commit 7cd05b5c6a5a71351dcb44623fdce751340f27aa Author: imnyang Date: Sun Jul 13 17:08:55 2025 +0900 feat: Add OAuth2 server and client implementation with PKCE support - Implemented OAuth2 server with client registration, authorization, and token endpoints. - Created HTML templates for client authorization, client creation, and client editing. - Developed an OAuth2 client application using Hono.js and Bun, supporting authorization code grant flow. - Integrated PKCE (Proof Key for Code Exchange) for enhanced security during authorization. - Added session management using cookies for user authentication. - Included detailed README documentation for setup and usage instructions. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e43b0f9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.DS_Store diff --git a/example-oauth2-server/.gitignore b/example-oauth2-server/.gitignore new file mode 100644 index 0000000..158c4d4 --- /dev/null +++ b/example-oauth2-server/.gitignore @@ -0,0 +1,3 @@ +*.sqlite +*.pyc +venv/* diff --git a/example-oauth2-server/README.md b/example-oauth2-server/README.md new file mode 100644 index 0000000..345cfed --- /dev/null +++ b/example-oauth2-server/README.md @@ -0,0 +1,283 @@ +# How to create an OAuth 2.0 Provider + +This is an example of OAuth 2.0 server in [Authlib](https://authlib.org/). +If you are looking for old Flask-OAuthlib implementation, check the +`flask-oauthlib` branch. + +- Documentation: +- Authlib Repo: + +## Sponsors + + + + + + +
If you want to quickly add secure token-based authentication to Python projects, feel free to check Auth0's Python SDK and free plan at auth0.com/overview.
+ +## Take a quick look + +This is a ready to run example, let's take a quick experience at first. To +run the example, we need to install all the dependencies: + +```bash +$ pip install -r requirements.txt +``` + +Set Flask and Authlib environment variables: + +```bash +# disable check https (DO NOT SET THIS IN PRODUCTION) +$ export AUTHLIB_INSECURE_TRANSPORT=1 +``` + +Create Database and run the development server: + +```bash +$ flask run +``` + +Now, you can open your browser with `http://127.0.0.1:5000/`, login with any +name you want. + +Before testing, we need to create a client: + +![create a client](https://user-images.githubusercontent.com/290496/38811988-081814d4-41c6-11e8-88e1-cb6c25a6f82e.png) + +### Password flow example + +Get your `client_id` and `client_secret` for testing. In this example, we +have enabled `password` grant types, let's try: + +``` +$ curl -u ${client_id}:${client_secret} -XPOST http://127.0.0.1:5000/oauth/token -F grant_type=password -F username=${username} -F password=valid -F scope=profile +``` + +Because this is an example, every user's password is `valid`. Now you can access `/api/me`: + +```bash +$ curl -H "Authorization: Bearer ${access_token}" http://127.0.0.1:5000/api/me +``` + +### Authorization code flow example + +To test the authorization code flow, you can just open this URL in your browser. +```bash +$ open http://127.0.0.1:5000/oauth/authorize?response_type=code&client_id=${client_id}&scope=profile +``` + +After granting the authorization, you should be redirected to `${redirect_uri}/?code=${code}` + +Then your app can send the code to the authorization server to get an access token: + +```bash +$ curl -u ${client_id}:${client_secret} -XPOST http://127.0.0.1:5000/oauth/token -F grant_type=authorization_code -F scope=profile -F code=${code} +``` + +Now you can access `/api/me`: + +```bash +$ curl -H "Authorization: Bearer ${access_token}" http://127.0.0.1:5000/api/me +``` + +For now, you can read the source in example or follow the long boring tutorial below. + +**IMPORTANT**: To test implicit grant, you need to `token_endpoint_auth_method` to `none`. + +## Preparation + +Assume this example doesn't exist at all. Let's write an OAuth 2.0 server +from scratch step by step. + +### Create folder structure + +Here is our Flask website structure: + +``` +app.py --- FLASK_APP +website/ + app.py --- Flask App Factory + __init__.py --- module initialization (empty) + models.py --- SQLAlchemy Models + oauth2.py --- OAuth 2.0 Provider Configuration + routes.py --- Routes views + templates/ +``` + +### Installation + +Create a virtualenv and install all the requirements. You can also put the +dependencies into `requirements.txt`: + +``` +Flask +Flask-SQLAlchemy +Authlib +``` + +### Hello World! + +Create a home route view to say "Hello World!". It is used to test if things +working well. + + +```python +# website/routes.py +from flask import Blueprint +bp = Blueprint(__name__, 'home') + +@bp.route('/') +def home(): + return 'Hello World!' +``` + +```python +# website/app.py +from flask import Flask +from .routes import bp + +def create_app(config=None): + app = Flask(__name__) + # load app sepcified configuration + if config is not None: + if isinstance(config, dict): + app.config.update(config) + elif config.endswith('.py'): + app.config.from_pyfile(config) + setup_app(app) + return app + +def setup_app(app): + app.register_blueprint(bp, url_prefix='') +``` + +```python +# app.py +from website.app import create_app + +app = create_app({ + 'SECRET_KEY': 'secret', +}) +``` + +Create an empty ```__init__.py``` file in the ```website``` folder. + +The "Hello World!" example should run properly: + + $ FLASK_APP=app.py flask run + +## Define Models + +We will use SQLAlchemy and SQLite for our models. You can also use other +databases and other ORM engines. Authlib has some built-in SQLAlchemy mixins +which will make it easier for creating models. + +Let's create the models in `website/models.py`. We need four models, which are + +- User: you need a user to test and create your application +- OAuth2Client: the oauth client model +- OAuth2AuthorizationCode: for `grant_type=code` flow +- OAuth2Token: save the `access_token` in this model. + +Check how to define these models in `website/models.py`. + +Once you've created your own `website/models.py` (or copied our version), you'll need to import the database object `db`. Add the line `from .models import db` just after `from flask import Flask` in your scratch-built version of `website/app.py`. + +To initialize the database upon startup, if no tables exist, you'll add a few lines to the `setup_app()` function in `website/app.py` so that it now looks like: + +```python +def setup_app(app): + # Create tables if they do not exist already + @app.before_first_request + def create_tables(): + db.create_all() + + db.init_app(app) + app.register_blueprint(bp, url_prefix='') +``` + +You can try running the app again as above to make sure it works. + +## Implement Grants + +The source code is in `website/oauth2.py`. There are four standard grant types: + +- Authorization Code Grant +- Implicit Grant +- Client Credentials Grant +- Resource Owner Password Credentials Grant + +And Refresh Token is implemented as a Grant in Authlib. You don't have to do +anything on Implicit and Client Credentials grants, but there are missing +methods to be implemented in other grants. Check out the source code in +`website/oauth2.py`. + +Once you've created your own `website/oauth2.py`, import the oauth2 config object from the oauth2 module. Add the line `from .oauth2 import config_oauth` just after the import you added above in your scratch-built version of `website/app.py`. + +To initialize the oauth object, add `config_oauth(app)` to the `setup_app()` function, just before the line that starts with `app.register_blueprint` so it looks like: + +```python +def setup_app(app): + # Create tables if they do not exist already + @app.before_first_request + def create_tables(): + db.create_all() + + db.init_app(app) + config_oauth(app) + app.register_blueprint(bp, url_prefix='') +``` +You can try running the app again as above to make sure it still works. + +## `@require_oauth` + +Authlib has provided a `ResourceProtector` for you to create the decorator +`@require_oauth`, which can be easily implemented: + +```py +from authlib.flask.oauth2 import ResourceProtector + +require_oauth = ResourceProtector() +``` + +For now, only Bearer Token is supported. Let's add bearer token validator to +this ResourceProtector: + +```py +from authlib.flask.oauth2.sqla import create_bearer_token_validator + +# helper function: create_bearer_token_validator +bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) +require_oauth.register_token_validator(bearer_cls()) +``` + +Check the full implementation in `website/oauth2.py`. + + +## OAuth Routes + +For OAuth server itself, we only need to implement routes for authentication, +and issuing tokens. Since we have added token revocation feature, we need a +route for revoking too. + +Checkout these routes in `website/routes.py`. Their path begin with `/oauth/`. + + +## Other Routes + +But that is not enough. In this demo, you will need to have some web pages to +create and manage your OAuth clients. Check that `/create_client` route. + +And we have an API route for testing. Check the code of `/api/me`. + + +## Finish + +Here you go. You've got an OAuth 2.0 server. + +Read more information on . + +## License + +Same license with [Authlib](https://authlib.org/plans). diff --git a/example-oauth2-server/app.py b/example-oauth2-server/app.py new file mode 100644 index 0000000..b9978ff --- /dev/null +++ b/example-oauth2-server/app.py @@ -0,0 +1,9 @@ +from website.app import create_app + + +app = create_app({ + 'SECRET_KEY': 'secret', + 'OAUTH2_REFRESH_TOKEN_GENERATOR': True, + 'SQLALCHEMY_TRACK_MODIFICATIONS': False, + 'SQLALCHEMY_DATABASE_URI': 'sqlite:///db.sqlite', +}) diff --git a/example-oauth2-server/pyproject.toml b/example-oauth2-server/pyproject.toml new file mode 100644 index 0000000..39d7796 --- /dev/null +++ b/example-oauth2-server/pyproject.toml @@ -0,0 +1,9 @@ +[project] +name = "example-oauth2-server" +version = "0.1.0" +requires-python = ">=3.13" +dependencies = [ + "authlib>=1.6.0", + "flask>=3.1.1", + "flask-sqlalchemy>=3.1.1", +] diff --git a/example-oauth2-server/requirements.txt b/example-oauth2-server/requirements.txt new file mode 100644 index 0000000..a9a0f2d --- /dev/null +++ b/example-oauth2-server/requirements.txt @@ -0,0 +1,3 @@ +Flask +Flask-SQLAlchemy +Authlib diff --git a/example-oauth2-server/uv.lock b/example-oauth2-server/uv.lock new file mode 100644 index 0000000..b24c9aa --- /dev/null +++ b/example-oauth2-server/uv.lock @@ -0,0 +1,273 @@ +version = 1 +revision = 2 +requires-python = ">=3.13" + +[[package]] +name = "authlib" +version = "1.6.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "cryptography" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/a2/9d/b1e08d36899c12c8b894a44a5583ee157789f26fc4b176f8e4b6217b56e1/authlib-1.6.0.tar.gz", hash = "sha256:4367d32031b7af175ad3a323d571dc7257b7099d55978087ceae4a0d88cd3210", size = 158371, upload-time = "2025-05-23T00:21:45.011Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/84/29/587c189bbab1ccc8c86a03a5d0e13873df916380ef1be461ebe6acebf48d/authlib-1.6.0-py2.py3-none-any.whl", hash = "sha256:91685589498f79e8655e8a8947431ad6288831d643f11c55c2143ffcc738048d", size = 239981, upload-time = "2025-05-23T00:21:43.075Z" }, +] + +[[package]] +name = "blinker" +version = "1.9.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/21/28/9b3f50ce0e048515135495f198351908d99540d69bfdc8c1d15b73dc55ce/blinker-1.9.0.tar.gz", hash = "sha256:b4ce2265a7abece45e7cc896e98dbebe6cead56bcf805a3d23136d145f5445bf", size = 22460, upload-time = "2024-11-08T17:25:47.436Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/10/cb/f2ad4230dc2eb1a74edf38f1a38b9b52277f75bef262d8908e60d957e13c/blinker-1.9.0-py3-none-any.whl", hash = "sha256:ba0efaa9080b619ff2f3459d1d500c57bddea4a6b424b60a91141db6fd2f08bc", size = 8458, upload-time = "2024-11-08T17:25:46.184Z" }, +] + +[[package]] +name = "cffi" +version = "1.17.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pycparser" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/fc/97/c783634659c2920c3fc70419e3af40972dbaf758daa229a7d6ea6135c90d/cffi-1.17.1.tar.gz", hash = "sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824", size = 516621, upload-time = "2024-09-04T20:45:21.852Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/8d/f8/dd6c246b148639254dad4d6803eb6a54e8c85c6e11ec9df2cffa87571dbe/cffi-1.17.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e", size = 182989, upload-time = "2024-09-04T20:44:28.956Z" }, + { url = "https://files.pythonhosted.org/packages/8b/f1/672d303ddf17c24fc83afd712316fda78dc6fce1cd53011b839483e1ecc8/cffi-1.17.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2", size = 178802, upload-time = "2024-09-04T20:44:30.289Z" }, + { url = "https://files.pythonhosted.org/packages/0e/2d/eab2e858a91fdff70533cab61dcff4a1f55ec60425832ddfdc9cd36bc8af/cffi-1.17.1-cp313-cp313-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3", size = 454792, upload-time = "2024-09-04T20:44:32.01Z" }, + { url = "https://files.pythonhosted.org/packages/75/b2/fbaec7c4455c604e29388d55599b99ebcc250a60050610fadde58932b7ee/cffi-1.17.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683", size = 478893, upload-time = "2024-09-04T20:44:33.606Z" }, + { url = "https://files.pythonhosted.org/packages/4f/b7/6e4a2162178bf1935c336d4da8a9352cccab4d3a5d7914065490f08c0690/cffi-1.17.1-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5", size = 485810, upload-time = "2024-09-04T20:44:35.191Z" }, + { url = "https://files.pythonhosted.org/packages/c7/8a/1d0e4a9c26e54746dc08c2c6c037889124d4f59dffd853a659fa545f1b40/cffi-1.17.1-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4", size = 471200, upload-time = "2024-09-04T20:44:36.743Z" }, + { url = "https://files.pythonhosted.org/packages/26/9f/1aab65a6c0db35f43c4d1b4f580e8df53914310afc10ae0397d29d697af4/cffi-1.17.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd", size = 479447, upload-time = "2024-09-04T20:44:38.492Z" }, + { url = "https://files.pythonhosted.org/packages/5f/e4/fb8b3dd8dc0e98edf1135ff067ae070bb32ef9d509d6cb0f538cd6f7483f/cffi-1.17.1-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed", size = 484358, upload-time = "2024-09-04T20:44:40.046Z" }, + { url = "https://files.pythonhosted.org/packages/f1/47/d7145bf2dc04684935d57d67dff9d6d795b2ba2796806bb109864be3a151/cffi-1.17.1-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9", size = 488469, upload-time = "2024-09-04T20:44:41.616Z" }, + { url = "https://files.pythonhosted.org/packages/bf/ee/f94057fa6426481d663b88637a9a10e859e492c73d0384514a17d78ee205/cffi-1.17.1-cp313-cp313-win32.whl", hash = "sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d", size = 172475, upload-time = "2024-09-04T20:44:43.733Z" }, + { url = "https://files.pythonhosted.org/packages/7c/fc/6a8cb64e5f0324877d503c854da15d76c1e50eb722e320b15345c4d0c6de/cffi-1.17.1-cp313-cp313-win_amd64.whl", hash = "sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a", size = 182009, upload-time = "2024-09-04T20:44:45.309Z" }, +] + +[[package]] +name = "click" +version = "8.2.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "colorama", marker = "sys_platform == 'win32'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/60/6c/8ca2efa64cf75a977a0d7fac081354553ebe483345c734fb6b6515d96bbc/click-8.2.1.tar.gz", hash = "sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202", size = 286342, upload-time = "2025-05-20T23:19:49.832Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/85/32/10bb5764d90a8eee674e9dc6f4db6a0ab47c8c4d0d83c27f7c39ac415a4d/click-8.2.1-py3-none-any.whl", hash = "sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b", size = 102215, upload-time = "2025-05-20T23:19:47.796Z" }, +] + +[[package]] +name = "colorama" +version = "0.4.6" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44", size = 27697, upload-time = "2022-10-25T02:36:22.414Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335, upload-time = "2022-10-25T02:36:20.889Z" }, +] + +[[package]] +name = "cryptography" +version = "45.0.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "cffi", marker = "platform_python_implementation != 'PyPy'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/95/1e/49527ac611af559665f71cbb8f92b332b5ec9c6fbc4e88b0f8e92f5e85df/cryptography-45.0.5.tar.gz", hash = "sha256:72e76caa004ab63accdf26023fccd1d087f6d90ec6048ff33ad0445abf7f605a", size = 744903, upload-time = "2025-07-02T13:06:25.941Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/f0/fb/09e28bc0c46d2c547085e60897fea96310574c70fb21cd58a730a45f3403/cryptography-45.0.5-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:101ee65078f6dd3e5a028d4f19c07ffa4dd22cce6a20eaa160f8b5219911e7d8", size = 7043092, upload-time = "2025-07-02T13:05:01.514Z" }, + { url = "https://files.pythonhosted.org/packages/b1/05/2194432935e29b91fb649f6149c1a4f9e6d3d9fc880919f4ad1bcc22641e/cryptography-45.0.5-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:3a264aae5f7fbb089dbc01e0242d3b67dffe3e6292e1f5182122bdf58e65215d", size = 4205926, upload-time = "2025-07-02T13:05:04.741Z" }, + { url = "https://files.pythonhosted.org/packages/07/8b/9ef5da82350175e32de245646b1884fc01124f53eb31164c77f95a08d682/cryptography-45.0.5-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:e74d30ec9c7cb2f404af331d5b4099a9b322a8a6b25c4632755c8757345baac5", size = 4429235, upload-time = "2025-07-02T13:05:07.084Z" }, + { url = "https://files.pythonhosted.org/packages/7c/e1/c809f398adde1994ee53438912192d92a1d0fc0f2d7582659d9ef4c28b0c/cryptography-45.0.5-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:3af26738f2db354aafe492fb3869e955b12b2ef2e16908c8b9cb928128d42c57", size = 4209785, upload-time = "2025-07-02T13:05:09.321Z" }, + { url = "https://files.pythonhosted.org/packages/d0/8b/07eb6bd5acff58406c5e806eff34a124936f41a4fb52909ffa4d00815f8c/cryptography-45.0.5-cp311-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:e6c00130ed423201c5bc5544c23359141660b07999ad82e34e7bb8f882bb78e0", size = 3893050, upload-time = "2025-07-02T13:05:11.069Z" }, + { url = "https://files.pythonhosted.org/packages/ec/ef/3333295ed58d900a13c92806b67e62f27876845a9a908c939f040887cca9/cryptography-45.0.5-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:dd420e577921c8c2d31289536c386aaa30140b473835e97f83bc71ea9d2baf2d", size = 4457379, upload-time = "2025-07-02T13:05:13.32Z" }, + { url = "https://files.pythonhosted.org/packages/d9/9d/44080674dee514dbb82b21d6fa5d1055368f208304e2ab1828d85c9de8f4/cryptography-45.0.5-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:d05a38884db2ba215218745f0781775806bde4f32e07b135348355fe8e4991d9", size = 4209355, upload-time = "2025-07-02T13:05:15.017Z" }, + { url = "https://files.pythonhosted.org/packages/c9/d8/0749f7d39f53f8258e5c18a93131919ac465ee1f9dccaf1b3f420235e0b5/cryptography-45.0.5-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:ad0caded895a00261a5b4aa9af828baede54638754b51955a0ac75576b831b27", size = 4456087, upload-time = "2025-07-02T13:05:16.945Z" }, + { url = "https://files.pythonhosted.org/packages/09/d7/92acac187387bf08902b0bf0699816f08553927bdd6ba3654da0010289b4/cryptography-45.0.5-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:9024beb59aca9d31d36fcdc1604dd9bbeed0a55bface9f1908df19178e2f116e", size = 4332873, upload-time = "2025-07-02T13:05:18.743Z" }, + { url = "https://files.pythonhosted.org/packages/03/c2/840e0710da5106a7c3d4153c7215b2736151bba60bf4491bdb421df5056d/cryptography-45.0.5-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:91098f02ca81579c85f66df8a588c78f331ca19089763d733e34ad359f474174", size = 4564651, upload-time = "2025-07-02T13:05:21.382Z" }, + { url = "https://files.pythonhosted.org/packages/2e/92/cc723dd6d71e9747a887b94eb3827825c6c24b9e6ce2bb33b847d31d5eaa/cryptography-45.0.5-cp311-abi3-win32.whl", hash = "sha256:926c3ea71a6043921050eaa639137e13dbe7b4ab25800932a8498364fc1abec9", size = 2929050, upload-time = "2025-07-02T13:05:23.39Z" }, + { url = "https://files.pythonhosted.org/packages/1f/10/197da38a5911a48dd5389c043de4aec4b3c94cb836299b01253940788d78/cryptography-45.0.5-cp311-abi3-win_amd64.whl", hash = "sha256:b85980d1e345fe769cfc57c57db2b59cff5464ee0c045d52c0df087e926fbe63", size = 3403224, upload-time = "2025-07-02T13:05:25.202Z" }, + { url = "https://files.pythonhosted.org/packages/fe/2b/160ce8c2765e7a481ce57d55eba1546148583e7b6f85514472b1d151711d/cryptography-45.0.5-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:f3562c2f23c612f2e4a6964a61d942f891d29ee320edb62ff48ffb99f3de9ae8", size = 7017143, upload-time = "2025-07-02T13:05:27.229Z" }, + { url = "https://files.pythonhosted.org/packages/c2/e7/2187be2f871c0221a81f55ee3105d3cf3e273c0a0853651d7011eada0d7e/cryptography-45.0.5-cp37-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:3fcfbefc4a7f332dece7272a88e410f611e79458fab97b5efe14e54fe476f4fd", size = 4197780, upload-time = "2025-07-02T13:05:29.299Z" }, + { url = "https://files.pythonhosted.org/packages/b9/cf/84210c447c06104e6be9122661159ad4ce7a8190011669afceeaea150524/cryptography-45.0.5-cp37-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:460f8c39ba66af7db0545a8c6f2eabcbc5a5528fc1cf6c3fa9a1e44cec33385e", size = 4420091, upload-time = "2025-07-02T13:05:31.221Z" }, + { url = "https://files.pythonhosted.org/packages/3e/6a/cb8b5c8bb82fafffa23aeff8d3a39822593cee6e2f16c5ca5c2ecca344f7/cryptography-45.0.5-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:9b4cf6318915dccfe218e69bbec417fdd7c7185aa7aab139a2c0beb7468c89f0", size = 4198711, upload-time = "2025-07-02T13:05:33.062Z" }, + { url = "https://files.pythonhosted.org/packages/04/f7/36d2d69df69c94cbb2473871926daf0f01ad8e00fe3986ac3c1e8c4ca4b3/cryptography-45.0.5-cp37-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:2089cc8f70a6e454601525e5bf2779e665d7865af002a5dec8d14e561002e135", size = 3883299, upload-time = "2025-07-02T13:05:34.94Z" }, + { url = "https://files.pythonhosted.org/packages/82/c7/f0ea40f016de72f81288e9fe8d1f6748036cb5ba6118774317a3ffc6022d/cryptography-45.0.5-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:0027d566d65a38497bc37e0dd7c2f8ceda73597d2ac9ba93810204f56f52ebc7", size = 4450558, upload-time = "2025-07-02T13:05:37.288Z" }, + { url = "https://files.pythonhosted.org/packages/06/ae/94b504dc1a3cdf642d710407c62e86296f7da9e66f27ab12a1ee6fdf005b/cryptography-45.0.5-cp37-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:be97d3a19c16a9be00edf79dca949c8fa7eff621763666a145f9f9535a5d7f42", size = 4198020, upload-time = "2025-07-02T13:05:39.102Z" }, + { url = "https://files.pythonhosted.org/packages/05/2b/aaf0adb845d5dabb43480f18f7ca72e94f92c280aa983ddbd0bcd6ecd037/cryptography-45.0.5-cp37-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:7760c1c2e1a7084153a0f68fab76e754083b126a47d0117c9ed15e69e2103492", size = 4449759, upload-time = "2025-07-02T13:05:41.398Z" }, + { url = "https://files.pythonhosted.org/packages/91/e4/f17e02066de63e0100a3a01b56f8f1016973a1d67551beaf585157a86b3f/cryptography-45.0.5-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:6ff8728d8d890b3dda5765276d1bc6fb099252915a2cd3aff960c4c195745dd0", size = 4319991, upload-time = "2025-07-02T13:05:43.64Z" }, + { url = "https://files.pythonhosted.org/packages/f2/2e/e2dbd629481b499b14516eed933f3276eb3239f7cee2dcfa4ee6b44d4711/cryptography-45.0.5-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:7259038202a47fdecee7e62e0fd0b0738b6daa335354396c6ddebdbe1206af2a", size = 4554189, upload-time = "2025-07-02T13:05:46.045Z" }, + { url = "https://files.pythonhosted.org/packages/f8/ea/a78a0c38f4c8736287b71c2ea3799d173d5ce778c7d6e3c163a95a05ad2a/cryptography-45.0.5-cp37-abi3-win32.whl", hash = "sha256:1e1da5accc0c750056c556a93c3e9cb828970206c68867712ca5805e46dc806f", size = 2911769, upload-time = "2025-07-02T13:05:48.329Z" }, + { url = "https://files.pythonhosted.org/packages/79/b3/28ac139109d9005ad3f6b6f8976ffede6706a6478e21c889ce36c840918e/cryptography-45.0.5-cp37-abi3-win_amd64.whl", hash = "sha256:90cb0a7bb35959f37e23303b7eed0a32280510030daba3f7fdfbb65defde6a97", size = 3390016, upload-time = "2025-07-02T13:05:50.811Z" }, +] + +[[package]] +name = "example-oauth2-server" +version = "0.1.0" +source = { virtual = "." } +dependencies = [ + { name = "authlib" }, + { name = "flask" }, + { name = "flask-sqlalchemy" }, +] + +[package.metadata] +requires-dist = [ + { name = "authlib", specifier = ">=1.6.0" }, + { name = "flask", specifier = ">=3.1.1" }, + { name = "flask-sqlalchemy", specifier = ">=3.1.1" }, +] + +[[package]] +name = "flask" +version = "3.1.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "blinker" }, + { name = "click" }, + { name = "itsdangerous" }, + { name = "jinja2" }, + { name = "markupsafe" }, + { name = "werkzeug" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/c0/de/e47735752347f4128bcf354e0da07ef311a78244eba9e3dc1d4a5ab21a98/flask-3.1.1.tar.gz", hash = "sha256:284c7b8f2f58cb737f0cf1c30fd7eaf0ccfcde196099d24ecede3fc2005aa59e", size = 753440, upload-time = "2025-05-13T15:01:17.447Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/3d/68/9d4508e893976286d2ead7f8f571314af6c2037af34853a30fd769c02e9d/flask-3.1.1-py3-none-any.whl", hash = "sha256:07aae2bb5eaf77993ef57e357491839f5fd9f4dc281593a81a9e4d79a24f295c", size = 103305, upload-time = "2025-05-13T15:01:15.591Z" }, +] + +[[package]] +name = "flask-sqlalchemy" +version = "3.1.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "flask" }, + { name = "sqlalchemy" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/91/53/b0a9fcc1b1297f51e68b69ed3b7c3c40d8c45be1391d77ae198712914392/flask_sqlalchemy-3.1.1.tar.gz", hash = "sha256:e4b68bb881802dda1a7d878b2fc84c06d1ee57fb40b874d3dc97dabfa36b8312", size = 81899, upload-time = "2023-09-11T21:42:36.147Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/1d/6a/89963a5c6ecf166e8be29e0d1bf6806051ee8fe6c82e232842e3aeac9204/flask_sqlalchemy-3.1.1-py3-none-any.whl", hash = "sha256:4ba4be7f419dc72f4efd8802d69974803c37259dd42f3913b0dcf75c9447e0a0", size = 25125, upload-time = "2023-09-11T21:42:34.514Z" }, +] + +[[package]] +name = "greenlet" +version = "3.2.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/c9/92/bb85bd6e80148a4d2e0c59f7c0c2891029f8fd510183afc7d8d2feeed9b6/greenlet-3.2.3.tar.gz", hash = "sha256:8b0dd8ae4c0d6f5e54ee55ba935eeb3d735a9b58a8a1e5b5cbab64e01a39f365", size = 185752, upload-time = "2025-06-05T16:16:09.955Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b1/cf/f5c0b23309070ae93de75c90d29300751a5aacefc0a3ed1b1d8edb28f08b/greenlet-3.2.3-cp313-cp313-macosx_11_0_universal2.whl", hash = "sha256:500b8689aa9dd1ab26872a34084503aeddefcb438e2e7317b89b11eaea1901ad", size = 270732, upload-time = "2025-06-05T16:10:08.26Z" }, + { url = "https://files.pythonhosted.org/packages/48/ae/91a957ba60482d3fecf9be49bc3948f341d706b52ddb9d83a70d42abd498/greenlet-3.2.3-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:a07d3472c2a93117af3b0136f246b2833fdc0b542d4a9799ae5f41c28323faef", size = 639033, upload-time = "2025-06-05T16:38:53.983Z" }, + { url = "https://files.pythonhosted.org/packages/6f/df/20ffa66dd5a7a7beffa6451bdb7400d66251374ab40b99981478c69a67a8/greenlet-3.2.3-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:8704b3768d2f51150626962f4b9a9e4a17d2e37c8a8d9867bbd9fa4eb938d3b3", size = 652999, upload-time = "2025-06-05T16:41:37.89Z" }, + { url = "https://files.pythonhosted.org/packages/51/b4/ebb2c8cb41e521f1d72bf0465f2f9a2fd803f674a88db228887e6847077e/greenlet-3.2.3-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:5035d77a27b7c62db6cf41cf786cfe2242644a7a337a0e155c80960598baab95", size = 647368, upload-time = "2025-06-05T16:48:21.467Z" }, + { url = "https://files.pythonhosted.org/packages/8e/6a/1e1b5aa10dced4ae876a322155705257748108b7fd2e4fae3f2a091fe81a/greenlet-3.2.3-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2d8aa5423cd4a396792f6d4580f88bdc6efcb9205891c9d40d20f6e670992efb", size = 650037, upload-time = "2025-06-05T16:13:06.402Z" }, + { url = "https://files.pythonhosted.org/packages/26/f2/ad51331a157c7015c675702e2d5230c243695c788f8f75feba1af32b3617/greenlet-3.2.3-cp313-cp313-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:2c724620a101f8170065d7dded3f962a2aea7a7dae133a009cada42847e04a7b", size = 608402, upload-time = "2025-06-05T16:12:51.91Z" }, + { url = "https://files.pythonhosted.org/packages/26/bc/862bd2083e6b3aff23300900a956f4ea9a4059de337f5c8734346b9b34fc/greenlet-3.2.3-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:873abe55f134c48e1f2a6f53f7d1419192a3d1a4e873bace00499a4e45ea6af0", size = 1119577, upload-time = "2025-06-05T16:36:49.787Z" }, + { url = "https://files.pythonhosted.org/packages/86/94/1fc0cc068cfde885170e01de40a619b00eaa8f2916bf3541744730ffb4c3/greenlet-3.2.3-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:024571bbce5f2c1cfff08bf3fbaa43bbc7444f580ae13b0099e95d0e6e67ed36", size = 1147121, upload-time = "2025-06-05T16:12:42.527Z" }, + { url = "https://files.pythonhosted.org/packages/27/1a/199f9587e8cb08a0658f9c30f3799244307614148ffe8b1e3aa22f324dea/greenlet-3.2.3-cp313-cp313-win_amd64.whl", hash = "sha256:5195fb1e75e592dd04ce79881c8a22becdfa3e6f500e7feb059b1e6fdd54d3e3", size = 297603, upload-time = "2025-06-05T16:20:12.651Z" }, + { url = "https://files.pythonhosted.org/packages/d8/ca/accd7aa5280eb92b70ed9e8f7fd79dc50a2c21d8c73b9a0856f5b564e222/greenlet-3.2.3-cp314-cp314-macosx_11_0_universal2.whl", hash = "sha256:3d04332dddb10b4a211b68111dabaee2e1a073663d117dc10247b5b1642bac86", size = 271479, upload-time = "2025-06-05T16:10:47.525Z" }, + { url = "https://files.pythonhosted.org/packages/55/71/01ed9895d9eb49223280ecc98a557585edfa56b3d0e965b9fa9f7f06b6d9/greenlet-3.2.3-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:8186162dffde068a465deab08fc72c767196895c39db26ab1c17c0b77a6d8b97", size = 683952, upload-time = "2025-06-05T16:38:55.125Z" }, + { url = "https://files.pythonhosted.org/packages/ea/61/638c4bdf460c3c678a0a1ef4c200f347dff80719597e53b5edb2fb27ab54/greenlet-3.2.3-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:f4bfbaa6096b1b7a200024784217defedf46a07c2eee1a498e94a1b5f8ec5728", size = 696917, upload-time = "2025-06-05T16:41:38.959Z" }, + { url = "https://files.pythonhosted.org/packages/22/cc/0bd1a7eb759d1f3e3cc2d1bc0f0b487ad3cc9f34d74da4b80f226fde4ec3/greenlet-3.2.3-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:ed6cfa9200484d234d8394c70f5492f144b20d4533f69262d530a1a082f6ee9a", size = 692443, upload-time = "2025-06-05T16:48:23.113Z" }, + { url = "https://files.pythonhosted.org/packages/67/10/b2a4b63d3f08362662e89c103f7fe28894a51ae0bc890fabf37d1d780e52/greenlet-3.2.3-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:02b0df6f63cd15012bed5401b47829cfd2e97052dc89da3cfaf2c779124eb892", size = 692995, upload-time = "2025-06-05T16:13:07.972Z" }, + { url = "https://files.pythonhosted.org/packages/5a/c6/ad82f148a4e3ce9564056453a71529732baf5448ad53fc323e37efe34f66/greenlet-3.2.3-cp314-cp314-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:86c2d68e87107c1792e2e8d5399acec2487a4e993ab76c792408e59394d52141", size = 655320, upload-time = "2025-06-05T16:12:53.453Z" }, + { url = "https://files.pythonhosted.org/packages/5c/4f/aab73ecaa6b3086a4c89863d94cf26fa84cbff63f52ce9bc4342b3087a06/greenlet-3.2.3-cp314-cp314-win_amd64.whl", hash = "sha256:8c47aae8fbbfcf82cc13327ae802ba13c9c36753b67e760023fd116bc124a62a", size = 301236, upload-time = "2025-06-05T16:15:20.111Z" }, +] + +[[package]] +name = "itsdangerous" +version = "2.2.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/9c/cb/8ac0172223afbccb63986cc25049b154ecfb5e85932587206f42317be31d/itsdangerous-2.2.0.tar.gz", hash = "sha256:e0050c0b7da1eea53ffaf149c0cfbb5c6e2e2b69c4bef22c81fa6eb73e5f6173", size = 54410, upload-time = "2024-04-16T21:28:15.614Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/04/96/92447566d16df59b2a776c0fb82dbc4d9e07cd95062562af01e408583fc4/itsdangerous-2.2.0-py3-none-any.whl", hash = "sha256:c6242fc49e35958c8b15141343aa660db5fc54d4f13a1db01a3f5891b98700ef", size = 16234, upload-time = "2024-04-16T21:28:14.499Z" }, +] + +[[package]] +name = "jinja2" +version = "3.1.6" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "markupsafe" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/df/bf/f7da0350254c0ed7c72f3e33cef02e048281fec7ecec5f032d4aac52226b/jinja2-3.1.6.tar.gz", hash = "sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d", size = 245115, upload-time = "2025-03-05T20:05:02.478Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/62/a1/3d680cbfd5f4b8f15abc1d571870c5fc3e594bb582bc3b64ea099db13e56/jinja2-3.1.6-py3-none-any.whl", hash = "sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67", size = 134899, upload-time = "2025-03-05T20:05:00.369Z" }, +] + +[[package]] +name = "markupsafe" +version = "3.0.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b2/97/5d42485e71dfc078108a86d6de8fa46db44a1a9295e89c5d6d4a06e23a62/markupsafe-3.0.2.tar.gz", hash = "sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0", size = 20537, upload-time = "2024-10-18T15:21:54.129Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/83/0e/67eb10a7ecc77a0c2bbe2b0235765b98d164d81600746914bebada795e97/MarkupSafe-3.0.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:ba9527cdd4c926ed0760bc301f6728ef34d841f405abf9d4f959c478421e4efd", size = 14274, upload-time = "2024-10-18T15:21:24.577Z" }, + { url = "https://files.pythonhosted.org/packages/2b/6d/9409f3684d3335375d04e5f05744dfe7e9f120062c9857df4ab490a1031a/MarkupSafe-3.0.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:f8b3d067f2e40fe93e1ccdd6b2e1d16c43140e76f02fb1319a05cf2b79d99430", size = 12352, upload-time = "2024-10-18T15:21:25.382Z" }, + { url = "https://files.pythonhosted.org/packages/d2/f5/6eadfcd3885ea85fe2a7c128315cc1bb7241e1987443d78c8fe712d03091/MarkupSafe-3.0.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:569511d3b58c8791ab4c2e1285575265991e6d8f8700c7be0e88f86cb0672094", size = 24122, upload-time = "2024-10-18T15:21:26.199Z" }, + { url = "https://files.pythonhosted.org/packages/0c/91/96cf928db8236f1bfab6ce15ad070dfdd02ed88261c2afafd4b43575e9e9/MarkupSafe-3.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:15ab75ef81add55874e7ab7055e9c397312385bd9ced94920f2802310c930396", size = 23085, upload-time = "2024-10-18T15:21:27.029Z" }, + { url = "https://files.pythonhosted.org/packages/c2/cf/c9d56af24d56ea04daae7ac0940232d31d5a8354f2b457c6d856b2057d69/MarkupSafe-3.0.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f3818cb119498c0678015754eba762e0d61e5b52d34c8b13d770f0719f7b1d79", size = 22978, upload-time = "2024-10-18T15:21:27.846Z" }, + { url = "https://files.pythonhosted.org/packages/2a/9f/8619835cd6a711d6272d62abb78c033bda638fdc54c4e7f4272cf1c0962b/MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:cdb82a876c47801bb54a690c5ae105a46b392ac6099881cdfb9f6e95e4014c6a", size = 24208, upload-time = "2024-10-18T15:21:28.744Z" }, + { url = "https://files.pythonhosted.org/packages/f9/bf/176950a1792b2cd2102b8ffeb5133e1ed984547b75db47c25a67d3359f77/MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:cabc348d87e913db6ab4aa100f01b08f481097838bdddf7c7a84b7575b7309ca", size = 23357, upload-time = "2024-10-18T15:21:29.545Z" }, + { url = "https://files.pythonhosted.org/packages/ce/4f/9a02c1d335caabe5c4efb90e1b6e8ee944aa245c1aaaab8e8a618987d816/MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:444dcda765c8a838eaae23112db52f1efaf750daddb2d9ca300bcae1039adc5c", size = 23344, upload-time = "2024-10-18T15:21:30.366Z" }, + { url = "https://files.pythonhosted.org/packages/ee/55/c271b57db36f748f0e04a759ace9f8f759ccf22b4960c270c78a394f58be/MarkupSafe-3.0.2-cp313-cp313-win32.whl", hash = "sha256:bcf3e58998965654fdaff38e58584d8937aa3096ab5354d493c77d1fdd66d7a1", size = 15101, upload-time = "2024-10-18T15:21:31.207Z" }, + { url = "https://files.pythonhosted.org/packages/29/88/07df22d2dd4df40aba9f3e402e6dc1b8ee86297dddbad4872bd5e7b0094f/MarkupSafe-3.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:e6a2a455bd412959b57a172ce6328d2dd1f01cb2135efda2e4576e8a23fa3b0f", size = 15603, upload-time = "2024-10-18T15:21:32.032Z" }, + { url = "https://files.pythonhosted.org/packages/62/6a/8b89d24db2d32d433dffcd6a8779159da109842434f1dd2f6e71f32f738c/MarkupSafe-3.0.2-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:b5a6b3ada725cea8a5e634536b1b01c30bcdcd7f9c6fff4151548d5bf6b3a36c", size = 14510, upload-time = "2024-10-18T15:21:33.625Z" }, + { url = "https://files.pythonhosted.org/packages/7a/06/a10f955f70a2e5a9bf78d11a161029d278eeacbd35ef806c3fd17b13060d/MarkupSafe-3.0.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:a904af0a6162c73e3edcb969eeeb53a63ceeb5d8cf642fade7d39e7963a22ddb", size = 12486, upload-time = "2024-10-18T15:21:34.611Z" }, + { url = "https://files.pythonhosted.org/packages/34/cf/65d4a571869a1a9078198ca28f39fba5fbb910f952f9dbc5220afff9f5e6/MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4aa4e5faecf353ed117801a068ebab7b7e09ffb6e1d5e412dc852e0da018126c", size = 25480, upload-time = "2024-10-18T15:21:35.398Z" }, + { url = "https://files.pythonhosted.org/packages/0c/e3/90e9651924c430b885468b56b3d597cabf6d72be4b24a0acd1fa0e12af67/MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c0ef13eaeee5b615fb07c9a7dadb38eac06a0608b41570d8ade51c56539e509d", size = 23914, upload-time = "2024-10-18T15:21:36.231Z" }, + { url = "https://files.pythonhosted.org/packages/66/8c/6c7cf61f95d63bb866db39085150df1f2a5bd3335298f14a66b48e92659c/MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d16a81a06776313e817c951135cf7340a3e91e8c1ff2fac444cfd75fffa04afe", size = 23796, upload-time = "2024-10-18T15:21:37.073Z" }, + { url = "https://files.pythonhosted.org/packages/bb/35/cbe9238ec3f47ac9a7c8b3df7a808e7cb50fe149dc7039f5f454b3fba218/MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:6381026f158fdb7c72a168278597a5e3a5222e83ea18f543112b2662a9b699c5", size = 25473, upload-time = "2024-10-18T15:21:37.932Z" }, + { url = "https://files.pythonhosted.org/packages/e6/32/7621a4382488aa283cc05e8984a9c219abad3bca087be9ec77e89939ded9/MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:3d79d162e7be8f996986c064d1c7c817f6df3a77fe3d6859f6f9e7be4b8c213a", size = 24114, upload-time = "2024-10-18T15:21:39.799Z" }, + { url = "https://files.pythonhosted.org/packages/0d/80/0985960e4b89922cb5a0bac0ed39c5b96cbc1a536a99f30e8c220a996ed9/MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:131a3c7689c85f5ad20f9f6fb1b866f402c445b220c19fe4308c0b147ccd2ad9", size = 24098, upload-time = "2024-10-18T15:21:40.813Z" }, + { url = "https://files.pythonhosted.org/packages/82/78/fedb03c7d5380df2427038ec8d973587e90561b2d90cd472ce9254cf348b/MarkupSafe-3.0.2-cp313-cp313t-win32.whl", hash = "sha256:ba8062ed2cf21c07a9e295d5b8a2a5ce678b913b45fdf68c32d95d6c1291e0b6", size = 15208, upload-time = "2024-10-18T15:21:41.814Z" }, + { url = "https://files.pythonhosted.org/packages/4f/65/6079a46068dfceaeabb5dcad6d674f5f5c61a6fa5673746f42a9f4c233b3/MarkupSafe-3.0.2-cp313-cp313t-win_amd64.whl", hash = "sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f", size = 15739, upload-time = "2024-10-18T15:21:42.784Z" }, +] + +[[package]] +name = "pycparser" +version = "2.22" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/1d/b2/31537cf4b1ca988837256c910a668b553fceb8f069bedc4b1c826024b52c/pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6", size = 172736, upload-time = "2024-03-30T13:22:22.564Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/13/a3/a812df4e2dd5696d1f351d58b8fe16a405b234ad2886a0dab9183fb78109/pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc", size = 117552, upload-time = "2024-03-30T13:22:20.476Z" }, +] + +[[package]] +name = "sqlalchemy" +version = "2.0.41" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "greenlet", marker = "(python_full_version < '3.14' and platform_machine == 'AMD64') or (python_full_version < '3.14' and platform_machine == 'WIN32') or (python_full_version < '3.14' and platform_machine == 'aarch64') or (python_full_version < '3.14' and platform_machine == 'amd64') or (python_full_version < '3.14' and platform_machine == 'ppc64le') or (python_full_version < '3.14' and platform_machine == 'win32') or (python_full_version < '3.14' and platform_machine == 'x86_64')" }, + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/63/66/45b165c595ec89aa7dcc2c1cd222ab269bc753f1fc7a1e68f8481bd957bf/sqlalchemy-2.0.41.tar.gz", hash = "sha256:edba70118c4be3c2b1f90754d308d0b79c6fe2c0fdc52d8ddf603916f83f4db9", size = 9689424, upload-time = "2025-05-14T17:10:32.339Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d3/ad/2e1c6d4f235a97eeef52d0200d8ddda16f6c4dd70ae5ad88c46963440480/sqlalchemy-2.0.41-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:4eeb195cdedaf17aab6b247894ff2734dcead6c08f748e617bfe05bd5a218443", size = 2115491, upload-time = "2025-05-14T17:55:31.177Z" }, + { url = "https://files.pythonhosted.org/packages/cf/8d/be490e5db8400dacc89056f78a52d44b04fbf75e8439569d5b879623a53b/sqlalchemy-2.0.41-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:d4ae769b9c1c7757e4ccce94b0641bc203bbdf43ba7a2413ab2523d8d047d8dc", size = 2102827, upload-time = "2025-05-14T17:55:34.921Z" }, + { url = "https://files.pythonhosted.org/packages/a0/72/c97ad430f0b0e78efaf2791342e13ffeafcbb3c06242f01a3bb8fe44f65d/sqlalchemy-2.0.41-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a62448526dd9ed3e3beedc93df9bb6b55a436ed1474db31a2af13b313a70a7e1", size = 3225224, upload-time = "2025-05-14T17:50:41.418Z" }, + { url = "https://files.pythonhosted.org/packages/5e/51/5ba9ea3246ea068630acf35a6ba0d181e99f1af1afd17e159eac7e8bc2b8/sqlalchemy-2.0.41-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dc56c9788617b8964ad02e8fcfeed4001c1f8ba91a9e1f31483c0dffb207002a", size = 3230045, upload-time = "2025-05-14T17:51:54.722Z" }, + { url = "https://files.pythonhosted.org/packages/78/2f/8c14443b2acea700c62f9b4a8bad9e49fc1b65cfb260edead71fd38e9f19/sqlalchemy-2.0.41-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:c153265408d18de4cc5ded1941dcd8315894572cddd3c58df5d5b5705b3fa28d", size = 3159357, upload-time = "2025-05-14T17:50:43.483Z" }, + { url = "https://files.pythonhosted.org/packages/fc/b2/43eacbf6ccc5276d76cea18cb7c3d73e294d6fb21f9ff8b4eef9b42bbfd5/sqlalchemy-2.0.41-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:4f67766965996e63bb46cfbf2ce5355fc32d9dd3b8ad7e536a920ff9ee422e23", size = 3197511, upload-time = "2025-05-14T17:51:57.308Z" }, + { url = "https://files.pythonhosted.org/packages/fa/2e/677c17c5d6a004c3c45334ab1dbe7b7deb834430b282b8a0f75ae220c8eb/sqlalchemy-2.0.41-cp313-cp313-win32.whl", hash = "sha256:bfc9064f6658a3d1cadeaa0ba07570b83ce6801a1314985bf98ec9b95d74e15f", size = 2082420, upload-time = "2025-05-14T17:55:52.69Z" }, + { url = "https://files.pythonhosted.org/packages/e9/61/e8c1b9b6307c57157d328dd8b8348ddc4c47ffdf1279365a13b2b98b8049/sqlalchemy-2.0.41-cp313-cp313-win_amd64.whl", hash = "sha256:82ca366a844eb551daff9d2e6e7a9e5e76d2612c8564f58db6c19a726869c1df", size = 2108329, upload-time = "2025-05-14T17:55:54.495Z" }, + { url = "https://files.pythonhosted.org/packages/1c/fc/9ba22f01b5cdacc8f5ed0d22304718d2c758fce3fd49a5372b886a86f37c/sqlalchemy-2.0.41-py3-none-any.whl", hash = "sha256:57df5dc6fdb5ed1a88a1ed2195fd31927e705cad62dedd86b46972752a80f576", size = 1911224, upload-time = "2025-05-14T17:39:42.154Z" }, +] + +[[package]] +name = "typing-extensions" +version = "4.14.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/98/5a/da40306b885cc8c09109dc2e1abd358d5684b1425678151cdaed4731c822/typing_extensions-4.14.1.tar.gz", hash = "sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36", size = 107673, upload-time = "2025-07-04T13:28:34.16Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b5/00/d631e67a838026495268c2f6884f3711a15a9a2a96cd244fdaea53b823fb/typing_extensions-4.14.1-py3-none-any.whl", hash = "sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76", size = 43906, upload-time = "2025-07-04T13:28:32.743Z" }, +] + +[[package]] +name = "werkzeug" +version = "3.1.3" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "markupsafe" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/9f/69/83029f1f6300c5fb2471d621ab06f6ec6b3324685a2ce0f9777fd4a8b71e/werkzeug-3.1.3.tar.gz", hash = "sha256:60723ce945c19328679790e3282cc758aa4a6040e4bb330f53d30fa546d44746", size = 806925, upload-time = "2024-11-08T15:52:18.093Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/52/24/ab44c871b0f07f491e5d2ad12c9bd7358e527510618cb1b803a88e986db1/werkzeug-3.1.3-py3-none-any.whl", hash = "sha256:54b78bf3716d19a65be4fceccc0d1d7b89e608834989dfae50ea87564639213e", size = 224498, upload-time = "2024-11-08T15:52:16.132Z" }, +] diff --git a/example-oauth2-server/website/__init__.py b/example-oauth2-server/website/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/example-oauth2-server/website/app.py b/example-oauth2-server/website/app.py new file mode 100644 index 0000000..af99dba --- /dev/null +++ b/example-oauth2-server/website/app.py @@ -0,0 +1,36 @@ +import os +from flask import Flask +from .models import db +from .oauth2 import config_oauth +from .routes import bp + + +def create_app(config=None): + app = Flask(__name__) + + # load default configuration + app.config.from_object('website.settings') + + # load environment configuration + if 'WEBSITE_CONF' in os.environ: + app.config.from_envvar('WEBSITE_CONF') + + # load app specified configuration + if config is not None: + if isinstance(config, dict): + app.config.update(config) + elif config.endswith('.py'): + app.config.from_pyfile(config) + + setup_app(app) + return app + + +def setup_app(app): + + db.init_app(app) + # Create tables if they do not exist already + with app.app_context(): + db.create_all() + config_oauth(app) + app.register_blueprint(bp, url_prefix='') diff --git a/example-oauth2-server/website/models.py b/example-oauth2-server/website/models.py new file mode 100644 index 0000000..b79068a --- /dev/null +++ b/example-oauth2-server/website/models.py @@ -0,0 +1,56 @@ +import time +from flask_sqlalchemy import SQLAlchemy +from authlib.integrations.sqla_oauth2 import ( + OAuth2ClientMixin, + OAuth2AuthorizationCodeMixin, + OAuth2TokenMixin, +) + +db = SQLAlchemy() + + +class User(db.Model): + id = db.Column(db.Integer, primary_key=True) + username = db.Column(db.String(40), unique=True) + + def __str__(self): + return self.username + + def get_user_id(self): + return self.id + + def check_password(self, password): + return password == 'valid' + + +class OAuth2Client(db.Model, OAuth2ClientMixin): + __tablename__ = 'oauth2_client' + + id = db.Column(db.Integer, primary_key=True) + user_id = db.Column( + db.Integer, db.ForeignKey('user.id', ondelete='CASCADE')) + user = db.relationship('User') + + +class OAuth2AuthorizationCode(db.Model, OAuth2AuthorizationCodeMixin): + __tablename__ = 'oauth2_code' + + id = db.Column(db.Integer, primary_key=True) + user_id = db.Column( + db.Integer, db.ForeignKey('user.id', ondelete='CASCADE')) + user = db.relationship('User') + + +class OAuth2Token(db.Model, OAuth2TokenMixin): + __tablename__ = 'oauth2_token' + + id = db.Column(db.Integer, primary_key=True) + user_id = db.Column( + db.Integer, db.ForeignKey('user.id', ondelete='CASCADE')) + user = db.relationship('User') + + def is_refresh_token_active(self): + if self.revoked: + return False + expires_at = self.issued_at + self.expires_in * 2 + return expires_at >= time.time() diff --git a/example-oauth2-server/website/oauth2.py b/example-oauth2-server/website/oauth2.py new file mode 100644 index 0000000..2f7d71f --- /dev/null +++ b/example-oauth2-server/website/oauth2.py @@ -0,0 +1,101 @@ +from authlib.integrations.flask_oauth2 import ( + AuthorizationServer, + ResourceProtector, +) +from authlib.integrations.sqla_oauth2 import ( + create_query_client_func, + create_save_token_func, + create_revocation_endpoint, + create_bearer_token_validator, +) +from authlib.oauth2.rfc6749 import grants +from authlib.oauth2.rfc7636 import CodeChallenge +from .models import db, User +from .models import OAuth2Client, OAuth2AuthorizationCode, OAuth2Token + + +class AuthorizationCodeGrant(grants.AuthorizationCodeGrant): + TOKEN_ENDPOINT_AUTH_METHODS = [ + 'client_secret_basic', + 'client_secret_post', + 'none', + ] + + def save_authorization_code(self, code, request): + code_challenge = request.data.get('code_challenge') + code_challenge_method = request.data.get('code_challenge_method') + auth_code = OAuth2AuthorizationCode( + code=code, + client_id=request.client.client_id, + redirect_uri=request.redirect_uri, + scope=request.scope, + user_id=request.user.id, + code_challenge=code_challenge, + code_challenge_method=code_challenge_method, + ) + db.session.add(auth_code) + db.session.commit() + return auth_code + + def query_authorization_code(self, code, client): + auth_code = OAuth2AuthorizationCode.query.filter_by( + code=code, client_id=client.client_id).first() + if auth_code and not auth_code.is_expired(): + return auth_code + + def delete_authorization_code(self, authorization_code): + db.session.delete(authorization_code) + db.session.commit() + + def authenticate_user(self, authorization_code): + return User.query.get(authorization_code.user_id) + + +class PasswordGrant(grants.ResourceOwnerPasswordCredentialsGrant): + def authenticate_user(self, username, password): + user = User.query.filter_by(username=username).first() + if user is not None and user.check_password(password): + return user + + +class RefreshTokenGrant(grants.RefreshTokenGrant): + def authenticate_refresh_token(self, refresh_token): + token = OAuth2Token.query.filter_by(refresh_token=refresh_token).first() + if token and token.is_refresh_token_active(): + return token + + def authenticate_user(self, credential): + return User.query.get(credential.user_id) + + def revoke_old_credential(self, credential): + credential.revoked = True + db.session.add(credential) + db.session.commit() + + +query_client = create_query_client_func(db.session, OAuth2Client) +save_token = create_save_token_func(db.session, OAuth2Token) +authorization = AuthorizationServer( + query_client=query_client, + save_token=save_token, +) +require_oauth = ResourceProtector() + + +def config_oauth(app): + authorization.init_app(app) + + # support all grants + authorization.register_grant(grants.ImplicitGrant) + authorization.register_grant(grants.ClientCredentialsGrant) + authorization.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) + authorization.register_grant(PasswordGrant) + authorization.register_grant(RefreshTokenGrant) + + # support revocation + revocation_cls = create_revocation_endpoint(db.session, OAuth2Token) + authorization.register_endpoint(revocation_cls) + + # protect resource + bearer_cls = create_bearer_token_validator(db.session, OAuth2Token) + require_oauth.register_token_validator(bearer_cls()) diff --git a/example-oauth2-server/website/routes.py b/example-oauth2-server/website/routes.py new file mode 100644 index 0000000..c4182a5 --- /dev/null +++ b/example-oauth2-server/website/routes.py @@ -0,0 +1,180 @@ +import time +from flask import Blueprint, request, session, url_for +from flask import render_template, redirect, jsonify +from werkzeug.security import gen_salt +from authlib.integrations.flask_oauth2 import current_token +from authlib.oauth2 import OAuth2Error +from .models import db, User, OAuth2Client +from .oauth2 import authorization, require_oauth + + +bp = Blueprint('home', __name__) + + +def current_user(): + if 'id' in session: + uid = session['id'] + return User.query.get(uid) + return None + + +def split_by_crlf(s): + return [v for v in s.splitlines() if v] + + +@bp.route('/', methods=('GET', 'POST')) +def home(): + if request.method == 'POST': + username = request.form.get('username') + user = User.query.filter_by(username=username).first() + if not user: + user = User(username=username) + db.session.add(user) + db.session.commit() + session['id'] = user.id + # if user is not just to log in, but need to head back to the auth page, then go for it + next_page = request.args.get('next') + if next_page: + return redirect(next_page) + return redirect('/') + user = current_user() + if user: + clients = OAuth2Client.query.filter_by(user_id=user.id).all() + else: + clients = [] + + return render_template('home.html', user=user, clients=clients) + + +@bp.route('/logout') +def logout(): + del session['id'] + return redirect('/') + + +@bp.route('/create_client', methods=('GET', 'POST')) +def create_client(): + user = current_user() + if not user: + return redirect('/') + if request.method == 'GET': + return render_template('create_client.html') + + client_id = gen_salt(24) + client_id_issued_at = int(time.time()) + client = OAuth2Client( + client_id=client_id, + client_id_issued_at=client_id_issued_at, + user_id=user.id, + ) + + form = request.form + client_metadata = { + "client_name": form["client_name"], + "client_uri": form["client_uri"], + "grant_types": split_by_crlf(form["grant_type"]), + "redirect_uris": split_by_crlf(form["redirect_uri"]), + "response_types": split_by_crlf(form["response_type"]), + "scope": form["scope"], + "token_endpoint_auth_method": form["token_endpoint_auth_method"] + } + client.set_client_metadata(client_metadata) + + if form['token_endpoint_auth_method'] == 'none': + client.client_secret = '' + else: + client.client_secret = gen_salt(48) + + db.session.add(client) + db.session.commit() + return redirect('/') + + +@bp.route('/edit_client/', methods=('GET', 'POST')) +def edit_client(client_id): + user = current_user() + if not user: + return redirect('/') + + client = OAuth2Client.query.filter_by(id=client_id, user_id=user.id).first() + if not client: + return redirect('/') + + if request.method == 'GET': + return render_template('edit_client.html', client=client) + + # POST 요청 처리 - 클라이언트 정보 업데이트 + form = request.form + client_metadata = { + "client_name": form["client_name"], + "client_uri": form["client_uri"], + "grant_types": split_by_crlf(form["grant_type"]), + "redirect_uris": split_by_crlf(form["redirect_uri"]), + "response_types": split_by_crlf(form["response_type"]), + "scope": form["scope"], + "token_endpoint_auth_method": form["token_endpoint_auth_method"] + } + client.set_client_metadata(client_metadata) + + # 클라이언트 시크릿 재생성이 요청된 경우 + if 'regenerate_secret' in form and form['regenerate_secret'] == 'on': + if form['token_endpoint_auth_method'] == 'none': + client.client_secret = '' + else: + client.client_secret = gen_salt(48) + + db.session.commit() + return redirect('/') + + +@bp.route('/delete_client/', methods=['POST']) +def delete_client(client_id): + user = current_user() + if not user: + return redirect('/') + + client = OAuth2Client.query.filter_by(id=client_id, user_id=user.id).first() + if client: + db.session.delete(client) + db.session.commit() + + return redirect('/') + + +@bp.route('/oauth/authorize', methods=['GET', 'POST']) +def authorize(): + user = current_user() + # if user log status is not true (Auth server), then to log it in + if not user: + return redirect(url_for('home.home', next=request.url)) + if request.method == 'GET': + try: + grant = authorization.get_consent_grant(end_user=user) + except OAuth2Error as error: + return error.error + return render_template('authorize.html', user=user, grant=grant) + if not user and 'username' in request.form: + username = request.form.get('username') + user = User.query.filter_by(username=username).first() + if request.form['confirm']: + grant_user = user + else: + grant_user = None + return authorization.create_authorization_response(grant_user=grant_user) + + +@bp.route('/oauth/token', methods=['POST']) +def issue_token(): + return authorization.create_token_response() + + +@bp.route('/oauth/revoke', methods=['POST']) +def revoke_token(): + return authorization.create_endpoint_response('revocation') + + +@bp.route('/api/me') +@require_oauth('profile') +def api_me(): + user = current_token.user + return jsonify(id=user.id, username=user.username) diff --git a/example-oauth2-server/website/settings.py b/example-oauth2-server/website/settings.py new file mode 100644 index 0000000..e69de29 diff --git a/example-oauth2-server/website/templates/authorize.html b/example-oauth2-server/website/templates/authorize.html new file mode 100644 index 0000000..10868ca --- /dev/null +++ b/example-oauth2-server/website/templates/authorize.html @@ -0,0 +1,22 @@ +

The application {{grant.client.client_name}} is requesting: +{{ grant.request.scope }} +

+ +

+ from You - a.k.a. {{ user.username }} +

+ +
+ + {% if not user %} +

You haven't logged in. Log in with:

+
+ +
+ {% endif %} +
+ +
diff --git a/example-oauth2-server/website/templates/create_client.html b/example-oauth2-server/website/templates/create_client.html new file mode 100644 index 0000000..20b3ed3 --- /dev/null +++ b/example-oauth2-server/website/templates/create_client.html @@ -0,0 +1,42 @@ + + +Home + +
+ + + + + + + + +
diff --git a/example-oauth2-server/website/templates/edit_client.html b/example-oauth2-server/website/templates/edit_client.html new file mode 100644 index 0000000..00b7ae3 --- /dev/null +++ b/example-oauth2-server/website/templates/edit_client.html @@ -0,0 +1,120 @@ + + + + OAuth Client 수정 + + + +

OAuth Client 수정

+ +
+

현재 클라이언트 정보

+

Client ID: {{ client.client_id }}

+

Client Secret: + {% if client.client_secret %} + {{ client.client_secret[:8] }}... + {% else %} + (없음 - Public Client) + {% endif %} +

+

생성일: {{ client.client_id_issued_at }}

+
+ +
+
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+
+ + +
+
+ + + + + +
+ +
+ +

위험 영역

+
+ +
+ + diff --git a/example-oauth2-server/website/templates/home.html b/example-oauth2-server/website/templates/home.html new file mode 100644 index 0000000..347d369 --- /dev/null +++ b/example-oauth2-server/website/templates/home.html @@ -0,0 +1,82 @@ +{% if user %} + +
Logged in as {{user}} (Log Out)
+ +{% for client in clients %} +
+
+Client Info
+  {%- for key in client.client_info %}
+  {{ key }}: {{ client.client_info[key] }}
+  {%- endfor %}
+Client Metadata
+  {%- for key in client.client_metadata %}
+  {{ key }}: {{ client.client_metadata[key] }}
+  {%- endfor %}
+
+
+ 수정 +
+ +
+
+
+{% endfor %} + +새 클라이언트 생성 + +{% else %} +
+ + +
+{% endif %} diff --git a/oauth2-attacker/.gitignore b/oauth2-attacker/.gitignore new file mode 100644 index 0000000..a14702c --- /dev/null +++ b/oauth2-attacker/.gitignore @@ -0,0 +1,34 @@ +# dependencies (bun install) +node_modules + +# output +out +dist +*.tgz + +# code coverage +coverage +*.lcov + +# logs +logs +_.log +report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# caches +.eslintcache +.cache +*.tsbuildinfo + +# IntelliJ based IDEs +.idea + +# Finder (MacOS) folder config +.DS_Store diff --git a/oauth2-attacker/README.md b/oauth2-attacker/README.md new file mode 100644 index 0000000..18082b0 --- /dev/null +++ b/oauth2-attacker/README.md @@ -0,0 +1,15 @@ +# oauth2-attacker + +To install dependencies: + +```bash +bun install +``` + +To run: + +```bash +bun run index.ts +``` + +This project was created using `bun init` in bun v1.2.18. [Bun](https://bun.sh) is a fast all-in-one JavaScript runtime. diff --git a/oauth2-attacker/bun.lock b/oauth2-attacker/bun.lock new file mode 100644 index 0000000..4a34a9e --- /dev/null +++ b/oauth2-attacker/bun.lock @@ -0,0 +1,34 @@ +{ + "lockfileVersion": 1, + "workspaces": { + "": { + "name": "oauth2-attacker", + "dependencies": { + "hono": "^4.8.4", + }, + "devDependencies": { + "@types/bun": "latest", + }, + "peerDependencies": { + "typescript": "^5", + }, + }, + }, + "packages": { + "@types/bun": ["@types/bun@1.2.18", "", { "dependencies": { "bun-types": "1.2.18" } }, "sha512-Xf6RaWVheyemaThV0kUfaAUvCNokFr+bH8Jxp+tTZfx7dAPA8z9ePnP9S9+Vspzuxxx9JRAXhnyccRj3GyCMdQ=="], + + "@types/node": ["@types/node@24.0.13", "", { "dependencies": { "undici-types": "~7.8.0" } }, "sha512-Qm9OYVOFHFYg3wJoTSrz80hoec5Lia/dPp84do3X7dZvLikQvM1YpmvTBEdIr/e+U8HTkFjLHLnl78K/qjf+jQ=="], + + "@types/react": ["@types/react@19.1.8", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-AwAfQ2Wa5bCx9WP8nZL2uMZWod7J7/JSplxbTmBQ5ms6QpqNYm672H0Vu9ZVKVngQ+ii4R/byguVEUZQyeg44g=="], + + "bun-types": ["bun-types@1.2.18", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-04+Eha5NP7Z0A9YgDAzMk5PHR16ZuLVa83b26kH5+cp1qZW4F6FmAURngE7INf4tKOvCE69vYvDEwoNl1tGiWw=="], + + "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="], + + "hono": ["hono@4.8.4", "", {}, "sha512-KOIBp1+iUs0HrKztM4EHiB2UtzZDTBihDtOF5K6+WaJjCPeaW4Q92R8j63jOhvJI5+tZSMuKD9REVEXXY9illg=="], + + "typescript": ["typescript@5.8.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ=="], + + "undici-types": ["undici-types@7.8.0", "", {}, "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw=="], + } +} diff --git a/oauth2-attacker/index.ts b/oauth2-attacker/index.ts new file mode 100644 index 0000000..49b8565 --- /dev/null +++ b/oauth2-attacker/index.ts @@ -0,0 +1,108 @@ +import { Hono } from 'hono' + +const app = new Hono() + +// define config +const OAUTH_CONFIG = { + authServerUrl: 'http://localhost:3020', + clientId: process.env.CLIENT_ID, // 클라이언트 등록 후 설정 필요 + clientSecret: process.env.CLIENT_SECRET, // 필요한 경우 + redirectUri: process.env.REDIRECT_URI, + scope: 'profile' +} + +app.get('/', (c) => { + + return c.html(` +

Attacker

+ +

Profile

+
+ + +
+ `) +}) + + +app.get("/profile", async (c) => { + const accessToken = c.req.query('access_token') + + try { + // 바로 프로필 조회 + const profileResponse = await fetch(`${OAUTH_CONFIG.authServerUrl}/api/me`, { + headers: { + 'Authorization': `Bearer ${accessToken}` + } + }) + + if (!profileResponse.ok) { + return c.html(` +

프로필 조회 실패

+

토큰은 발급되었지만 프로필 조회에 실패했습니다.

+

상태 코드: ${profileResponse.status}

+ 홈으로 + `) + } + + const profile = await profileResponse.json() as any + + // 토큰 정보와 프로필을 함께 표시 + return c.html(` + + + + 인증 완료 - 프로필 + + + +
+
+

👤 사용자 프로필

+
+ 사용자 ID: + ${profile.id || 'N/A'} +
+
+ 사용자명: + ${profile.username || 'N/A'} +
+
+ + ${JSON.stringify(profile, null, 2)} + +
+
+ +
+ 홈으로 +
+
+ + + `) + + } catch (error: any) { + return c.html(` +

오류 발생

+

토큰 교환 또는 프로필 조회 중 오류가 발생했습니다: ${error?.message || '알 수 없는 오류'}

+ 홈으로 + `) + } +}) + +export default { + port: 5002, + fetch: app.fetch, +} \ No newline at end of file diff --git a/oauth2-attacker/package.json b/oauth2-attacker/package.json new file mode 100644 index 0000000..12d67ea --- /dev/null +++ b/oauth2-attacker/package.json @@ -0,0 +1,19 @@ +{ + "name": "oauth2-attacker", + "module": "index.ts", + "type": "module", + "private": true, + "scripts": { + "dev": "bun run --hot index.ts", + "start": "bun run index.ts" + }, + "devDependencies": { + "@types/bun": "latest" + }, + "peerDependencies": { + "typescript": "^5" + }, + "dependencies": { + "hono": "^4.8.4" + } +} diff --git a/oauth2-attacker/tsconfig.json b/oauth2-attacker/tsconfig.json new file mode 100644 index 0000000..bfa0fea --- /dev/null +++ b/oauth2-attacker/tsconfig.json @@ -0,0 +1,29 @@ +{ + "compilerOptions": { + // Environment setup & latest features + "lib": ["ESNext"], + "target": "ESNext", + "module": "Preserve", + "moduleDetection": "force", + "jsx": "react-jsx", + "allowJs": true, + + // Bundler mode + "moduleResolution": "bundler", + "allowImportingTsExtensions": true, + "verbatimModuleSyntax": true, + "noEmit": true, + + // Best practices + "strict": true, + "skipLibCheck": true, + "noFallthroughCasesInSwitch": true, + "noUncheckedIndexedAccess": true, + "noImplicitOverride": true, + + // Some stricter flags (disabled by default) + "noUnusedLocals": false, + "noUnusedParameters": false, + "noPropertyAccessFromIndexSignature": false + } +} diff --git a/oauth2-client/.gitignore b/oauth2-client/.gitignore new file mode 100644 index 0000000..a14702c --- /dev/null +++ b/oauth2-client/.gitignore @@ -0,0 +1,34 @@ +# dependencies (bun install) +node_modules + +# output +out +dist +*.tgz + +# code coverage +coverage +*.lcov + +# logs +logs +_.log +report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# caches +.eslintcache +.cache +*.tsbuildinfo + +# IntelliJ based IDEs +.idea + +# Finder (MacOS) folder config +.DS_Store diff --git a/oauth2-client/README.md b/oauth2-client/README.md new file mode 100644 index 0000000..3515920 --- /dev/null +++ b/oauth2-client/README.md @@ -0,0 +1,114 @@ +# OAuth2 Client + +이 프로젝트는 OAuth2 서버와 연동하는 클라이언트 애플리케이션입니다. Hono.js와 Bun을 사용하여 구축되었습니다. + +## 기능 + +- OAuth2 Authorization Code Grant 플로우 구현 +- PKCE (Proof Key for Code Exchange) 지원 +- 사용자 프로필 조회 +- 쿠키 기반 세션 관리 + +## 설정 방법 + +### 1. OAuth2 서버에서 클라이언트 등록 + +먼저 OAuth2 서버에서 클라이언트를 등록해야 합니다: + +1. OAuth2 서버 실행: + ```bash + cd ../example-oauth2-server + python app.py + ``` + +2. 브라우저에서 `http://localhost:5000` 접속 + +3. 사용자 생성 (예: 사용자명 "testuser") + +4. "Create Client" 클릭하여 새 클라이언트 생성: + - **Client Name**: "OAuth2 Client Demo" + - **Client URI**: "http://localhost:3000" + - **Grant Type**: "authorization_code" + - **Redirect URI**: "http://localhost:3000/callback" + - **Response Type**: "code" + - **Scope**: "profile" + - **Token Endpoint Auth Method**: "none" (PKCE 사용 시) + +5. 생성된 **Client ID**를 복사 + +### 2. 클라이언트 설정 + +`index.ts` 파일에서 `OAUTH_CONFIG.clientId`를 설정: + +```typescript +const OAUTH_CONFIG = { + authServerUrl: 'http://localhost:5000', + clientId: 'YOUR_CLIENT_ID_HERE', // 복사한 Client ID 입력 + clientSecret: '', // PKCE 사용 시 불필요 + redirectUri: 'http://localhost:3000/callback', + scope: 'profile' +} +``` + +### 3. 클라이언트 실행 + +```bash +bun run dev +``` + +또는 + +```bash +bun index.ts +``` + +기본적으로 `http://localhost:3000`에서 실행됩니다. + +## 사용법 + +1. 브라우저에서 `http://localhost:3000` 접속 +2. "OAuth2로 로그인" 버튼 클릭 +3. OAuth2 서버로 리다이렉트됨 +4. 권한 승인 +5. 클라이언트로 다시 리다이렉트되어 로그인 완료 +6. "내 프로필 보기"로 사용자 정보 확인 가능 + +## API 엔드포인트 + +- `GET /` - 홈페이지 +- `GET /login` - OAuth2 로그인 시작 +- `GET /callback` - OAuth2 콜백 처리 +- `GET /profile` - 사용자 프로필 조회 +- `GET /logout` - 로그아웃 + +## 보안 기능 + +- **PKCE**: Code Injection 공격 방지 +- **State 매개변수**: CSRF 공격 방지 +- **HTTP-only 쿠키**: XSS 공격 방지 +- **세션 타임아웃**: 일회용 세션 데이터 + +## 주의사항 + +- 이 예제는 개발/데모 목적으로 제작되었습니다 +- 실제 운영환경에서는 다음을 고려하세요: + - HTTPS 사용 + - 안전한 세션 스토리지 (Redis 등) + - 적절한 에러 핸들링 + - 로깅 및 모니터링 + - 토큰 갱신 로직 + +## 트러블슈팅 + +### "Client ID가 설정되지 않았습니다" 오류 +- `index.ts`에서 `OAUTH_CONFIG.clientId`를 설정했는지 확인 +- OAuth2 서버에서 클라이언트를 올바르게 등록했는지 확인 + +### "유효하지 않은 redirect_uri" 오류 +- OAuth2 서버에 등록한 Redirect URI가 `http://localhost:3000/callback`인지 확인 +- 포트 번호가 일치하는지 확인 + +### "토큰 교환 실패" 오류 +- OAuth2 서버가 실행 중인지 확인 +- Client ID가 올바른지 확인 +- 네트워크 연결 상태 확인 diff --git a/oauth2-client/bun.lock b/oauth2-client/bun.lock new file mode 100644 index 0000000..10a9689 --- /dev/null +++ b/oauth2-client/bun.lock @@ -0,0 +1,40 @@ +{ + "lockfileVersion": 1, + "workspaces": { + "": { + "name": "oauth2-client", + "dependencies": { + "crypto-js": "^4.2.0", + "hono": "^4.8.4", + "pkce-challenge": "^5.0.0", + }, + "devDependencies": { + "@types/bun": "latest", + }, + "peerDependencies": { + "typescript": "^5", + }, + }, + }, + "packages": { + "@types/bun": ["@types/bun@1.2.18", "", { "dependencies": { "bun-types": "1.2.18" } }, "sha512-Xf6RaWVheyemaThV0kUfaAUvCNokFr+bH8Jxp+tTZfx7dAPA8z9ePnP9S9+Vspzuxxx9JRAXhnyccRj3GyCMdQ=="], + + "@types/node": ["@types/node@24.0.13", "", { "dependencies": { "undici-types": "~7.8.0" } }, "sha512-Qm9OYVOFHFYg3wJoTSrz80hoec5Lia/dPp84do3X7dZvLikQvM1YpmvTBEdIr/e+U8HTkFjLHLnl78K/qjf+jQ=="], + + "@types/react": ["@types/react@19.1.8", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-AwAfQ2Wa5bCx9WP8nZL2uMZWod7J7/JSplxbTmBQ5ms6QpqNYm672H0Vu9ZVKVngQ+ii4R/byguVEUZQyeg44g=="], + + "bun-types": ["bun-types@1.2.18", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-04+Eha5NP7Z0A9YgDAzMk5PHR16ZuLVa83b26kH5+cp1qZW4F6FmAURngE7INf4tKOvCE69vYvDEwoNl1tGiWw=="], + + "crypto-js": ["crypto-js@4.2.0", "", {}, "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q=="], + + "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="], + + "hono": ["hono@4.8.4", "", {}, "sha512-KOIBp1+iUs0HrKztM4EHiB2UtzZDTBihDtOF5K6+WaJjCPeaW4Q92R8j63jOhvJI5+tZSMuKD9REVEXXY9illg=="], + + "pkce-challenge": ["pkce-challenge@5.0.0", "", {}, "sha512-ueGLflrrnvwB3xuo/uGob5pd5FN7l0MsLf0Z87o/UQmRtwjvfylfc9MurIxRAWywCYTgrvpXBcqjV4OfCYGCIQ=="], + + "typescript": ["typescript@5.8.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ=="], + + "undici-types": ["undici-types@7.8.0", "", {}, "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw=="], + } +} diff --git a/oauth2-client/index.ts b/oauth2-client/index.ts new file mode 100644 index 0000000..c6c2778 --- /dev/null +++ b/oauth2-client/index.ts @@ -0,0 +1,265 @@ +import { serve } from 'bun' +import { Hono } from 'hono' +import { getCookie, setCookie } from 'hono/cookie' +import pkceChallenge from 'pkce-challenge' + +// 타입 정의 +interface TokenResponse { + access_token: string + refresh_token?: string + expires_in?: number + token_type: string +} + +interface ProfileResponse { + id: string + username: string + scope?: string +} + +interface SessionData { + codeVerifier: string + timestamp: number +} + +const app = new Hono() + +// OAuth2 서버 설정 +const OAUTH_CONFIG = { + authServerUrl: 'http://localhost:3020', + clientId: 'gUsp3BiVSz16i03ZU3gGYklc', // 클라이언트 등록 후 설정 필요 + clientSecret: 'F7wdXoewMeAxm1OSZbpmDdowyZPHd5YL4a3ubYyCyJNB1Us4', // 필요한 경우 + redirectUri: 'http://localhost:5001/callback', + scope: 'profile' +} + +// 메모리 기반 세션 스토리지 (실제 운영환경에서는 Redis 등 사용) +const sessions = new Map() + +app.get('/', async (c) => { + const accessToken = getCookie(c, 'access_token') + + if (accessToken) { + try { + const profileResponse = await fetch(`${OAUTH_CONFIG.authServerUrl}/api/me`, { + headers: { + 'Authorization': `Bearer ${accessToken}` + } + }) + + if (!profileResponse.ok) { + if (profileResponse.status === 401) { + setCookie(c, 'access_token', '', { maxAge: 0 }) + setCookie(c, 'refresh_token', '', { maxAge: 0 }) + return c.redirect('/') + } + throw new Error(`HTTP ${profileResponse.status}`) + } + + const profile = await profileResponse.json() as ProfileResponse + + return c.html(` + + + + OAuth2 Client + + + +
+

OAuth2 Client - 로그인됨

+

✅ 성공적으로 로그인되었습니다!

+

accessToken: ${accessToken}

+
+
+ 사용자 ID: ${profile.id || 'N/A'} +
+
+ 사용자명: ${profile.username || 'N/A'} +
+
+ + ${JSON.stringify(profile, null, 2)} + +
+
+ 로그아웃 +
+ + + `) + } catch (error: any) { + return c.html(` +

프로필 조회 실패

+

오류: ${error?.message || '알 수 없는 오류'}

+ 홈으로 + `) + } + } + + // 비로그인 화면 + return c.html(` + + + + OAuth2 Client + + + +
+

OAuth2 Client 데모

+
+

설정 필요:

+

1. OAuth2 서버에서 클라이언트를 등록하세요

+

2. Redirect URI: ${OAUTH_CONFIG.redirectUri}

+

3. 발급받은 Client ID를 코드에 설정하세요

+
+ OAuth2로 로그인 +
+ + + `) +}) + + +// OAuth2 로그인 시작 +app.get('/login', async (c) => { + if (!OAUTH_CONFIG.clientId) { + return c.html(` +

오류

+

Client ID가 설정되지 않았습니다. 먼저 OAuth2 서버에서 클라이언트를 등록하고 Client ID를 설정하세요.

+ 홈으로 + `) + } + + // PKCE 챌린지 생성 + const pkcePair = await pkceChallenge() + const state = Math.random().toString(36).substring(2, 15) + + // 세션에 저장 + sessions.set(state, { + codeVerifier: pkcePair.code_verifier, + timestamp: Date.now() + }) + + // 인증 URL 생성 + const authUrl = new URL('/oauth/authorize', OAUTH_CONFIG.authServerUrl) + authUrl.searchParams.set('response_type', 'code') + authUrl.searchParams.set('client_id', OAUTH_CONFIG.clientId) + authUrl.searchParams.set('redirect_uri', OAUTH_CONFIG.redirectUri) + authUrl.searchParams.set('scope', OAUTH_CONFIG.scope) + authUrl.searchParams.set('state', state) + authUrl.searchParams.set('code_challenge', pkcePair.code_challenge) + authUrl.searchParams.set('code_challenge_method', 'S256') + + return c.redirect(authUrl.toString()) +}) + +// OAuth2 콜백 처리 +app.get('/callback', async (c) => { + const code = c.req.query('code') + const state = c.req.query('state') + const error = c.req.query('error') + + if (error) { + return c.html(` +

인증 오류

+

오류: ${error}

+

설명: ${c.req.query('error_description') || '알 수 없는 오류'}

+ 홈으로 + `) + } + + if (!code || !state) { + return c.html(` +

잘못된 요청

+

인증 코드 또는 state가 누락되었습니다.

+ 홈으로 + `) + } + console.log(`Received code: ${code}, state: ${state}`) + + try { + // 토큰 교환 - client_secret_basic 방식으로 인증 + const credentials = btoa(`${OAUTH_CONFIG.clientId}:${OAUTH_CONFIG.clientSecret}`) + const tokenResponse = await fetch(`${OAUTH_CONFIG.authServerUrl}/oauth/token`, { + method: 'POST', + headers: { + 'Content-Type': 'application/x-www-form-urlencoded', + 'Authorization': `Basic ${credentials}`, + }, + body: new URLSearchParams({ + grant_type: 'authorization_code', + code, + redirect_uri: OAUTH_CONFIG.redirectUri, + code_verifier: state ? sessions.get(state)?.codeVerifier || '' : '' + }) + }) + + if (!tokenResponse.ok) { + const errorText = await tokenResponse.text() + return c.html(` +

토큰 교환 실패

+

상태 코드: ${tokenResponse.status}

+

오류: ${errorText}

+ 홈으로 + `) + } + + const tokens = await tokenResponse.json() as TokenResponse + + // 토큰을 쿠키에 저장 + setCookie(c, 'access_token', tokens.access_token, { + maxAge: tokens.expires_in || 3600, + httpOnly: true, + secure: false // HTTPS 환경에서는 true로 설정 + }) + + if (tokens.refresh_token) { + setCookie(c, 'refresh_token', tokens.refresh_token, { + maxAge: 60 * 60 * 24 * 30, // 30일 + httpOnly: true, + secure: false + }) + } + + // 세션 정리 + if (state) { + sessions.delete(state) + } + + return c.redirect('/') + + } catch (error: any) { + return c.html(` +

인증 처리 실패

+

오류: ${error?.message || '알 수 없는 오류'}

+ 홈으로 + `) + } +}) + +// 로그아웃 +app.get('/logout', (c) => { + setCookie(c, 'access_token', '', { maxAge: 0 }) + setCookie(c, 'refresh_token', '', { maxAge: 0 }) + return c.redirect('/') +}) + +export default { + port: 5001, + fetch: app.fetch, +} \ No newline at end of file diff --git a/oauth2-client/package.json b/oauth2-client/package.json new file mode 100644 index 0000000..3168ac2 --- /dev/null +++ b/oauth2-client/package.json @@ -0,0 +1,21 @@ +{ + "name": "oauth2-client", + "module": "index.ts", + "type": "module", + "private": true, + "scripts": { + "dev": "bun run --hot index.ts", + "start": "bun run index.ts" + }, + "devDependencies": { + "@types/bun": "latest" + }, + "peerDependencies": { + "typescript": "^5" + }, + "dependencies": { + "crypto-js": "^4.2.0", + "hono": "^4.8.4", + "pkce-challenge": "^5.0.0" + } +} diff --git a/oauth2-client/tsconfig.json b/oauth2-client/tsconfig.json new file mode 100644 index 0000000..bfa0fea --- /dev/null +++ b/oauth2-client/tsconfig.json @@ -0,0 +1,29 @@ +{ + "compilerOptions": { + // Environment setup & latest features + "lib": ["ESNext"], + "target": "ESNext", + "module": "Preserve", + "moduleDetection": "force", + "jsx": "react-jsx", + "allowJs": true, + + // Bundler mode + "moduleResolution": "bundler", + "allowImportingTsExtensions": true, + "verbatimModuleSyntax": true, + "noEmit": true, + + // Best practices + "strict": true, + "skipLibCheck": true, + "noFallthroughCasesInSwitch": true, + "noUncheckedIndexedAccess": true, + "noImplicitOverride": true, + + // Some stricter flags (disabled by default) + "noUnusedLocals": false, + "noUnusedParameters": false, + "noPropertyAccessFromIndexSignature": false + } +}