a web app. The web app gets redirected to the authentication provider login page, where access is granted, and returns back to the web app with a token.
However, for web api scenarios, where a client is pre authorized to call the web api, the request will have a Bearer token along with the call. Is there any example on how to validate this token? I see apis like validate_access_token() in the OAuth2 library, but I cant see any examples where people use it for web apis.
I use Azure AD for authentication, and have created an AAD application, and am able to get a token from it through the adal package on the client side (with the clientId and clientKey from AAD). But I havent been able to authorize it yet on the web api side, because it seems most scenarios look at web app authentication and not web api scenarios. Any ideas on how to authenticate on server side?
I'm new to FB app development. Once the user authorize my app, facebook does the following request
http://www.example.com/response#access_token=...&expires_in=3600
Now my python do not see the part after the '#'. How do i get the part, or am i doing something wrong?
You cannot use this. That is part of client side auth. URI fragments (the stuff after the #) are never sent to the server by the browser. You need to look up server side auth.
Short answer: you need to fill in YOUR_URL in https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL, next the facebook app (in python) needs to filter the return URL and yank out the access_token in the callback.
For more information, drop by https://apps.facebook.com/fileglu/technical - i am using facebook's access_token and dropbox's access_token to enable dropbox access inside Facebook App.
Have hooks for Google Oauth 2.0, anyone requires google docs access within Facebook?