-
-
Save amfeng/3517668 to your computer and use it in GitHub Desktop.
| <!doctype html> | |
| <head> | |
| <title>Stripe OAuth Example</title> | |
| </head> | |
| <body> | |
| {{ token }} | |
| </body> | |
| </html> |
| <!doctype html> | |
| <head> | |
| <title>Stripe OAuth Example</title> | |
| </head> | |
| <body> | |
| <a href="/authorize">Connect with Stripe</a> | |
| </body> | |
| </html> |
| API_KEY = 'YOUR_SECRET_API_KEY' | |
| CLIENT_ID = 'YOUR_CLIENT_ID' |
| from flask import Flask, render_template, request, redirect | |
| import requests | |
| import urllib | |
| app = Flask(__name__) | |
| app.config.from_pyfile('keys.cfg') | |
| app.config['SITE'] = 'https://connect.stripe.com' | |
| app.config['AUTHORIZE_URI'] = '/oauth/authorize' | |
| app.config['TOKEN_URI'] = '/oauth/token' | |
| @app.route('/') | |
| def index(): | |
| return render_template('index.html') | |
| @app.route('/authorize') | |
| def authorize(): | |
| site = app.config['SITE'] + app.config['AUTHORIZE_URI'] | |
| params = { | |
| 'response_type': 'code', | |
| 'scope': 'read_write', | |
| 'client_id': app.config['CLIENT_ID'] | |
| } | |
| # Redirect to Stripe /oauth/authorize endpoint | |
| url = site + '?' + urllib.urlencode(params) | |
| return redirect(url) | |
| @app.route('/oauth/callback') | |
| def callback(): | |
| code = request.args.get('code') | |
| data = { | |
| 'client_secret': app.config['API_KEY'], | |
| 'grant_type': 'authorization_code', | |
| 'client_id': app.config['CLIENT_ID'], | |
| 'code': code | |
| } | |
| # Make /oauth/token endpoint POST request | |
| url = app.config['SITE'] + app.config['TOKEN_URI'] | |
| resp = requests.post(url, params=data) | |
| # Grab access_token (use this as your user's API key) | |
| token = resp.json.get('access_token') | |
| return render_template('callback.html', token=token) | |
| if __name__ == '__main__': | |
| app.run() |
I'm a little confused. Is this a standard OAuth workflow? I don't see any signing or encryption ever taking place. Sorry if I'm misunderstanding it, thanks.
edit
Never mind, looks like OAuth 2 offloads all encryption, hence why people believe it to be insecure. Got it now, thanks!
Just a note, in the callback route I had to call json as a function prior to get:
token = resp.json().get('access_token')
Hey, if anyone needs a deauth example, here you go (setting the auth header)...
headers = {'Authorization': "bearer " + _STRIPE_SECRET_KEY}
resp = requests.post(url, params=data, headers=headers)
In server.py, line 43, resp.json.get('access_token') is a function and should be resp.json().get('access_token')
Just got an error, easily fixable though ;-)
token = resp.json.get('access_token')
should be
token = resp.json().get('access_token')
Thanks so much for this! I've been trying to get oauth working with flask all weekend this was the by far the clearest example I've found.