|
|
from flask import Flask, request, redirect, session |
|
|
from authlib.integrations.flask_client import OAuth |
|
|
import os |
|
|
|
|
|
|
|
|
app = Flask(__name__) |
|
|
app.secret_key = os.getenv("FLASK_SECRET_KEY") |
|
|
|
|
|
|
|
|
oauth = OAuth(app) |
|
|
azure = oauth.register( |
|
|
name='azure', |
|
|
client_id=os.getenv("AZURE_CLIENT_ID"), |
|
|
client_secret=os.getenv("AZURE_CLIENT_SECRET"), |
|
|
server_metadata_url=f"https://login.microsoftonline.com/{os.getenv('AZURE_TENANT_ID')}/v2.0/.well-known/openid-configuration", |
|
|
client_kwargs={"scope": "openid email profile"}, |
|
|
) |
|
|
|
|
|
@app.route("/login") |
|
|
def login(): |
|
|
redirect_uri = os.getenv("REDIRECT_URI", "http://localhost:8501") |
|
|
return azure.authorize_redirect(redirect_uri) |
|
|
|
|
|
@app.route("/callback") |
|
|
def callback(): |
|
|
token = azure.authorize_access_token() |
|
|
user = azure.parse_id_token(token) |
|
|
|
|
|
return redirect("/") |
|
|
|
|
|
@app.before_request |
|
|
def auth_middleware(): |
|
|
if request.endpoint not in ("login", "callback") and "user" not in session: |
|
|
return redirect("/login") |
|
|
|
