app.py

from flask import abort, Flask, redirect, request
from flask.views import View
from os import urandom, environ
from hydra_client import HydraAdmin
from db import User
import urllib

HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']

app = Flask(__name__)

@app.route('/', methods=['GET'])
def home():
    hydra = HydraAdmin(HYDRA_ADMIN_URL)
    challenge = request.args.get("consent_challenge")
    if not challenge:
        abort(403)
    consent_request = hydra.consent_request(challenge)
    app_name = consent_request.client["client_name"]
    username = consent_request.subject
    try:
        user = User(username)
    except urllib.error.HTTPError as e:
        # TODO: replace with propper logging via logger
        print("Retrieving user object from GraphQL server failed")
        print(e)
        return redirect(consent_request.reject(
            "Permission denied",
            error_description="Login request was denied due to an internal server error"))
    access_granted = user.has_app_permission(app_name)
    if access_granted:
        session = user.get_oauth_session()
        return redirect(consent_request.accept(
            grant_scope=consent_request.requested_scope,
            grant_access_token_audience=consent_request.requested_access_token_audience,
            session=session,
            ))
    return redirect(consent_request.reject(
        "Permission denied",
        error_description="Login request was denied due to missing application permission"))

if __name__ == '__main__':
    app.run()