server/plugins/oauthGoogle.py - incubator-ponymail-foal - Git at Google

 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.

 """
 Google OAuth plugin:
 Requires ponymail.yaml to have an oauth section like so:

 oauth:
   google_client_id:    your-client-id-here

 """
 import google.auth.transport.urllib3 # type: ignore
 import google.oauth2.id_token # type: ignore
 import plugins.server
 import plugins.session
 import typing
 import urllib3


 async def process(formdata: dict, _session, server: plugins.server.BaseServer) -> typing.Optional[dict]:
     js: typing.Optional[dict] = None
     request = google.auth.transport.urllib3.Request(urllib3.PoolManager())
     # This is a synchronous process, so we offload it to an async runner in order to let the main loop continue.
     id_info = await server.runners.run(
         google.oauth2.id_token.verify_oauth2_token,
         formdata.get("id_token"),
         request,
         server.config.oauth.google_client_id,
     )

     if id_info and "email" in id_info:
         js = {
             "email": id_info["email"],
             "name": id_info["email"],
             "oauth_domain": "www.googleapis.com",
         }
     return js
	#!/usr/bin/env python3
	# -- coding: utf-8 --
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	"""
	Google OAuth plugin:
	Requires ponymail.yaml to have an oauth section like so:

	oauth:
	google_client_id: your-client-id-here

	"""
	import google.auth.transport.urllib3 # type: ignore
	import google.oauth2.id_token # type: ignore
	import plugins.server
	import plugins.session
	import typing
	import urllib3


	async def process(formdata: dict, _session, server: plugins.server.BaseServer) -> typing.Optional[dict]:
	js: typing.Optional[dict] = None
	request = google.auth.transport.urllib3.Request(urllib3.PoolManager())
	# This is a synchronous process, so we offload it to an async runner in order to let the main loop continue.
	id_info = await server.runners.run(
	google.oauth2.id_token.verify_oauth2_token,
	formdata.get("id_token"),
	request,
	server.config.oauth.google_client_id,
	)

	if id_info and "email" in id_info:
	js = {
	"email": id_info["email"],
	"name": id_info["email"],
	"oauth_domain": "www.googleapis.com",
	}
	return js