You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to implement login using flask-login and requests-oauthlib. I want it to be pretty much a single user login so I put some conditions to make sure the email used is mine and nobody else
here is my code:
@app.route('/login')
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
google = OAuth2Session(Config.CLIENT_ID, scope=Config.SCOPE, redirect_uri=Config.REDIRECT_URI)
authorization_url, state = google.authorization_url(Config.AUTH_URI,
access_type="offline", prompt="select_account")
# State is used to prevent CSRF, keep this for later.
session['oauth_state'] = state
return redirect(authorization_url)
@app.route('/callback')
def callback():
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('index')
# Redirect user to home page if already logged in.
if current_user is not None and current_user.is_authenticated:
return redirect(next_page)
if 'error' in request.args:
if request.args.get('error') == 'access_denied':
return 'You denied access.'
return 'Error encountered.'
if 'code' not in request.args and 'state' not in request.args:
return redirect(url_for('login'))
else:
# Execution reaches here when user has successfully authenticated our app.
google = OAuth2Session(Config.CLIENT_ID, redirect_uri=Config.REDIRECT_URI,
state=session['oauth_state'])
token = google.fetch_token(Config.TOKEN_URI, client_secret=Config.CLIENT_SECRET,
authorization_response=request.url)
session['oauth_token'] = token
google = OAuth2Session(Config.CLIENT_ID, token=token)
resp = google.get(Config.USER_INFO)
if resp.status_code == 200:
user_data = resp.json()
email = user_data['email']
if email == '[email protected]':
user = m.User.query.filter_by(email=email).first()
if user is None:
user = m.User()
user.email = email
user.tokens = json.dumps(token)
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
flash('logged in!')
return redirect(url_for('admin_only'))
return redirect(url_for('index'))
return 'Could not fetch your information.'
@app.route('/logout')
def logout():
logout_user()
session.pop('oauth_token')
return redirect(url_for('index'))
This code flashed "logged in!", but in truth I cannot access "admin_only" view which has login required decorator
When I read the logs, the error raised was MismatchingStateError. I looked around but I have no idea what causes it and how to go around it
The text was updated successfully, but these errors were encountered:
I am trying to implement login using flask-login and requests-oauthlib. I want it to be pretty much a single user login so I put some conditions to make sure the email used is mine and nobody else
here is my code:
This code flashed "logged in!", but in truth I cannot access "admin_only" view which has login required decorator
When I read the logs, the error raised was MismatchingStateError. I looked around but I have no idea what causes it and how to go around it
The text was updated successfully, but these errors were encountered: