ravenscroftj
/
micropub-flask-gitea
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
51 Commits 1 Branch 0 Tags 103 KiB
Python 100%
Go to file
James Ravenscroft c281222015 add webmention webhook support 2022-01-09 15:33:01 +00:00
docs Use napoleon sphinx extension to parse Google-style docstrings 2015-12-16 18:28:29 +00:00
tests add a simple unit test and tox.ini 2016-03-18 12:26:28 -07:00
.gitignore Initial commit 2015-01-18 23:09:15 -08:00
.travis.yml add travis config 2016-03-18 18:36:41 -07:00
CHANGELOG.md bump version number 2017-11-04 18:31:05 -07:00
LICENSE Initial commit 2015-01-18 23:09:15 -08:00
README.md add build status badge 2016-03-18 18:38:45 -07:00
circle.yml add circle.yml 2016-03-18 12:36:55 -07:00
example.py add webmention webhook support 2022-01-09 15:33:01 +00:00
flask_micropub.py support JSON response from auth, token endpoints 2017-03-09 23:33:43 -05:00
requirements.txt add project requirements 2021-12-23 21:39:30 +00:00
setup.py bump version number 2017-11-04 18:31:05 -07:00
tox.ini actually run some tests on python setup.py test 2016-03-18 18:46:34 -07:00

README.md

Documentation Status

Build Status

Flask-Micropub

A Flask extension to support IndieAuth and Micropub clients.

Authentication

Authentication uses the IndieAuth flow to confirm a user controls a particular URL, without requesting any sort of permissions or access token. Annotate an endpoint with @micropub.authenticated_handler and then call micropub.authenticate to initiate the login.

Authorization

Authorization uses the full Micropub flow to authenticate a user and then request an access token with which to make micropub requests. Annotate an endpoint with @micropub.authorized_handler and then call micropub.authorize to initiate the login.

CSRF

MicropubClient provides a simple mechanism to deter Cross-Site Request Forgery. Based on this Flask snippet, we generate a random string, pass it to the indieauth service via the state parameter, and then confirm we get the same random string back later.

This helps prevent malicious sites from sending users to your indieauth endpoint against their will.

Example

from flask import Flask, request, url_for
from flask.ext.micropub import MicropubClient

app = Flask(__name__)
micropub = MicropubClient(app)


@app.route('/login')
def login():
    return micropub.authorize(
        me, scope=request.args.get('scope'))


@app.route('/micropub-callback')
@micropub.authorized_handler
def micropub_callback(resp):
    print('success!', resp.me, resp.access_token, resp.next_url, resp.error)

See example.py for a more thorough example. Protocol details at https://indiewebcamp.com/IndieAuth and https://indiewebcamp.com/Micropub