GitHub Quickstart¶
Setup Application¶
Visit https://github.com/settings/applications/new
to register an application on GitHub. The application’s “authorization
callback URL” must be http://localhost:5000/login/github/authorized
.
Take note of the “Client ID” and “Client Secret” for the application.
Code¶
from flask import Flask, redirect, url_for
from flask_dance.contrib.github import make_github_blueprint, github
app = Flask(__name__)
app.secret_key = "supersekrit"
blueprint = make_github_blueprint(
client_id="my-key-here",
client_secret="my-secret-here",
)
app.register_blueprint(blueprint, url_prefix="/login")
@app.route("/")
def index():
if not github.authorized:
return redirect(url_for("github.login"))
resp = github.get("/user")
assert resp.ok
return "You are @{login} on GitHub".format(login=resp.json()["login"])
if __name__ == "__main__":
app.run()
Note
You must replace my-key-here
and my-secret-here
with the client ID
and client secret that you got from your GitHub application.
Note
If you are running this code on Heroku, you’ll need to use the
werkzeug.contrib.fixers.ProxyFix
middleware. See Proxies and HTTPS.
When you run this code, you must set the OAUTHLIB_INSECURE_TRANSPORT
environment variable for it to work. For example, if you put this code in a
file named github.py
, you could run:
$ export OAUTHLIB_INSECURE_TRANSPORT=1
$ python github.py
Visit localhost:5000 in your browser, and you should start the OAuth dance immediately.
Warning
Do NOT set OAUTHLIB_INSECURE_TRANSPORT
in production. Setting
this variable allows you to use insecure http
for OAuth communication.
However, for security, all OAuth interactions must occur over secure
https
when running in production.
Explanation¶
This code makes a blueprint that implements the views
necessary to be a consumer in the OAuth dance. The
blueprint has two views: /github
, which is the view that the user visits
to begin the OAuth dance, and /github/authorized
, which is the view that
the user is redirected to at the end of the OAuth dance. Because we set the
url_prefix
to be /login
, the end result is that the views are at
/login/github
and /login/github/authorized
. The second view is the
“authorized callback URL” that you must tell GitHub about when you create
the application.
The github
variable is a requests.Session
instance, which will be
be preloaded with the user’s access token once the user has gone through the
OAuth dance. You can check the github.authorized
boolean to determine if
the access token is loaded. Whether the access token is loaded or not,
you can use all the normal requests
methods, like
get()
and post()
,
to make HTTP requests. If you only specify the path component of the URL,
the domain will default to https://api.github.com
.