Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change outdated oauth libs? #113

Open
bitfinity opened this issue May 16, 2018 · 9 comments
Open

Change outdated oauth libs? #113

bitfinity opened this issue May 16, 2018 · 9 comments
Labels
help wanted

Comments

@bitfinity
Copy link

bitfinity commented May 16, 2018
edited

Maintainer of https://github.com/lepture/flask-oauthlib says - use authlib instead? I'm wondering if the migration process would be difficult given the current tie-ins to permissions api and swagger. I kind of need some of the other social login implementations of authlib.

Found an example migration here: opendatateam/udata#1434
and here opendatateam/udata@30f409b
@frol
Copy link
Owner

frol commented May 17, 2018

Good point! I am not sure when I will have time to do this myself, so I will be glad if someone sends a PR.

@bitfinity
Copy link
Author

I think I might be doing it. I might have a few questions as I get into it. I'm not sure if I'll be able to do a complete PR - I may just have time to implement the things I need. I'm on an incredibly tight schedule.

@frol
Copy link
Owner

frol commented May 17, 2018

Feel free to open a halfway implemented migration PR or just leave pointers along your way in this issue!

@bitfinity
Copy link
Author

bitfinity commented May 17, 2018
edited

Ok - working on it now. The main weird thing is that the grant stuff seems to be handled in OAuth2RequestValidator(provider.OAuth2RequestValidator) without any specific endpoints - seems to be integrated into flask's before request handler, but there's no similar class in authlib. It seems that register_grant has the same affect, but not sure. I really wish the guy had written some kind of migration instructions, rather than just saying - "don't use the old library".

@bitfinity
Copy link
Author

bitfinity commented May 17, 2018
edited

Really having an issue with the Flask_login stuff:

Do you mind telling me if this is behavior specific to the old flask-oauth library?

def load_user_from_request(request):
    """
    Load user from OAuth2 Authentication header.
    """
    from app.extensions import oauth2
    user = None
    if hasattr(request, 'oauth'):
        user = request.oauth.user
    else:
        is_valid, oauth = oauth2.verify_request(scopes=[])
        if is_valid:
            user = oauth.user
    return user

authlib doesn't have verify_request and I don't know the equivalent. I also don't know if authlib adds 'oauth' to the request or even what adding load_user_from_request is for?

@frol
Copy link
Owner

frol commented May 18, 2018

That is definitely related to how the old lib operates. I have no idea about how the new one expects this to be organized.

@bitfinity
Copy link
Author

Unfortunately, I don't have time on this project to use authlib. I made an initial attempt which you can see on my forked lib. But I just did the obvious stuff.

@lepture
Copy link

lepture commented May 21, 2018

I'm writing migration guide posts for Authlib now, feel free to ask me questions on StackOverflow. Here is a guide on the client part: https://blog.authlib.org/2018/migrate-flask-oauthlib-client-to-authlib

I will finish the server part soon.

@bitfinity
Copy link
Author

I think I got some of it working. There were changes to how the scopes were stored, and I made a few changes to flask login.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bitfinity @lepture @frol