The general back and forth login flow between a client (you, the user), a website (consumer) and the auth provider can look something like this: For example, Google’s id_tokens do include email addresses (assuming ‘email’ is part of the scope you specified when initiating the request). This token is usually a JSON Web Token ( JWT) which serializes various data such as iss (issuer) and iat (issued at). One of the main steps is the returning of an id_token from the authorization server. OpenID Connect is helpful because it defines some extra steps to the OAuth 2 flow which make federated authentication possible. OpenID Connect is an identity layer built on top of OAuth 2. It does not specify exactly how services should handle authentication. Specifically, OAuth 2 is an authorization framework. Services may authorize access to different levels of data ranging from basic account information all the way to wanting access to your emails ( Gmail API). OAuth 2 is a specification or standard which can enable applications to obtain (limited) access to data on another service such as Google, Facebook or Spotify for example. If you wish to skip ahead to the example Flask app click here. However, it will be very straightforward to add support for other providers too.īefore I get to the Flask app, I want to quickly go over some OAuth 2 basics. I will show an example Flask application which uses Google as an authentication provider. If you are building a Flask application that includes user authentication you may have considered adding the ability for users to authenticate using a third-party account such as Google, Facebook or Twitter.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |