Alternative for flask oidc for python flask oidc app

When developing a Python Flask application that requires OpenID Connect (OIDC) authentication, one popular choice is to use the Flask-OIDC library. However, there may be situations where you need an alternative solution for Flask OIDC. In this article, we will explore three different options to solve this problem.

Option 1: Flask-Dance

Flask-Dance is a lightweight Flask extension that provides OAuth and OpenID Connect support. It offers a simple and intuitive way to integrate OIDC authentication into your Flask application.


from flask import Flask, redirect, url_for
from flask_dance.contrib.google import make_google_blueprint, google

app = Flask(__name__)
app.secret_key = "your_secret_key"

blueprint = make_google_blueprint(
    client_id="your_client_id",
    client_secret="your_client_secret",
    scope=["openid", "email", "profile"],
    redirect_url="/callback"
)
app.register_blueprint(blueprint, url_prefix="/login")

@app.route("/")
def index():
    if not google.authorized:
        return redirect(url_for("google.login"))
    resp = google.get("/oauth2/v1/userinfo")
    assert resp.ok, resp.text
    return f"Hello, {resp.json()['name']}!"

if __name__ == "__main__":
    app.run()

Option 1 uses Flask-Dance to create a Google OAuth blueprint and integrate it into the Flask application. The user is redirected to the Google login page, and upon successful authentication, the user’s name is displayed on the index page.

Option 2: Authlib

Authlib is a powerful authentication library for Python that supports various authentication protocols, including OpenID Connect. It provides a comprehensive set of tools and features to handle OIDC authentication in Flask applications.


from flask import Flask, redirect, url_for
from authlib.integrations.flask_client import OAuth

app = Flask(__name__)
app.secret_key = "your_secret_key"

oauth = OAuth(app)
oauth.register(
    name="google",
    client_id="your_client_id",
    client_secret="your_client_secret",
    server_metadata_url="https://accounts.google.com/.well-known/openid-configuration",
    client_kwargs={"scope": "openid email profile"}
)

@app.route("/")
def index():
    google = oauth.create_client("google")
    if not google.authorized:
        return redirect(url_for("google.authorize"))
    resp = google.get("userinfo")
    assert resp.ok, resp.text
    return f"Hello, {resp.json()['name']}!"

if __name__ == "__main__":
    app.run()

Option 2 utilizes Authlib to create a Google OAuth client and handle OIDC authentication. The server metadata URL is used to fetch the necessary configuration for the Google OIDC provider. After successful authentication, the user’s name is displayed on the index page.

Option 3: Flask-OAuthlib

Flask-OAuthlib is another popular choice for handling OAuth and OpenID Connect authentication in Flask applications. It provides a flexible and extensible framework for integrating OIDC authentication into your Flask app.


from flask import Flask, redirect, url_for
from flask_oauthlib.client import OAuth

app = Flask(__name__)
app.secret_key = "your_secret_key"

oauth = OAuth(app)
google = oauth.remote_app(
    "google",
    consumer_key="your_client_id",
    consumer_secret="your_client_secret",
    request_token_params={"scope": "openid email profile"},
    base_url="https://www.googleapis.com/oauth2/v1/",
    request_token_url=None,
    access_token_method="POST",
    access_token_url="https://accounts.google.com/o/oauth2/token",
    authorize_url="https://accounts.google.com/o/oauth2/auth"
)

@app.route("/")
def index():
    if "google_token" in session:
        resp = google.get("userinfo")
        assert resp.status == 200, resp.data
        return f"Hello, {resp.data['name']}!"
    return redirect(url_for("google.login"))

if __name__ == "__main__":
    app.run()

Option 3 uses Flask-OAuthlib to create a Google OAuth remote app and handle OIDC authentication. After successful authentication, the user’s name is displayed on the index page.

Among the three options, Flask-Dance, Authlib, and Flask-OAuthlib, the best choice depends on your specific requirements and preferences. Flask-Dance is the simplest and most straightforward option, while Authlib and Flask-OAuthlib offer more advanced features and flexibility. Consider the complexity of your application and the level of customization you need when choosing the most suitable alternative for Flask OIDC in your Python Flask app.

Rate this post

7 Responses

  1. Option 2: Authlib is the way to go! Its like finding a hidden treasure in the Python flask oidc world! 💎

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents