flask-restplus-server-example icon indicating copy to clipboard operation
flask-restplus-server-example copied to clipboard

Published 20 hours ago verified publisher icon frol

Change outdated oauth libs?

Open bitfinity opened this issue 6 years ago • 9 comments

Maintainer of https://github.com/lepture/flask-oauthlib says - use authlib instead? I'm wondering if the migration process would be difficult given the current tie-ins to permissions api and swagger. I kind of need some of the other social login implementations of authlib.

Found an example migration here: https://github.com/opendatateam/udata/pull/1434 and here https://github.com/opendatateam/udata/pull/1434/commits/30f409b63d378b22bcfe9d0f325cc767f0b02848

bitfinity avatar May 16 '18 23:05 bitfinity

Good point! I am not sure when I will have time to do this myself, so I will be glad if someone sends a PR.

frol avatar May 17 '18 05:05 frol

I think I might be doing it. I might have a few questions as I get into it. I'm not sure if I'll be able to do a complete PR - I may just have time to implement the things I need. I'm on an incredibly tight schedule.

bitfinity avatar May 17 '18 16:05 bitfinity

Feel free to open a halfway implemented migration PR or just leave pointers along your way in this issue!

frol avatar May 17 '18 17:05 frol

Ok - working on it now. The main weird thing is that the grant stuff seems to be handled in OAuth2RequestValidator(provider.OAuth2RequestValidator) without any specific endpoints - seems to be integrated into flask's before request handler, but there's no similar class in authlib. It seems that register_grant has the same affect, but not sure. I really wish the guy had written some kind of migration instructions, rather than just saying - "don't use the old library".

bitfinity avatar May 17 '18 18:05 bitfinity

Really having an issue with the Flask_login stuff:

Do you mind telling me if this is behavior specific to the old flask-oauth library?

def load_user_from_request(request):
    """
    Load user from OAuth2 Authentication header.
    """
    from app.extensions import oauth2
    user = None
    if hasattr(request, 'oauth'):
        user = request.oauth.user
    else:
        is_valid, oauth = oauth2.verify_request(scopes=[])
        if is_valid:
            user = oauth.user
    return user

authlib doesn't have verify_request and I don't know the equivalent. I also don't know if authlib adds 'oauth' to the request or even what adding load_user_from_request is for?

bitfinity avatar May 17 '18 22:05 bitfinity

That is definitely related to how the old lib operates. I have no idea about how the new one expects this to be organized.

frol avatar May 18 '18 06:05 frol

Unfortunately, I don't have time on this project to use authlib. I made an initial attempt which you can see on my forked lib. But I just did the obvious stuff.

bitfinity avatar May 18 '18 17:05 bitfinity

I'm writing migration guide posts for Authlib now, feel free to ask me questions on StackOverflow. Here is a guide on the client part: https://blog.authlib.org/2018/migrate-flask-oauthlib-client-to-authlib

I will finish the server part soon.

lepture avatar May 21 '18 16:05 lepture

I think I got some of it working. There were changes to how the scopes were stored, and I made a few changes to flask login.

bitfinity avatar May 22 '18 05:05 bitfinity