micropub-flask-gitea/README.md

[![Documentation Status](https://readthedocs.org/projects/flask-micropub/badge/?version=latest)](http://flask-micropub.readthedocs.org/en/latest/?badge=latest)

# Flask-Micropub

A Flask extension to support IndieAuth and Micropub clients.

## Authentication

Authentication uses the
[IndieAuth](https://indiewebcamp.com/IndieAuth) flow to confirm a user
controls a particular URL, without requesting any sort of permissions
or access token. Annotate an endpoint with
`@micropub.authenticated_handler` and then call
`micropub.authenticate` to initiate the login.

## Authorization

Authorization uses the full
[Micropub](https://indiewebcamp.com/Micropub) flow to authenticate a
user and then request an access token with which to make micropub
requests. Annotate an endpoint with `@micropub.authorized_handler` and
then call `micropub.authorize` to initiate the login.

## CSRF

MicropubClient provides a simple mechanism to deter Cross-Site Request
Forgery. Based on
[this Flask snippet](http://flask.pocoo.org/snippets/3/), we generate
a random string, pass it to the indieauth service via the state
parameter, and then confirm we get the same random string back later.

This helps prevent malicious sites from sending users to your
indieauth endpoint against their will.

## Example

```python
from flask import Flask, request, url_for
from flask.ext.micropub import MicropubClient

app = Flask(__name__)
micropub = MicropubClient(app)


@app.route('/login')
def login():
    return micropub.authorize(
        me, scope=request.args.get('scope'))


@app.route('/micropub-callback')
@micropub.authorized_handler
def micropub_callback(resp):
    print('success!', resp.me, resp.access_token, resp.next_url, resp.error)

```

See example.py for a more thorough example. Protocol details at
https://indiewebcamp.com/IndieAuth and
https://indiewebcamp.com/Micropub
add ReadTheDocs badge 2015-12-23 19:11:05 +00:00			`[![Documentation Status](https://readthedocs.org/projects/flask-micropub/badge/?version=latest)](http://flask-micropub.readthedocs.org/en/latest/?badge=latest)`

improve API, add documentation 2015-01-19 17:01:56 +00:00			`# Flask-Micropub`

			`A Flask extension to support IndieAuth and Micropub clients.`

added authentication-only flow - Added a separate 'authenticate' flow to provide explicit support for calling out to indieauth without requesting any sort of access token. - Redirect_url is now determined automatically based on the authenticated_handler or authorized_handler annotations 2015-02-07 17:40:31 +00:00			`## Authentication`

			`Authentication uses the`
			`[IndieAuth](https://indiewebcamp.com/IndieAuth) flow to confirm a user`
			`controls a particular URL, without requesting any sort of permissions`
			`or access token. Annotate an endpoint with`
			`@micropub.authenticated_handler` and then call
			`micropub.authenticate` to initiate the login.

			`## Authorization`

			`Authorization uses the full`
			`[Micropub](https://indiewebcamp.com/Micropub) flow to authenticate a`
			`user and then request an access token with which to make micropub`
			requests. Annotate an endpoint with `@micropub.authorized_handler` and
			then call `micropub.authorize` to initiate the login.

			`## CSRF`

			`MicropubClient provides a simple mechanism to deter Cross-Site Request`
			`Forgery. Based on`
			`[this Flask snippet](http://flask.pocoo.org/snippets/3/), we generate`
			`a random string, pass it to the indieauth service via the state`
			`parameter, and then confirm we get the same random string back later.`

			`This helps prevent malicious sites from sending users to your`
			`indieauth endpoint against their will.`

			`## Example`
improve API, add documentation 2015-01-19 17:01:56 +00:00
			```python
			`from flask import Flask, request, url_for`
added authentication-only flow - Added a separate 'authenticate' flow to provide explicit support for calling out to indieauth without requesting any sort of access token. - Redirect_url is now determined automatically based on the authenticated_handler or authorized_handler annotations 2015-02-07 17:40:31 +00:00			`from flask.ext.micropub import MicropubClient`
improve API, add documentation 2015-01-19 17:01:56 +00:00
			`app = Flask(__name__)`
added authentication-only flow - Added a separate 'authenticate' flow to provide explicit support for calling out to indieauth without requesting any sort of access token. - Redirect_url is now determined automatically based on the authenticated_handler or authorized_handler annotations 2015-02-07 17:40:31 +00:00			`micropub = MicropubClient(app)`
improve API, add documentation 2015-01-19 17:01:56 +00:00

			`@app.route('/login')`
			`def login():`
			`return micropub.authorize(`
added authentication-only flow - Added a separate 'authenticate' flow to provide explicit support for calling out to indieauth without requesting any sort of access token. - Redirect_url is now determined automatically based on the authenticated_handler or authorized_handler annotations 2015-02-07 17:40:31 +00:00			`me, scope=request.args.get('scope'))`
improve API, add documentation 2015-01-19 17:01:56 +00:00

			`@app.route('/micropub-callback')`
			`@micropub.authorized_handler`
			`def micropub_callback(resp):`
			`print('success!', resp.me, resp.access_token, resp.next_url, resp.error)`

			```

added authentication-only flow - Added a separate 'authenticate' flow to provide explicit support for calling out to indieauth without requesting any sort of access token. - Redirect_url is now determined automatically based on the authenticated_handler or authorized_handler annotations 2015-02-07 17:40:31 +00:00			`See example.py for a more thorough example. Protocol details at`
			`https://indiewebcamp.com/IndieAuth and`
			`https://indiewebcamp.com/Micropub`