Skeleton OAuth implementation #55
Conversation
| def get_clientside_data(self): | ||
| return { | ||
| "email": self.user_data.get("email"), | ||
| } |
There was a problem hiding this comment.
Added this to get data that needs to be sent to front end
| success = login_user(user) | ||
| if success: | ||
| user.authenticate_user() | ||
| return redirect(f'{current_app.config["BASE_URL"]}/?{urlencode(user.get_clientside_data())}') |
There was a problem hiding this comment.
changed the redirect here to include needed client-side data
| @bp.route("/authorize/<provider>") | ||
| def user_authorize(provider): | ||
| if not current_user.is_anonymous: | ||
| return redirect(f'{current_app.config["BASE_URL"]}/?{urlencode(current_user.get_clientside_data())}') |
There was a problem hiding this comment.
changed redirect here to include client-side data
| @bp.route("/callback/<provider>") | ||
| def user_callback(provider): | ||
| if not current_user.is_anonymous: | ||
| return redirect(current_app.config["BASE_URL"]) |
There was a problem hiding this comment.
@faisal-fawad do you think it would make sense to update this redirect like the others?
This would trigger if you accessed the callback endpoint but are already logged in right?
When could that happen?
| } | ||
| } | ||
| BASE_URL = ( | ||
| "https://playimaginate.com" if DB_ENV == "prod" else "http://localhost:5173" |
There was a problem hiding this comment.
changed the local host base url to the client localhost instead of the API localhost
|
|
||
| def create_app(): | ||
| app = Flask(__name__) | ||
| CORS(app) |
There was a problem hiding this comment.
Added cors for ez testing. Does not matter when deployed. ( I think )
Closes #54
A skeleton implementation of OAuth using Google as the provider; Key features:
Userclass which implements the required properties and methods + additional featuresfind_or_create_userprimarily searches on the unique provider IDs and fallbacks to an email searchusernamewill not be used for any authentication as it will be sent as a parameter and may be used maliciously by the userusernamehas not been implemented in this PR. A future PR will handle this containing theusernameparameter, extension on theUserclass, and an endpoint to validate username uniqueness