Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Google OAuth login work for users created using create-user #2172

Open
jainankit opened this issue Nov 25, 2023 · 0 comments
Open

Make Google OAuth login work for users created using create-user #2172

jainankit opened this issue Nov 25, 2023 · 0 comments

Comments

@jainankit
Copy link

jainankit commented Nov 25, 2023
edited
Loading

Hey folks, looks like there is no good way to access control the app to a subset of users when using Google OAuth. What we are trying to achieve is restrict either users with a particular domain @example.com, or manually add new users using flask fab create -user command.

The issue is that during OAuth, FAB set the userinfo for Google as:

            return {
                "username": "google_" + data.get("id", ""),
                "first_name": data.get("given_name", ""),
                "last_name": data.get("family_name", ""),
                "email": data.get("email", ""),
            }

and then when validating, it validates whether username google_<id> exist in the database. If we create users manually, we only know the email address and not the Google's user.id. Typically we are doing:

flask fab create-user --username helloworld --email hello@example.com --firstname hello --lastname world

If we switch the lookup in the database to both username and email based, this issue can be resolved:

    def auth_user_oauth(self, userinfo):
        username = None
        email = None
        user = None
        if "username" in userinfo:
            username = userinfo["username"]
            if username:
              user = self.find_user(username=username)
        if user is None and "email" in userinfo:
            email = userinfo["email"]
            if email:
               user = self.find_user(email=email)
        else:
            log.error("OAUTH userinfo does not have username or email %s", userinfo)
            return None

        # If username and email is empty, go away
        if not username and not email:
            return None

Environment

Flask-Appbuilder version: v4.3.10

Describe the expected results

We should be able to let users created using create-user to login via OAuth

Describe the actual results

User not able to login, and the authentication fails because then there's a conflict with an existing email address associated with the user we created manually.

Steps to reproduce

Set up Google OAuth, and create the user using flask fab create-user before logging in.

PS: I can also send out a fix for this if the issue is accepted.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
1 participant
@jainankit