began working on oauth auth flow

docker-compose.yml

@@ -7,6 +7,8 @@ services:
       - db
     volumes:
       - ./markdownblog:/markdownblog
+      # mount lets encrypt cert pem file
+      - ./cloud-cdaut-de-chain.pem:/le_cert.pem
     ports:
       - "8000:8000"
     env_file:

markdownblog/markdownblog/templates/registration/login.html

@@ -27,7 +27,7 @@
         </form>
         {% for auth_method in AUTHLIB_OAUTH_CLIENTS %}
             <div class="row mt-3">
-                <a href="#">
+                <a href="{% url 'oauth' provider=auth_method %}">
                     <div class="col s6 z-depth-3 round-corner oauth-option">
                         <p class="oauth-option">Log in via {{ auth_method }}</p>
                     </div>

markdownblog/markdownblog/urls.py

@@ -1,6 +1,6 @@
 from django.contrib import admin
 from django.urls import path, include
-from markdownblog.views import login_view
+from markdownblog.views import login_view, oauth_view, oauth_authorize
 
 import django_2fa.urls
 
@@ -10,4 +10,6 @@ urlpatterns = [
     path('accounts/login/', login_view),
     path('accounts/', include('django.contrib.auth.urls')),
     path('accounts/2fa/', include(django_2fa.urls)),
+    path('accounts/oauth/<str:provider>/', oauth_view, name='oauth'),
+    path('accounts/oauth/<str:provider>/authorize/',oauth_authorize, name='oauth_authorize')
 ]

markdownblog/markdownblog/views.py

@@ -2,7 +2,9 @@ from django.conf import settings
 from django.contrib.auth.views import LoginView
 from django.shortcuts import render, redirect
 from django.contrib.auth import authenticate, login
+from authlib.integrations.django_client import OAuth
 
+oauth = OAuth()
 
 def login_view(request):
     context = {'AUTHLIB_OAUTH_CLIENTS': settings.AUTHLIB_OAUTH_CLIENTS, 'form': LoginView.authentication_form}
@@ -23,3 +25,24 @@ def login_view(request):
                 context['error'] = "Invalid credentials"
 
     return render(request, 'registration/login.html', context)
+
+
+def oauth_view(request, provider):
+    context = {'AUTHLIB_OAUTH_CLIENTS': settings.AUTHLIB_OAUTH_CLIENTS, 'form': LoginView.authentication_form}
+
+    if provider == 'nextcloud':
+        oauth.register("nextcloud")
+        redirect_uri = request.build_absolute_uri("/accounts/oauth/nextcloud/authorize/")
+        return oauth.nextcloud.authorize_redirect(request, redirect_uri)
+    else:
+        context['error'] = f'Unknown oauth provider \"{provider}\"'
+        return render(request, 'registration/login.html', context)
+
+def oauth_authorize(request, provider):
+    if provider == 'nextcloud':
+        token = oauth.nextcloud.authorize_access_token(request)
+        resp = oauth.nextcloud.get('user', token=token)
+    resp.raise_for_status()
+    profile = resp.json()
+    # do something with the token and profile
+    return '...'

markdownblog/requirements.txt

@@ -10,3 +10,4 @@ Werkzeug==2.1.2
 pyOpenSSL==22.0.0
 authlib==1.2.0
 requests==2.28.1
+certifi==2022.12.7