ENG-3631: added azure auth

azure-auth/azure_auth/.gitignore

@@ -0,0 +1,4 @@
+*.db
+*.py[cod]
+.web
+__pycache__/

azure-auth/azure_auth/auth/core.py

@@ -0,0 +1,68 @@
+from urllib.parse import parse_qs, urlparse
+import msal
+import reflex as rx
+from typing import Dict
+
+client_id: str = "0df2a88e-fddb-4cc2-b3e0-f475f162b373"
+client_secret: str = ""
+tenant_id: str = "f2c9cbbe-006b-46b8-9ad0-d877d8446d6d"
+redirect_uri: str = "http://localhost:3000/callback"
+authority = f"https://login.microsoftonline.com/{tenant_id}"
+login_redirect = "/home"
+cache = msal.TokenCache()
+
+
+sso_app: msal.ClientApplication = (
+    msal.ConfidentialClientApplication
+    if client_secret
+    else msal.PublicClientApplication
+)(
+    client_id=client_id,
+    client_credential=client_secret,
+    authority=authority,
+    token_cache=cache,
+)
+
+
+class State(rx.State):
+    token: Dict[str, str] = {}
+    access_token: str = " "
+    flow: dict
+
+    def redirect_sso(self, scope=[]) -> rx.Component:
+        self.flow = sso_app.initiate_auth_code_flow(
+            scopes=scope, redirect_uri=redirect_uri
+        )
+        return rx.redirect(self.flow["auth_uri"])
+
+    def require_auth(self):
+        if not self.token:
+            rx.input()
+            return self.redirect_sso()
+
+    @rx.var
+    def check_auth(self):
+        return True if self.token else False
+
+    def logout(self):
+        self.token = {}
+        return rx.redirect(authority + "/oauth2/v2.0/logout")
+
+    def callback(self):
+        query_components = parse_qs(urlparse(self.router.page.raw_path).query)
+
+        auth_response = {
+            "code": query_components["code"][0],
+            "client_info": query_components["client_info"][0],
+            "state": query_components["state"][0],
+            "session_state": query_components["session_state"][0],
+            "client-secret": client_secret,
+        }
+        result = sso_app.acquire_token_by_auth_code_flow(
+            self.flow, auth_response, scopes=[]
+        )
+        self.access_token = result[
+            "access_token"
+        ]  # this can be used for accessing graph
+        self.token = result["id_token_claims"]
+        return rx.redirect(login_redirect)

azure-auth/azure_auth/azure_auth.py

@@ -0,0 +1,15 @@
+"""Welcome to Reflex! This file outlines the steps to create a basic app."""
+
+import reflex as rx
+
+from rxconfig import config
+from azure_auth.pages import callback, home, logout
+
+
+class State(rx.State):
+    """The app state."""
+
+    ...
+
+
+app = rx.App()

azure-auth/azure_auth/pages/__init__.py

@@ -0,0 +1,25 @@
+import reflex as rx
+from azure_auth.auth.core import State as SsoState
+
+
+@rx.page(route="/callback", on_load=SsoState.callback)
+def callback() -> rx.Component:
+    return rx.container()
+
+
+@rx.page(route="/logout", on_load=SsoState.logout)
+def logout() -> rx.Component:
+    return rx.container("Logged out")
+
+
+@rx.page(route="/home", on_load=SsoState.require_auth)
+def home() -> rx.Component:
+    return rx.container(rx.cond(SsoState.check_auth, auth_view(), unauth_view()))
+
+
+def auth_view() -> rx.Component:
+    return rx.text(f"Hello {SsoState.token['name']}")
+
+
+def unauth_view() -> rx.Component:
+    return rx.text("Unauthorized, redirected...")

azure-auth/requirements.txt

@@ -0,0 +1,2 @@
+reflex==0.5.10
+msal==1.31.0

azure-auth/rxconfig.py

@@ -0,0 +1,5 @@
+import reflex as rx
+
+config = rx.Config(
+    app_name="azure_auth",
+)