flask-restplus-server-example
flask-restplus-server-example copied to clipboard
Change outdated oauth libs?
Maintainer of https://github.com/lepture/flask-oauthlib says - use authlib instead? I'm wondering if the migration process would be difficult given the current tie-ins to permissions api and swagger. I kind of need some of the other social login implementations of authlib.
Found an example migration here: https://github.com/opendatateam/udata/pull/1434 and here https://github.com/opendatateam/udata/pull/1434/commits/30f409b63d378b22bcfe9d0f325cc767f0b02848
Good point! I am not sure when I will have time to do this myself, so I will be glad if someone sends a PR.
I think I might be doing it. I might have a few questions as I get into it. I'm not sure if I'll be able to do a complete PR - I may just have time to implement the things I need. I'm on an incredibly tight schedule.
Feel free to open a halfway implemented migration PR or just leave pointers along your way in this issue!
Ok - working on it now. The main weird thing is that the grant stuff seems to be handled in OAuth2RequestValidator(provider.OAuth2RequestValidator)
without any specific endpoints - seems to be integrated into flask's before request handler, but there's no similar class in authlib. It seems that register_grant has the same affect, but not sure. I really wish the guy had written some kind of migration instructions, rather than just saying - "don't use the old library".
Really having an issue with the Flask_login stuff:
Do you mind telling me if this is behavior specific to the old flask-oauth library?
def load_user_from_request(request):
"""
Load user from OAuth2 Authentication header.
"""
from app.extensions import oauth2
user = None
if hasattr(request, 'oauth'):
user = request.oauth.user
else:
is_valid, oauth = oauth2.verify_request(scopes=[])
if is_valid:
user = oauth.user
return user
authlib doesn't have verify_request
and I don't know the equivalent. I also don't know if authlib adds 'oauth' to the request or even what adding load_user_from_request
is for?
That is definitely related to how the old lib operates. I have no idea about how the new one expects this to be organized.
Unfortunately, I don't have time on this project to use authlib. I made an initial attempt which you can see on my forked lib. But I just did the obvious stuff.
I'm writing migration guide posts for Authlib now, feel free to ask me questions on StackOverflow. Here is a guide on the client part: https://blog.authlib.org/2018/migrate-flask-oauthlib-client-to-authlib
I will finish the server part soon.
I think I got some of it working. There were changes to how the scopes were stored, and I made a few changes to flask login.