I would like a way to activate and deactivate OIDC checks using flask-oidc.
Using the @require_login decorator is a problem as it cannot be deactivated. For instance :
g_use_oidc = True # <= A global boolean to activate or deactivate OIDC at application level
@app.route('/') # <= Flask routing
@require_login # <= Flask-OIDC making redirection to oAuth provider
def home():
return render_template('index.html')
This is working well with OIDC as I get redirected to my oAUth provider. But now I want g_use_oidc to be set to False and @require_login to stop redirecting calls.
In order to achieve this I created a decorator to check the g_use_oidc status like the following :
def check_oidc_test(func):
@wraps()
def inner():
if not use_oidc or oidc.user_loggedin == True:
func()
elif use_oidc and oidc.user_loggedin == False:
return oidc.redirect_to_auth_server(None, request.values) # <= Redirection to OIDC provider as shown in the doc
return inner
I should be able to use the decorator like this :
@app.route('/')
@check_oidc # <= my new decorator
def home():
return render_template('index.html')
Unfortunatly I get this stacktrace from OIDC :
Traceback (most recent call last):
File "x.local/lib/python3.8/site-packages/flask/app.py", line 2088, in __call__
return self.wsgi_app(environ, start_response)
File "x.local/lib/python3.8/site-packages/flask/app.py", line 2073, in wsgi_app
response = self.handle_exception(e)
File "x.local/lib/python3.8/site-packages/flask/app.py", line 2070, in wsgi_app
response = self.full_dispatch_request()
File "x.local/lib/python3.8/site-packages/flask/app.py", line 1515, in full_dispatch_request
rv = self.handle_user_exception(e)
File "x.local/lib/python3.8/site-packages/flask/app.py", line 1513, in full_dispatch_request
rv = self.dispatch_request()
File "x.local/lib/python3.8/site-packages/flask/app.py", line 1499, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "x.local/lib/python3.8/site-packages/flask_oidc/__init__.py", line 657, in _oidc_callback
plainreturn, data = self._process_callback('destination')
File "x.local/lib/python3.8/site-packages/flask_oidc/__init__.py", line 707, in _process_callback
response = self.extra_data_serializer.loads(state[statefield])
KeyError: 'destination'
Solved it.
I looked at the code of @require_login which looks like this :
if g.oidc_id_token is None:
return self.redirect_to_auth_server(request.url)
So I wasn't far...
I updated my decorator to match theirs
def check_oidc(view_func):
@wraps(view_func)
def decorated(*args, **kwargs):
if g_use_oidc is True and oidc.user_loggedin == False:
return oidc.redirect_to_auth_server(request.url)
return view_func(*args, **kwargs)
return decorated
It's using oidc.redirect_to_auth_server which is deprecated as of 1.0.0. But it's the function that is being used internaly in @require_login so it's not thaaaaat deprecated.