#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. """ Google OAuth plugin: Requires ponymail.yaml to have an oauth section like so: oauth: google_client_id: your-client-id-here """ import google.auth.transport.urllib3 # type: ignore import google.oauth2.id_token # type: ignore import plugins.server import plugins.session import typing import urllib3 async def process(formdata: dict, _session, server: plugins.server.BaseServer) -> typing.Optional[dict]: js: typing.Optional[dict] = None request = google.auth.transport.urllib3.Request(urllib3.PoolManager()) # This is a synchronous process, so we offload it to an async runner in order to let the main loop continue. id_info = await server.runners.run( google.oauth2.id_token.verify_oauth2_token, formdata.get("id_token"), request, server.config.oauth.google_client_id, ) if id_info and "email" in id_info: js = { "email": id_info["email"], "name": id_info["email"], "oauth_domain": "www.googleapis.com", } return js