This project serves as a proof of concept (POC) for integrating King Abdulaziz University's (KAU) portal with OAuth2hrough Google and Azure as Identity Providers (IdPs), implemented using Flask framework.
The goal of this project is to demonstrate how to securely authenticate King Abdulaziz University's users using their Google or Azure accounts.
- OAuth2 Authentication: Implements OAuth2 framework to authorize access to the KAU portal using Google and Azure accounts.
- Flask Boilerplate: Provides a basic Flask application structure that can be easily extended and customized.
- Security Guidelines: Ensures that the entire authentication flow adheres to industry-standard security protocols.
- User-Friendly: Simplifies the login process for users via their existing Google or Azure accounts.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
- Python 3.9 or later
- Google Developer Account for the sign-in with google route
- Azure Developer Account for the sign-in with microsoft route
- Clone this repository to your local machine or to a github codespace.
- Install the required Python packages.
- Set up your environment variables in a .env file including your Google and Azure credentials. see .env.example file for an example.
Navigate to the Google Developer Console and create a new project. Then navigate to APIs & Services > Credentials, create new OAuth2.0 credentials, download the client secret JSON file, and note the client ID and client secret.
Make sure to add a redirect URI to your server URL callback route. For running locally, the redirect URI will be http://localhost/api/auth/google/callback.
Finally, go to the OAuth consent screen and complete the required fields.
Setup an Azure account with your University's email address. Then in the Azure Portal, navigate to Microsoft Entra ID > App registrations. Create a new app, follow the same steps as the Google setup to create the client ID and secret from the Certificate & secrets tab, and save your client ID and client secret.
FInally, go to the API permissions tab and add the required permissions. For this demo, we will need to add the following permissions: email, openid, profile, User.Read, offline_access.
Make sure you add a redirect URI from the Authentication tab. For running locally, the redirect URI will be http://localhost/api/auth/azure/callback.
The project structure is as follows:
/project
|-- /auth/
| |-- /providers/
| | |-- google.py
| | |-- azure.py
| |-- __init__.py
| |-- login.py
|-- /src/
| |-- __init__.py
| |-- base.py
| |-- user.py
|-- /templates/
|-- app.py
|-- .env
|-- requirements.txt
|-- README.md
|-- LICENSE
|-- .gitignore
authdirectory contains the authentication logic, including the Google and Azure providers.srcdirectory contains the main application logic, database and configuration.
Rename the .env.example file to .env and add your Google and Azure credentials to the file.
This project is licensed under the MIT License.
Feel free to connect with me on my social platforms: