Example applications¶
Example application¶
Run example development server:
$ pip install -e .[all]
$ cd examples
$ ./app-setup.sh
$ ./app-fixtures.sh
$ FLASK_APP=app.py flask run -p 5000
Open settings page to generate a token:
$ open http://127.0.0.1:5000/account/settings/applications
Login with:
username: admin@inveniosoftware.orgpassword: 123456
Click on “New token” and compile the form: insert the name “foobar”, check scope “test:scope” and click “create”. The server will show you the generated Access Token.
Make a request to test the token:
export TOKEN=<generated Access Token>
curl -i -X GET -H "Content-Type:application/json" http://127.0.0.1:5000/ \
-H "Authorization:Bearer $TOKEN"
To end and remove any traces of example application, stop the example application and run: .. code-block:: console
$ ./app-teardown.sh
Example OAuth2 Consumer¶
This example OAuth2 consumer application is used to fetch an OAuth2 access token from example application.
Note
Before continuing make sure example application is running.
Open settings page of example app to register a new OAuth2 application:
$ open http://127.0.0.1:5000/account/settings/applications
Login using:
username: admin@inveniosoftware.orgpassword: 123456
- Click on “New application” and compile registration form with following data:
- Name: foobar-appDescription: An example OAuth2 consumer applicationWebsite URL: http://127.0.0.1:5100/Redirect URIs: http://127.0.0.1:5100/authorizedClient Type: Confidential
Click register and example application will generate and show you a Client ID and Client Secret.
Open another terminal and move to examples-folder.
Export these values using following environment variables before starting the example consumer or change values of corresponding keys in examples/consumer.py to match.
$ export CONSUMER_CLIENT_ID=<generated_client_id>
$ export CONSUMER_CLIENT_SECRET=<generated_client_secret>
LOGOUT admin@inveniosoftware.org from example application:
$ open http://127.0.0.1:5000/logout
Run the example consumer
$ FLASK_APP=consumer.py flask run -p 5100
Start OAuth authorization flow and you will be redirected to example application for authentication and to authorize example consumer to access your account details on example application.
Login to example application with:
username: reader@inveniosoftware.orgpassword: 123456
Review the authorization request presented to you and authorize the example consumer.
You will be redirected back to example consumer where you can see details of the authorization token that example application generated to example consumer.
Note
In case the authorization flow ends in an error, you can usually see the error in query-part of the URL.
Using example consumer’s UI you can request a new access token from example application either by using a refresh token or by completing the authorization flow again.
To manage settings of OAuth2 consumer at invenio-oauth2server settings page, login with the account that registered the consumer, admin@inveniosoftware.org.
To review and possibly revoke permissions of OAuth2 consumer that has been authorized to access resources login with the account that authorized the consumer, reader@inveniosoftware.org.
This example consumer is inspired by example presented in requests-oauthlib documentation (http://requests-oauthlib.rtfd.io/en/latest/examples/real_world_example_with_refresh.html) and is based on example application(s) of flask-oauthlib: (https://github.com/lepture/flask-oauthlib/tree/master/example) (https://github.com/lepture/flask-oauthlib/tree/master/example/contrib/experiment-client/douban.py)
Note that to support automatic refreshing of access tokens this consumer uses flask-oauthlib.contrib.client which is considered experimental.