2

I'm working in Flask on creating a JMML ("Join my mailing list") widget that submits data to an email marketing platform, and the platform follows an OAuth2 flow. The basic flow is:

  1. I create access URL using a the base API URL, an API key, and a redirect URI
  2. The program accesses this URL, and the user of the program is redirected to the marketing platform to log in and grant access.
  3. The marketing platform performs another redirect back to the redirect URI that I provided. The URI is appended with the access token that I need to provide with app POST requests of my JMML. Here's an example of what the returned URI looks like:

http://localhost:5000/redirect_url#access_token=2C1zxo3O0J1yo5Odolypuo9DSmcI

Here's the problem I'm having: I have no idea how, programmatically, to use that final redirect url/uri as a variable in Python.I could make the user copy/paste it into a field, but there's gotta be a better way. I honestly don't even know the terminology for a redirected-redirect like this.

It's pathetic, and I'm lost, but here's what I have so far:

@app.route('/redirect_url')
def redirect_url():
    # I have no idea how to actaully get the parameter out of the redirect url.
    pass

I've checked the API documentation for the email marketing company's API, but they only provide code tips for handling Oauth2 in Ruby and PHP. Help!

IonicSolutions
  • 2,559
  • 1
  • 18
  • 31
Matt Lefevre
  • 75
  • 1
  • 9
  • 2
    Are you certain that the uri has that hash symbol `#access_token=` instead of a question mark - `?access_token=` ? – xyres Jul 19 '18 at 04:48
  • 1
    If you can change it to `redirect_url?access_token` instead of `redirect_url#access_token`, refer to: [How do you get a query string on Flask?](https://stackoverflow.com/questions/11774265/how-do-you-get-a-query-string-on-flask). – metatoaster Jul 19 '18 at 04:55
  • Unfortunately, I don't have any control over how it's returned. It's definitely #access_token - the example was copied verbatim from one of my tests. – Matt Lefevre Jul 19 '18 at 05:01
  • @MattLefevre Well, hash fragments aren't sent to the server, so I don't see a way to read that value. Can you provide a link of the API docs of the email marketing company? – xyres Jul 19 '18 at 05:09
  • 1
    You should be able to extract the fragment with JavaScript. – Klaus D. Jul 19 '18 at 05:22
  • Your were right, Klaus. It seems i happened into the Client-side Oauth flow, and I was trying to implement it as if it were server-side. I'll definitely need Javascript to get it out. – Matt Lefevre Jul 19 '18 at 21:53

2 Answers2

1

There is a good blog post by Miguel Grinberg, where he describes how to work with OAuth in the flask application. Though I think that workflow will stay the same with any other web application.

Montreal
  • 2,143
  • 5
  • 18
  • 28
0

Based on this it seems like you should be able to get the access token by getting the variable parameter from the url. I do not have your full code so i cant test, nor have I tried it with an # in the url, but this should work

@app.route('/originalurl')
@app.route('/redirect_url#<access_token>')
def show_user_profile(access_token):
    if access_token:
        #do work
        return redirect(url_for('Anotherview')

    return render_template('template.hmtl')

Otherwise we need more info on the api you are using Oauth with

Clint
  • 167
  • 2
  • 11