import datetime import flask import logging from flask import Flask, jsonify from flask_pyoidc import OIDCAuthentication from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata from flask_pyoidc.user_session import UserSession CLIENT_ID = 'XXXXX' CLIENT_SECRET = 'XXXXXX' app = Flask(__name__) # See https://flask.palletsprojects.com/en/2.0.x/config/ app.config.update({'OIDC_REDIRECT_URI': 'http://localhost:5000/redirect_uri', 'SECRET_KEY': 'dev_key', # make sure to change this!! 'PERMANENT_SESSION_LIFETIME': datetime.timedelta(days=7).total_seconds(), 'DEBUG': True}) ISSUER1 = 'http://XXXXXXX/application/o/openid-connect-demo' CLIENT1 = 'client@provider1' PROVIDER_NAME1 = 'provider1' PROVIDER_CONFIG1 = ProviderConfiguration(issuer=ISSUER1, client_metadata=ClientMetadata(CLIENT_ID, CLIENT_SECRET)) auth = OIDCAuthentication({PROVIDER_NAME1: PROVIDER_CONFIG1}) @app.route('/') @auth.oidc_auth(PROVIDER_NAME1) def login1(): user_session = UserSession(flask.session) return jsonify(access_token=user_session.access_token, id_token=user_session.id_token, userinfo=user_session.userinfo) @app.route('/api') @auth.token_auth(PROVIDER_NAME1, scopes_required=['read', 'write']) def api(): current_token_identity = auth.current_token_identity return current_token_identity @app.route('/profile') @auth.access_control(PROVIDER_NAME1, scopes_required=['read', 'write']) def profile(): if auth.current_token_identity: return auth.current_token_identity else: user_session = UserSession(flask.session) return jsonify(access_token=user_session.access_token, id_token=user_session.id_token, userinfo=user_session.userinfo) @app.route('/logout') @auth.oidc_logout def logout(): return "You've been successfully logged out!" @auth.error_view def error(error=None, error_description=None): return jsonify({'error': error, 'message': error_description}) if __name__ == '__main__': logging.basicConfig(level=logging.DEBUG, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s') auth.init_app(app) app.run()