Enable HTTPS for a FlaskAppBuilder based application (for Oauth2 authentication)












0















My objective is to deploy a simple Flask based web app using Fabmanager served up over HTTPS and enable for OAuth2 authentication.
While I can create a simple skeleton application and deploy fairly quickly, the sample does not lend itself to be easily extended for HTTPS support. So, I thought of putting an Apache2 reverse proxy in front of the FAB app, with the Apache serving HTTPS and proxying over to HTTP for the FAB app.
However, the issue is that the redirect-uri generated by FAB app sets the protocol to be over HTTP and not HTTPS.
Here are the details of the Oauth2 redirect URL generated by the app -




  1. Access the app at https://redacted.compute.amazonaws.com:8080/login/

  2. Redirect to -https://redacted.amazoncognito.com/oauth2/authorize?response_type=code&client_id=&redirect_uri=http://**incorrect protocol.compute.amazonaws.com:8080/oauth-authorized/&scope=openid+email+profile


As an alternative option, I have tried to look into both the FAB console script and the associated 'werkzeug' the serving script in order to force HTTPS natively on the app. I did by installing the PyOpenSSL library in my virtual environment and using SSL context. However, I am getting errors when starting the application -





  1. Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
    self.run() File "/usr/lib/python3.6/threading.py", line 864, in run
    self._target(*self._args, **self._kwargs) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
    line 774, in inner
    fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
    line 660, in make_server
    passthrough_errors, ssl_context, fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
    line 601, in init
    self.socket = ssl_context.wrap_socket(sock, server_side=True) AttributeError: 'Context' object has no attribute 'wrap_socket'




Thanks much for your response!










share|improve this question



























    0















    My objective is to deploy a simple Flask based web app using Fabmanager served up over HTTPS and enable for OAuth2 authentication.
    While I can create a simple skeleton application and deploy fairly quickly, the sample does not lend itself to be easily extended for HTTPS support. So, I thought of putting an Apache2 reverse proxy in front of the FAB app, with the Apache serving HTTPS and proxying over to HTTP for the FAB app.
    However, the issue is that the redirect-uri generated by FAB app sets the protocol to be over HTTP and not HTTPS.
    Here are the details of the Oauth2 redirect URL generated by the app -




    1. Access the app at https://redacted.compute.amazonaws.com:8080/login/

    2. Redirect to -https://redacted.amazoncognito.com/oauth2/authorize?response_type=code&client_id=&redirect_uri=http://**incorrect protocol.compute.amazonaws.com:8080/oauth-authorized/&scope=openid+email+profile


    As an alternative option, I have tried to look into both the FAB console script and the associated 'werkzeug' the serving script in order to force HTTPS natively on the app. I did by installing the PyOpenSSL library in my virtual environment and using SSL context. However, I am getting errors when starting the application -





    1. Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
      self.run() File "/usr/lib/python3.6/threading.py", line 864, in run
      self._target(*self._args, **self._kwargs) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
      line 774, in inner
      fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
      line 660, in make_server
      passthrough_errors, ssl_context, fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
      line 601, in init
      self.socket = ssl_context.wrap_socket(sock, server_side=True) AttributeError: 'Context' object has no attribute 'wrap_socket'




    Thanks much for your response!










    share|improve this question

























      0












      0








      0








      My objective is to deploy a simple Flask based web app using Fabmanager served up over HTTPS and enable for OAuth2 authentication.
      While I can create a simple skeleton application and deploy fairly quickly, the sample does not lend itself to be easily extended for HTTPS support. So, I thought of putting an Apache2 reverse proxy in front of the FAB app, with the Apache serving HTTPS and proxying over to HTTP for the FAB app.
      However, the issue is that the redirect-uri generated by FAB app sets the protocol to be over HTTP and not HTTPS.
      Here are the details of the Oauth2 redirect URL generated by the app -




      1. Access the app at https://redacted.compute.amazonaws.com:8080/login/

      2. Redirect to -https://redacted.amazoncognito.com/oauth2/authorize?response_type=code&client_id=&redirect_uri=http://**incorrect protocol.compute.amazonaws.com:8080/oauth-authorized/&scope=openid+email+profile


      As an alternative option, I have tried to look into both the FAB console script and the associated 'werkzeug' the serving script in order to force HTTPS natively on the app. I did by installing the PyOpenSSL library in my virtual environment and using SSL context. However, I am getting errors when starting the application -





      1. Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
        self.run() File "/usr/lib/python3.6/threading.py", line 864, in run
        self._target(*self._args, **self._kwargs) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
        line 774, in inner
        fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
        line 660, in make_server
        passthrough_errors, ssl_context, fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
        line 601, in init
        self.socket = ssl_context.wrap_socket(sock, server_side=True) AttributeError: 'Context' object has no attribute 'wrap_socket'




      Thanks much for your response!










      share|improve this question














      My objective is to deploy a simple Flask based web app using Fabmanager served up over HTTPS and enable for OAuth2 authentication.
      While I can create a simple skeleton application and deploy fairly quickly, the sample does not lend itself to be easily extended for HTTPS support. So, I thought of putting an Apache2 reverse proxy in front of the FAB app, with the Apache serving HTTPS and proxying over to HTTP for the FAB app.
      However, the issue is that the redirect-uri generated by FAB app sets the protocol to be over HTTP and not HTTPS.
      Here are the details of the Oauth2 redirect URL generated by the app -




      1. Access the app at https://redacted.compute.amazonaws.com:8080/login/

      2. Redirect to -https://redacted.amazoncognito.com/oauth2/authorize?response_type=code&client_id=&redirect_uri=http://**incorrect protocol.compute.amazonaws.com:8080/oauth-authorized/&scope=openid+email+profile


      As an alternative option, I have tried to look into both the FAB console script and the associated 'werkzeug' the serving script in order to force HTTPS natively on the app. I did by installing the PyOpenSSL library in my virtual environment and using SSL context. However, I am getting errors when starting the application -





      1. Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
        self.run() File "/usr/lib/python3.6/threading.py", line 864, in run
        self._target(*self._args, **self._kwargs) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
        line 774, in inner
        fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
        line 660, in make_server
        passthrough_errors, ssl_context, fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
        line 601, in init
        self.socket = ssl_context.wrap_socket(sock, server_side=True) AttributeError: 'Context' object has no attribute 'wrap_socket'




      Thanks much for your response!







      python oauth-2.0 flask-login flask-appbuilder






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 24 '18 at 0:41









      Vijay SimhaVijay Simha

      11




      11
























          0






          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53454248%2fenable-https-for-a-flaskappbuilder-based-application-for-oauth2-authentication%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53454248%2fenable-https-for-a-flaskappbuilder-based-application-for-oauth2-authentication%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          404 Error Contact Form 7 ajax form submitting

          How to know if a Active Directory user can login interactively

          Refactoring coordinates for Minecraft Pi buildings written in Python