-
Notifications
You must be signed in to change notification settings - Fork 588
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit OAuth 2 Client to a Google Apps Domain #165
Comments
Hi there! Sorry for the late reply. Let me investigate a bit more into where this can happen, not an OAuth expert so I'll need to do some homework. |
Similar to the example mentioned in SO: https://github.com/mitsuhiko/flask-oauth/blob/master/example/google.py, it would fall under 44 # [END upload_image_file]
45
46
47 app = Flask(__name__)
48 app.config.update(
49 SECRET_KEY='secret',
50 MAX_CONTENT_LENGTH=8 * 1024 * 1024,
51 ALLOWED_EXTENSIONS=set(['png', 'jpg', 'jpeg', 'gif'])
52 )
53
54 app.debug = False
55 app.testing = False if you wanted to add OAuth bit, you'd add a bit of a section after the snippet above: 44 # [END upload_image_file]
45
46
47 app = Flask(__name__)
48 app.config.update(
49 SECRET_KEY='secret',
50 MAX_CONTENT_LENGTH=8 * 1024 * 1024,
51 ALLOWED_EXTENSIONS=set(['png', 'jpg', 'jpeg', 'gif'])
52 )
53
54 app.debug = False
55 app.testing = False
56 # Don't forget to import:
57 from flask_oauth import OAuth
58 # You must configure these 3 values from Google APIs console
59 # https://code.google.com/apis/console
60 GOOGLE_CLIENT_ID = '<Client-ID>'
61 GOOGLE_CLIENT_SECRET = '<Client-secret>'
62 oauth = OAuth()
63
64 google = oauth.remote_app('google',
65 base_url='https://www.google.com/accounts/',
66 authorize_url='https://accounts.google.com/o/oauth2/auth',
67 request_token_url=None,
68 request_token_params={'scope': 'https://www.googleapis.com/auth/userinfo.email',
69 'response_type': 'code'},
70 access_token_url='https://accounts.google.com/o/oauth2/token',
71 access_token_method='POST',
72 access_token_params={'grant_type': 'authorization_code'},
73 consumer_key=GOOGLE_CLIENT_ID,
74 consumer_secret=GOOGLE_CLIENT_SECRET) Note that the SO post talks about I'll be closing this issue for now, but if there's any followup questions to this topic please feel free to re-open it with more info! :) |
I'd like to use this code as a base for a small python package I want to build in my work environment, but it has to be limited in accessibility to only gmail accounts within our GSuite Work domain. In searching for a way to tweak the OAuth client, I found this on Stackoverflow:
google = oauth.remote_app('google', base_url='https://www.google.com/accounts/', authorize_url='https://accounts.google.com/o/oauth2/auth', request_token_url=None, request_token_params={'scope': 'https://www.googleapis.com/auth/userinfo.email', 'response_type': 'code', 'hd':'domain.com'}, access_token_url='https://accounts.google.com/o/oauth2/token', access_token_method='POST', access_token_params={'grant_type': 'authorization_code'}, consumer_key=GOOGLE_CLIENT_ID, consumer_secret=GOOGLE_CLIENT_SECRET)
The request_token_params dictionary permits an hd variable where you can specify the domain to lock it down to.
Where would I put this kind of variable in the Bookshelf project to practice? Would it be under service_account.py in windows directory env\Lib\site-packages\oauth2client, or somewhere else?
Thank you for your help!!!
The text was updated successfully, but these errors were encountered: