OpenId Connect Authentication with Python (Authlib)

To log in a user according to this guide, you must have configured an application (client) as a web application (server).

To log in a user, you can use the OpenID Connect support available in Authlib.

from authlib.integrations.flask_client import OAuth

oauth = OAuth(app)
oauth.register(
    name="authway",
    client_id="client-id-from-portal",
    client_secret="client-secret-from-portal",
    server_metadata_url="https://environment-company.irmciam.se/.well-known/openid-configuration",
    client_kwargs={
        "scope": "openid profile email org"
    }
)

@app.route("/login")
def login():
    redirect_uri = url_for("callback", _external=True)
    return oauth.authway.authorize_redirect(
        redirect_uri,
        code_challange_method="S256"
    )

@app.route("/callback")
def callback():
    token = oauth.authway.authorize_access_token()
    id_token = token["id_token"]
    access_token = token["access_token"]

    userinfo = oauth.authway.userinfo()
    # userinfo includes claim (values) that are part of requested scopes
    return f"Hello {userinfo['given_name']}"