Handling Non-Standard OAuth2 Implementations

dpgaspar / Flask-AppBuilder

Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Demo (login with guest/welcome) - http://flaskappbuilder.pythonanywhere.com/

BSD 3-Clause "New" or "Revised" License

4.66k stars 1.36k forks source link

Handling Non-Standard OAuth2 Implementations #2236

Closed yokonsan closed 4 months ago

yokonsan commented 5 months ago

Environment

Flask-Appbuilder version: 4.4.1

Describe the expected results

If a third party's OAuth2 implementation does not comply with standards, such as using app_id instead of client_id for the redirection parameter, and the access_token field also deviates from the norm, is there a mature solution available?

Yoyasp commented 4 months ago

If your provider is a one that could be used by other people/organisations than i would suggest to create a pull request where you add a provider in the flask_appbuilder/security/manager.py file under the get_oauth_user_info() method.

If you are using a custom provider that is used only by you the cleanest solution would be to extend the security manager and use that when you initialise the app.

yokonsan commented 4 months ago

Thank you. I've rewritten the OAuth2 related methods of the Authlib library and recompiled it.