Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Simplify oauth_authorized with redirect

See original GitHub issue

repost from https://github.com/singingwolfboy/flask-dance/issues/203#issuecomment-486333141 (CC @daenney @singingwolfboy) Right now the expectation is that writers of oauth_authorized callbacks handle saving the token if they want a redirect. This leads to more complicated logic to handle redirects (see linked comment), reposted here: why push that responsibility on the user? Seems like there is a non trivial amount of logic in setting the token (ie handling errors) that I would guess most consumers would still want to use.

I think in the base case of just wanting to customize redirects (ie to send the user back to the where they originally came from) where the logic is:

    next_url = flask.session["next_url"]
    return flask.redirect(next_url)

having to also set the token seems unnatural.

I suggest improving the DX here to allow returning the a response and still re-using the existing set token logic.

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:14 (10 by maintainers)

Top GitHub Comments

1reaction

singingwolfboycommented, Jun 6, 2019

The part I’m missing (maybe it’s trivial !) is how do we set the next_url in the flask session?

Doing it in your view code is one way. You could also hook into the oauth_before_login signal:

import flask
from flask_dance.consumer import oauth_before_login

@oauth_before_login.connect
def before_login(blueprint, url):
    flask.session["next_url"] = flask.request.args.get("next_url")

1reaction

daenneycommented, Jun 6, 2019

Yup, that ought to do the trick. One additional tip, when doing the redirect it’s probably good to do:

next_url = flask.session.pop("next_url", "")
if next_url:
  return redirect...
return redirect(url_for("/")) # any named route, homepage etc

Alternatively, you can set the default argument to .pop("next_url", "app.index") to avoid the if next_url check and always redirect.

By using .pop you remove the value from the session. There’s no need to keep it around anymore and avoids it still being accidentally set and causing surprises if/when a user re-authenticates.

Top Results From Across the Web

Simplify Link with OAuth 2.0

Assuming that proper authorization is given, Simplify Commerce will redirect to the redirect url (registered with the application) with the code and state....

Oauth for google redirect_uri error expecting HTTPS but ...

The redirect URI in the request, http://****/oauth-authorized/google, does not match the ones authorized for the OAuth client.

Nodejs Google OAuth Authorized Redirect URIs (024)

Nodejs Google OAuth Authorized Redirect URIs (024). 412 views 4 years ago. MicroUrb. MicroUrb. 819 subscribers. Subscribe.

The Authorization Response - OAuth 2.0 Simplified

Once the user has finished logging in and approving the request, the authorization server is ready to redirect the user back to the...

Create Simplified Redirect Rules

Redirect rules enable you to redirect client requests to a different URL, responding with a 30X response. Simplified redirect rules provide basic redirect...