#!/usr/bin/env python3 # -*- coding: utf-8 -*- """ OAuth Flask Application Example Complete example of Identitas with GitHub OAuth enabled. """ import os import sys from flask import Flask from Identitas.interface.flask.routes.login_flask import login_bp from Identitas.interface.flask.routes.logout_flask import logout_bp from Identitas.interface.flask.routes.register_flask import register_bp from Identitas.interface.flask.routes.oauth_flask import oauth_bp from Identitas.interface.flask.utils.auth_utils import require_session from Identitas.provider.api.init import init from Identitas.provider.api.auth import register from Identitas.provider.api.oauth import ( register_oauth_provider, enable_oauth_provider, get_user_oauth_accounts, list_enabled_oauth_providers ) from Identitas.provider.api.rbac import get_user_permissions_summary # ============================================================ # Flask Application Setup # ============================================================ app = Flask(__name__) os.environ["IDENTITAS_JWT"] = "true" os.environ["IDENTITAS_SIGNUP_REQUIREMENTS"] = "min_length=12,upper=1,lower=1,digits=2,special=1" os.environ["OAUTH_GITHUB_CLIENT_ID"] = "replaceme" os.environ["OAUTH_GITHUB_CLIENT_SECRET"] = "replaceme" os.environ["IDENTITAS_REDIRECT_URI_GITHUB"] = "yourserver.address/auth/oauth/callback/github" # Enable debug mode only if explicitly set debug_mode = os.getenv("DEBUG", "false").lower() == "true" engine = init(os.path.dirname(os.path.abspath(sys.argv[0])) + "/data" + "/auth.db", debug=debug_mode) app.config["IDENTITAS_ENGINE"] = engine app.config["IDENTITAS_LANG"] = "en" # ============================================================ # Register Blueprint # ============================================================ # Authentication routes app.register_blueprint(login_bp) app.register_blueprint(logout_bp) app.register_blueprint(register_bp) # OAuth routes (NEW!) app.register_blueprint(oauth_bp) # ============================================================ # Configure OAuth Providers # ============================================================ def setup_oauth_providers(): """ Configure OAuth providers from environment variables or defaults. Environment variables: - OAUTH_GITHUB_ENABLED: "true" or "false" - OAUTH_GITHUB_CLIENT_ID: GitHub Client ID - OAUTH_GITHUB_CLIENT_SECRET: GitHub Client Secret """ # GitHub OAuth if os.getenv("OAUTH_GITHUB_ENABLED", "true").lower() == "true": github_id = os.getenv("OAUTH_GITHUB_CLIENT_ID") github_secret = os.getenv("OAUTH_GITHUB_CLIENT_SECRET") # If credentials provided, register provider if github_id and github_secret: register_oauth_provider( engine, name="github", display_name="GitHub", client_id=github_id, client_secret=github_secret, authorize_url="https://github.com/login/oauth/authorize", token_url="https://github.com/login/oauth/access_token", user_info_url="https://api.github.com/user", scope="user:email", # redirect_uri="http://127.0.0.1:5000/auth/oauth/callback/github" ) enable_oauth_provider(engine, "github") print("✅ GitHub OAuth enabled") else: print("⚠️ GitHub OAuth credentials not found in environment variables") print(" To enable GitHub OAuth:") print(" 1. Set OAUTH_GITHUB_CLIENT_ID environment variable") print(" 2. Set OAUTH_GITHUB_CLIENT_SECRET environment variable") print(" 3. Restart the application") # Google OAuth (example - commented out) # if os.getenv("OAUTH_GOOGLE_ENABLED", "false").lower() == "true": # google_id = os.getenv("OAUTH_GOOGLE_CLIENT_ID") # google_secret = os.getenv("OAUTH_GOOGLE_CLIENT_SECRET") # # if google_id and google_secret: # register_oauth_provider( # engine, # name="google", # display_name="Google", # client_id=google_id, # client_secret=google_secret, # authorize_url="https://accounts.google.com/o/oauth2/v2/auth", # token_url="https://www.googleapis.com/oauth2/v4/token", # user_info_url="https://www.googleapis.com/oauth2/v1/userinfo", # scope="openid email profile" # ) # enable_oauth_provider(engine, "google") # print("✅ Google OAuth enabled") # Initialize OAuth providers setup_oauth_providers() # ============================================================ # Create Demo User # ============================================================ try: register(engine, "adam", "TestPass123!@", "adam@example.com") print("✅ Demo user created: adam / TestPass123!@") except: pass # User might already exist # ============================================================ # Example Routes # ============================================================ @app.get("/") def index(): """Home page""" return """ Identitas OAuth Example

Identitas OAuth Example

Authentication

Login with Username/Password

Register New Account

Demo user: adam / TestPass123!@

OAuth Features

See OAuth login options

Available OAuth providers:

User Dashboard

View Dashboard (requires login)

API Endpoints

Environment Variables

To enable GitHub OAuth, set these environment variables:

See OAUTH_GITHUB_SETUP.md for detailed GitHub OAuth setup instructions.

""" @app.get("/dashboard") @require_session def dashboard(user_id): """User dashboard""" from Identitas.provider.models.user import User from sqlalchemy.orm import Session as DBSession try: with DBSession(engine) as session: user = session.query(User).filter_by(id=user_id).first() if not user: return "User not found", 404 # Get OAuth accounts oauth_accounts = get_user_oauth_accounts(engine, user_id) # Get permissions (if RBAC enabled) permissions = get_user_permissions_summary(engine, user_id) oauth_html = "" if oauth_accounts: oauth_html = "

Connected OAuth Accounts:

" else: oauth_html = "

No OAuth accounts connected

" permissions_html = "" if permissions: permissions_html = "

Your Permissions:

" return f""" Dashboard

Welcome, {user.username}!

User Information

User ID: {user.id}

Username: {user.username}

Email: {user.email or 'Not set'}

OAuth Accounts

{oauth_html}

Connect another OAuth provider

{permissions_html}

Logout

""" except Exception as e: return f"Error: {str(e)}", 500 # ============================================================ # Error Handlers # ============================================================ @app.errorhandler(404) def not_found(error): return "

404 - Not Found

", 404 @app.errorhandler(500) def server_error(error): return "

500 - Server Error

", 500 # ============================================================ # Run Application # ============================================================ if __name__ == "__main__": print(""" ============================================================ Identitas OAuth Flask Application ============================================================ Features: ✅ Traditional username/password authentication ✅ OAuth authentication (GitHub and more) ✅ Automatic user account creation from OAuth ✅ Multiple OAuth provider support ✅ Account linking Available URLs: - Home: http://localhost:5000/ - Login: http://localhost:5000/auth/login - Register: http://localhost:5000/auth/register - Dashboard: http://localhost:5000/dashboard (requires login) OAuth Providers: """ + ", ".join([p.display_name for p in list_enabled_oauth_providers(engine)]) or "None configured" + """ To enable GitHub OAuth: 1. Create GitHub OAuth app at https://github.com/settings/developers 2. Set environment variables: export OAUTH_GITHUB_CLIENT_ID="your_id" export OAUTH_GITHUB_CLIENT_SECRET="your_secret" 3. Restart this application Demo User: Username: adam Password: TestPass123!@ For GitHub OAuth setup instructions, see: OAUTH_GITHUB_SETUP.md For complete documentation, see: OAUTH_DOCUMENTATION.md ============================================================ """) app.run(debug=True)