harshavardhana · July 14, 2020 04:53
diff --git a/web-identity.py b/web-identity.py
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 import logging
 import boto3

 from botocore.session import get_session
 from boto3.session import Session

 import requests, json
 import subprocess
 import sys

 boto3.set_stream_logger('boto3.resources', logging.DEBUG)

 authorize_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/auth"
 token_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token"

 # callback url specified when the application was defined
 callback_uri = "http://localhost:8000/oauth2/callback"

 # keycloak id and secret
 client_id = 'account'
 client_secret = 'daaa3008-80f0-40f7-80d7-e15167531ff0'

 from flask import Flask
 from uuid import uuid4

 app = Flask(__name__)
 @app.route('/')
 def homepage():
    text = '<a href="%s">Authenticate with reddit</a>'
    return text % make_authorization_url()

 def make_authorization_url():
    # Generate a random string for the state parameter
    # Save it for use later to prevent xsrf attacks

    state = str(uuid4())
    params = {"client_id": client_id,
 	      "response_type": "code",
 	      "state": state,
 	      "redirect_uri": callback_uri,
 	      "scope": "openid"}
    import urllib
    url = authorize_url + "?" + urllib.parse.urlencode(params)
    return url

 from flask import abort, request
 @app.route('/oauth2/callback')
 def callback():
    error = request.args.get('error', '')
    if error:
        return "Error: " + error

    authorization_code = request.args.get('code')

    data = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': callback_uri }
    print("requesting access token")
    access_token_response = requests.post(token_url, data=data, verify=False, allow_redirects=False, auth=(client_id, client_secret))

    print("response")
    print(access_token_response.headers)
    print('body: ' + access_token_response.text)

    # we can now use the access_token as much as we want to access protected resources.
    tokens = json.loads(access_token_response.text)
    access_token = tokens['access_token']
    return "access token: " + access_token

 if __name__ == '__main__':
    app.run(debug=True, port=8000)
	#!/usr/bin/env python
	# -- coding: utf-8 --
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	import logging
	import boto3

	from botocore.session import get_session
	from boto3.session import Session

	import requests, json
	import subprocess
	import sys

	boto3.set_stream_logger('boto3.resources', logging.DEBUG)

	authorize_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/auth"
	token_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token"

	# callback url specified when the application was defined
	callback_uri = "http://localhost:8000/oauth2/callback"

	# keycloak id and secret
	client_id = 'account'
	client_secret = 'daaa3008-80f0-40f7-80d7-e15167531ff0'

	from flask import Flask
	from uuid import uuid4

	app = Flask(__name__)
	@app.route('/')
	def homepage():
	text = '<a href="%s">Authenticate with reddit</a>'
	return text % make_authorization_url()

	def make_authorization_url():
	# Generate a random string for the state parameter
	# Save it for use later to prevent xsrf attacks

	state = str(uuid4())
	params = {"client_id": client_id,
	"response_type": "code",
	"state": state,
	"redirect_uri": callback_uri,
	"scope": "openid"}
	import urllib
	url = authorize_url + "?" + urllib.parse.urlencode(params)
	return url

	from flask import abort, request
	@app.route('/oauth2/callback')
	def callback():
	error = request.args.get('error', '')
	if error:
	return "Error: " + error

	authorization_code = request.args.get('code')

	data = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': callback_uri }
	print("requesting access token")
	access_token_response = requests.post(token_url, data=data, verify=False, allow_redirects=False, auth=(client_id, client_secret))

	print("response")
	print(access_token_response.headers)
	print('body: ' + access_token_response.text)

	# we can now use the access_token as much as we want to access protected resources.
	tokens = json.loads(access_token_response.text)
	access_token = tokens['access_token']
	return "access token: " + access_token

	if __name__ == '__main__':
	app.run(debug=True, port=8000)