Example applications¶
GitHub¶
Register a github application with Authorization callback URL as http://localhost:5000/oauth/authorized/github/
Ensure you have
github3.py
package installed:$ cdvirtualenv src/invenio-oauthclient $ pip install -e .[github]
Grab the Client ID and Client Secret after registering the application and add them to your instance configuration as consumer_key and consumer_secret.
$ export GITHUB_APP_CREDENTIALS_KEY=my_github_client_id $ export GITHUB_APP_CREDENTIALS_SECRET=my_github_client_secret
Create database and tables:
$ pip install -e .[all] $ cd examples $ export FLASK_APP=github_app.py $ ./app-setup.py
You can find the database in examples/github_app.db.
Run the development server:
$ flask run -p 5000 -h '0.0.0.0'
Open in a browser the page http://0.0.0.0:5000/github.
You will be redirected to github to authorize the application.
Click on Authorize application and you will be redirected back to http://localhost:5000/oauth/signup/github/, where you will be able to finalize the local user registration, inserting email address.
Insert e.g. fuu@bar.it as email address and send the form.
Now, you will be again in homepage but this time it say: hello fuu@bar.it.
You have completed the user registration.
To be able to uninstall the example app:
$ ./app-teardown.sh
ORCID¶
Register an orcid application with Authorization callback URL as http://localhost:5000/oauth/authorized/orcid/
Install oauthclient:
cdvirtualenv src/invenio-oauthclient pip install -e .[orcid]
Grab the Client ID and Client Secret after registering the application and add them to your instance configuration as consumer_key and consumer_secret.
$ export ORCID_APP_CREDENTIALS_KEY=my_orcid_client_id $ export ORCID_APP_CREDENTIALS_SECRET=my_orcid_client_secret
Create database and tables:
$ pip install -e .[all] $ cd examples $ export FLASK_APP=orcid_app.py $ ./app-setup.py
You can find the database in examples/orcid_app.db.
Run the development server:
$ flask -a orcid_app.py run -p 5000 -h '0.0.0.0'
Open in a browser the page http://0.0.0.0:5000/orcid.
You will be redirected to orcid to authorize the application.
Click on Authorize application and you will be redirected back to http://0.0.0.0:5000/oauth/authorized/orcid/, where you will be able to finalize the local user registration, inserting email address.
Insert e.g. fuu@bar.it as email address and send the form.
Now, you will be again in homepage but this time it say: hello fuu@bar.it.
You have completed the user registration.
To be able to uninstall the example app:
$ ./app-teardown.sh
CERN¶
Register a CERN application in https://sso-management.web.cern.ch/OAuth/RegisterOAuthClient.aspx with redirect_uri as https://localhost:5000/oauth/authorized/cern/ and filling all the other fields:
Ensure you have
gunicorn
package installed:cdvirtualenv src/invenio-oauthclient pip install -e gunicorn
Ensure you have
openssl
installed in your system (Most of the Linux distributions has it by default.).
Grab the client_id and secret_uri after registering the application and add them to your instance configuration as consumer_key and consumer_secret.
$ export CERN_APP_CREDENTIALS_KEY=my_cern_client_id $ export CERN_APP_CREDENTIALS_SECRET=my_cern_secret_uri
Create database and tables:
$ pip install -e .[all] $ cd examples $ export FLASK_APP=cern_app.py $ ./app-setup.py
You can find the database in examples/cern_app.db.
Create the key and the certificate in order to run a HTTPS server:
$ openssl genrsa 1024 > ssl.key $ openssl req -new -x509 -nodes -sha1 -key ssl.key > ssl.crt
Run gunicorn server:
$ gunicorn -b :5000 --certfile=ssl.crt --keyfile=ssl.key cern_app:app
Open in a browser the page https://localhost:5000/cern.
You will be redirected to CERN to authorize the application.
Click on Grant and you will be redirected back to https://localhost:5000/oauth/authorized/cern/
Now, you will be again in homepage but this time it say: hello youremail@cern.ch.
You have completed the user authorization.
To be able to uninstall the example app:
$ ./app-teardown.sh
Globus¶
Register a Globus application at https://developers.globus.org/ with the Redirect URL as http://localhost:5000/oauth/authorized/globus/. See here for more documentation: https://docs.globus.org/api/auth/developer-guide/#register-app
Grab the Client ID and Client Secret after registering the application and add them to your instance configuration as consumer_key and consumer_secret.
$ export GLOBUS_APP_CREDENTIALS_KEY=my_globus_client_id $ export GLOBUS_APP_CREDENTIALS_SECRET=my_globus_client_secret
Create database and tables:
$ cdvirtualenv src/invenio-oauthclient $ pip install -e .[all] $ cd examples $ export FLASK_APP=globus_app.py $ ./app-setup.py
You can find the database in examples/globus_app.db.
Run the development server:
$ flask run -p 5000 -h '0.0.0.0'
Open in a browser the page http://localhost:5000/globus.
You will be redirected to globus to authorize the application.
Click on Allow and you will be redirected back to http://localhost:5000/oauth/signup/globus/, where you will be able to finalize the local user registration.
To clean up and drop tables:
$ ./app-teardown.sh