app.py

from flask import abort, Flask, redirect, request
from flask.views import View
from os import urandom, environ
from hydra_client import HydraAdmin
from db import User

HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']

app = Flask(__name__)

@app.route('/', methods=['GET'])
def home():
    hydra = HydraAdmin(HYDRA_ADMIN_URL)
    challenge = request.args.get("consent_challenge")
    if not challenge:
        abort(400)
    consent_request = hydra.consent_request(challenge)
    app_name = consent_request.client["client_name"]
    username = consent_request.subject
    user = User(username)
    access_granted = user.has_app_permission(app_name)
    if access_granted:
        session = user.get_oauth_session()
        return redirect(consent_request.accept(
            grant_scope=consent_request.requested_scope,
            grant_access_token_audience=consent_request.requested_access_token_audience,
            session=session,
            ))
    else:
        return redirect(consent_request.reject(
            "Permission denied",
            error_description="Login request was denied due to missing application permission")
            )
    abort(400)

if __name__ == '__main__':
    app.run()