-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.py
85 lines (61 loc) · 2.38 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
"""
A simple Flask app to access Knowi using Okta for user registration and login.
"""
from flask import Flask, g, redirect, render_template, url_for
from flask_oidc import OpenIDConnect
from okta import UsersClient
import os
from pathlib import Path
from knowipy import Knowi
DIR = Path(__file__)
knowi = Knowi(flag='sso', customerToken=os.environ.get("KNOWI_CUSTOMER_TOKEN"))
app = Flask(__name__)
app.config.update({
"SECRET_KEY": "this-feels-secret-enough-right!",
"OIDC_CLIENT_SECRETS": f"{DIR.parent}/client_secrets.json",
"OIDC_COOKIE_SECURE": False,
"OIDC_ID_TOKEN_COOKIE_NAME": "okta-token",
'OIDC_SCOPES': ["openid", "profile", "email"],
"OIDC_CALLBACK_ROUTE": "/oidc/callback",
"DEBUG": False
})
oidc = OpenIDConnect(app)
okta_client = UsersClient("https://dev-755502.okta.com", os.getenv('OKTA_AUTH_TOKEN'))
def authenticateKnowiSession(email):
"""handles user authentication with Knowi"""
app.logger.info(f'authenticating user: {email}')
user_token = knowi.sso_createNewUser(email=email, userGroups=["test"], updateUser=True, role="okta-test")['data']
session_token = knowi.sso_createUserSession(email=email, userToken=user_token)['data']
app.logger.info(f'userToken: {user_token} and sessionToken: {session_token} retrieved for {email}')
return session_token
@app.before_request
def before_request():
"""Load a user object using the user Okta ID. This way, the `g.user` object can be used at any point."""
if oidc.user_loggedin:
g.user = okta_client.get_user(str(oidc.user_getfield("sub")))
g.token = authenticateKnowiSession(g.user.profile.email)
else:
g.user = None
@app.route("/")
def index():
"""Render the homepage."""
return render_template("index.html")
@app.route("/dashboard")
@oidc.require_login
def dashboard():
"""Render the dashboard page."""
return render_template("dashboard.html")
@app.route("/login")
@oidc.require_login
def login():
"""Force the user to login, then redirect them to the dashboard."""
return redirect(url_for(".index"))
@app.route("/logout")
def logout():
"""Log the user out of their account and terminates session on Knowi and Okta."""
knowi.sso_logout(sessionToken=g.token)
oidc.logout()
return redirect(url_for(".index"))
if __name__ == "__main__":
app.logger.info('App is up and running...')
app.run(host='0.0.0.0', port=5000)