diff --git a/README.md b/README.md index 34cf0d3..bff9837 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,17 @@ Flaks application using FusionAuth as the identity server. This application will use an OAuth Authorization Code workflow to log users in. -First create a virtual environment +## Setup FusionAuth + +Start up the FusionAuth docker containers: + +```shell +docker compose up +``` + +Login into [FusionAuth](http://localhost:9011/) and create an API key. + +Create a virtual environment to install requirements. ```shell python -m venv venv && \ @@ -11,10 +21,18 @@ pip install -r requirements.txt && \ pip install -r setup-flask/requirements.txt ``` -Navigate to the `setup-flask` directory and execute `flask run` to run the app. +Then run the setup script supplying your ``. + +```shell +fusionauth_api_key= python setup.py +``` + +## Setup Flask + +Navigate to the `setup-flask` directory and execute the following command to run your app: ```shell -flask --app server.py run +python server.py ``` -Visit the local webserver at `http://localhost:5000/` and sign in. \ No newline at end of file +Visit the local webserver at `http://localhost:5001/` and sign in. \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index c8a0531..9bd2ffb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -fusionauth-client==1.42.0 \ No newline at end of file +fusionauth-client>=1.45.0 \ No newline at end of file diff --git a/setup-flask/server.py b/setup-flask/server.py index 0022471..c6c8cba 100644 --- a/setup-flask/server.py +++ b/setup-flask/server.py @@ -58,4 +58,4 @@ def home(): if __name__ == "__main__": - app.run(host="0.0.0.0", port=env.get("PORT", 3000)) \ No newline at end of file + app.run(host="localhost", port=env.get("PORT", 5001)) \ No newline at end of file diff --git a/setup.py b/setup.py index 7dee3ac..f18bede 100644 --- a/setup.py +++ b/setup.py @@ -38,16 +38,12 @@ # configure oauth application["oauthConfiguration"] = {} -application["oauthConfiguration"]["authorizedRedirectURLs"] = ["http://localhost:5000/callback/"] +application["oauthConfiguration"]["authorizedRedirectURLs"] = ["http://localhost:5001/callback"] application["oauthConfiguration"]["requireRegistration"] = True application["oauthConfiguration"]["enabledGrants"] = ["authorization_code", "refresh_token"] -application["oauthConfiguration"]["logoutURL"] = "http://localhost:5000/logout" +application["oauthConfiguration"]["logoutURL"] = "http://localhost:5001/logout" application["oauthConfiguration"]["clientSecret"] = "change-this-in-production-to-be-a-real-secret" -# some libraries don't support pkce, notably mozilla-django-oidc: https://github.com/mozilla/mozilla-django-oidc/issues/397 -# since we are server side and have a solid client secret, we're okay turning pkce off -application["oauthConfiguration"]["proofKeyForCodeExchangePolicy"] = "NotRequiredWhenUsingClientAuthentication" - # assign key from above to sign tokens. This needs to be asymmetric application["jwtConfiguration"] = {} application["jwtConfiguration"]["enabled"] = True