Example applications

Example application

Run example development server:

$ pip install -e .[all]
$ cd examples
$ ./app-setup.sh
$ ./app-fixtures.sh
$ FLASK_APP=app.py flask run -p 5000

Open settings page to generate a token:

$ open http://127.0.0.1:5000/account/settings/applications

Login with:

username: admin@inveniosoftware.org
password: 123456

Click on “New token” and compile the form: insert the name “foobar”, check scope “test:scope” and click “create”. The server will show you the generated Access Token.

Make a request to test the token:

export TOKEN=<generated Access Token>
curl -i -X GET -H "Content-Type:application/json" http://127.0.0.1:5000/ \
    -H "Authorization:Bearer $TOKEN"

To end and remove any traces of example application, stop the example application and run: .. code-block:: console

$ ./app-teardown.sh

Example OAuth2 Consumer

This example OAuth2 consumer application is used to fetch an OAuth2 access token from example application.

For more information about OAuth2 protocol see

Note

Before continuing make sure example application is running.


Open settings page of example app to register a new OAuth2 application:

$ open http://127.0.0.1:5000/account/settings/applications

Login using:

username: admin@inveniosoftware.org
password: 123456
Click on “New application” and compile registration form with following data:
Name: foobar-app
Description: An example OAuth2 consumer application
Website URL: http://127.0.0.1:5100/
Redirect URIs: http://127.0.0.1:5100/authorized
Client Type: Confidential

Click register and example application will generate and show you a Client ID and Client Secret.

Open another terminal and move to examples-folder.

Export these values using following environment variables before starting the example consumer or change values of corresponding keys in examples/consumer.py to match.

$ export CONSUMER_CLIENT_ID=<generated_client_id>
$ export CONSUMER_CLIENT_SECRET=<generated_client_secret>

LOGOUT admin@inveniosoftware.org from example application:

$ open http://127.0.0.1:5000/logout

Run the example consumer

$ FLASK_APP=consumer.py flask run -p 5100

Start OAuth authorization flow and you will be redirected to example application for authentication and to authorize example consumer to access your account details on example application.

Login to example application with:

username: reader@inveniosoftware.org
password: 123456

Review the authorization request presented to you and authorize the example consumer.

You will be redirected back to example consumer where you can see details of the authorization token that example application generated to example consumer.

Note

In case the authorization flow ends in an error, you can usually see the error in query-part of the URL.


Using example consumer’s UI you can request a new access token from example application either by using a refresh token or by completing the authorization flow again.

To manage settings of OAuth2 consumer at invenio-oauth2server settings page, login with the account that registered the consumer, admin@inveniosoftware.org.

To review and possibly revoke permissions of OAuth2 consumer that has been authorized to access resources login with the account that authorized the consumer, reader@inveniosoftware.org.


This example consumer is inspired by example presented in requests-oauthlib documentation (http://requests-oauthlib.rtfd.io/en/latest/examples/real_world_example_with_refresh.html) and is based on example application(s) of flask-oauthlib: (https://github.com/lepture/flask-oauthlib/tree/master/example) (https://github.com/lepture/flask-oauthlib/tree/master/example/contrib/experiment-client/douban.py)

Note that to support automatic refreshing of access tokens this consumer uses flask-oauthlib.contrib.client which is considered experimental.