Enable HTTPS for a FlaskAppBuilder based application (for Oauth2 authentication)
My objective is to deploy a simple Flask based web app using Fabmanager served up over HTTPS and enable for OAuth2 authentication.
While I can create a simple skeleton application and deploy fairly quickly, the sample does not lend itself to be easily extended for HTTPS support. So, I thought of putting an Apache2 reverse proxy in front of the FAB app, with the Apache serving HTTPS and proxying over to HTTP for the FAB app.
However, the issue is that the redirect-uri generated by FAB app sets the protocol to be over HTTP and not HTTPS.
Here are the details of the Oauth2 redirect URL generated by the app -
- Access the app at https://redacted.compute.amazonaws.com:8080/login/
- Redirect to -https://redacted.amazoncognito.com/oauth2/authorize?response_type=code&client_id=&redirect_uri=http://**incorrect protocol.compute.amazonaws.com:8080/oauth-authorized/&scope=openid+email+profile
As an alternative option, I have tried to look into both the FAB console script and the associated 'werkzeug' the serving script in order to force HTTPS natively on the app. I did by installing the PyOpenSSL library in my virtual environment and using SSL context. However, I am getting errors when starting the application -
- Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run() File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 774, in inner
fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 660, in make_server
passthrough_errors, ssl_context, fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 601, in init
self.socket = ssl_context.wrap_socket(sock, server_side=True) AttributeError: 'Context' object has no attribute 'wrap_socket'
Thanks much for your response!
python oauth-2.0 flask-login flask-appbuilder
asked Nov 24 '18 at 0:41
Vijay SimhaVijay Simha
11
add a comment |
My objective is to deploy a simple Flask based web app using Fabmanager served up over HTTPS and enable for OAuth2 authentication.
While I can create a simple skeleton application and deploy fairly quickly, the sample does not lend itself to be easily extended for HTTPS support. So, I thought of putting an Apache2 reverse proxy in front of the FAB app, with the Apache serving HTTPS and proxying over to HTTP for the FAB app.
However, the issue is that the redirect-uri generated by FAB app sets the protocol to be over HTTP and not HTTPS.
Here are the details of the Oauth2 redirect URL generated by the app -
- Access the app at https://redacted.compute.amazonaws.com:8080/login/
- Redirect to -https://redacted.amazoncognito.com/oauth2/authorize?response_type=code&client_id=&redirect_uri=http://**incorrect protocol.compute.amazonaws.com:8080/oauth-authorized/&scope=openid+email+profile
As an alternative option, I have tried to look into both the FAB console script and the associated 'werkzeug' the serving script in order to force HTTPS natively on the app. I did by installing the PyOpenSSL library in my virtual environment and using SSL context. However, I am getting errors when starting the application -
- Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run() File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 774, in inner
fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 660, in make_server
passthrough_errors, ssl_context, fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 601, in init
self.socket = ssl_context.wrap_socket(sock, server_side=True) AttributeError: 'Context' object has no attribute 'wrap_socket'
Thanks much for your response!
python oauth-2.0 flask-login flask-appbuilder
asked Nov 24 '18 at 0:41
Vijay SimhaVijay Simha
11
add a comment |
My objective is to deploy a simple Flask based web app using Fabmanager served up over HTTPS and enable for OAuth2 authentication.
While I can create a simple skeleton application and deploy fairly quickly, the sample does not lend itself to be easily extended for HTTPS support. So, I thought of putting an Apache2 reverse proxy in front of the FAB app, with the Apache serving HTTPS and proxying over to HTTP for the FAB app.
However, the issue is that the redirect-uri generated by FAB app sets the protocol to be over HTTP and not HTTPS.
Here are the details of the Oauth2 redirect URL generated by the app -
- Access the app at https://redacted.compute.amazonaws.com:8080/login/
- Redirect to -https://redacted.amazoncognito.com/oauth2/authorize?response_type=code&client_id=&redirect_uri=http://**incorrect protocol.compute.amazonaws.com:8080/oauth-authorized/&scope=openid+email+profile
As an alternative option, I have tried to look into both the FAB console script and the associated 'werkzeug' the serving script in order to force HTTPS natively on the app. I did by installing the PyOpenSSL library in my virtual environment and using SSL context. However, I am getting errors when starting the application -
- Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run() File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 774, in inner
fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 660, in make_server
passthrough_errors, ssl_context, fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 601, in init
self.socket = ssl_context.wrap_socket(sock, server_side=True) AttributeError: 'Context' object has no attribute 'wrap_socket'
Thanks much for your response!
python oauth-2.0 flask-login flask-appbuilder
asked Nov 24 '18 at 0:41
Vijay SimhaVijay Simha
11
My objective is to deploy a simple Flask based web app using Fabmanager served up over HTTPS and enable for OAuth2 authentication.
While I can create a simple skeleton application and deploy fairly quickly, the sample does not lend itself to be easily extended for HTTPS support. So, I thought of putting an Apache2 reverse proxy in front of the FAB app, with the Apache serving HTTPS and proxying over to HTTP for the FAB app.
However, the issue is that the redirect-uri generated by FAB app sets the protocol to be over HTTP and not HTTPS.
Here are the details of the Oauth2 redirect URL generated by the app -
- Access the app at https://redacted.compute.amazonaws.com:8080/login/
- Redirect to -https://redacted.amazoncognito.com/oauth2/authorize?response_type=code&client_id=&redirect_uri=http://**incorrect protocol.compute.amazonaws.com:8080/oauth-authorized/&scope=openid+email+profile
As an alternative option, I have tried to look into both the FAB console script and the associated 'werkzeug' the serving script in order to force HTTPS natively on the app. I did by installing the PyOpenSSL library in my virtual environment and using SSL context. However, I am getting errors when starting the application -
- Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run() File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 774, in inner
fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 660, in make_server
passthrough_errors, ssl_context, fd=fd) File "/home/ubuntu/mplogin/lib/python3.6/site-packages/werkzeug/serving.py",
line 601, in init
self.socket = ssl_context.wrap_socket(sock, server_side=True) AttributeError: 'Context' object has no attribute 'wrap_socket'
Thanks much for your response!
python oauth-2.0 flask-login flask-appbuilder
python oauth-2.0 flask-login flask-appbuilder
asked Nov 24 '18 at 0:41
Vijay SimhaVijay Simha
11
asked Nov 24 '18 at 0:41
Vijay SimhaVijay Simha
11
asked Nov 24 '18 at 0:41
Vijay SimhaVijay Simha
11
asked Nov 24 '18 at 0:41
Vijay SimhaVijay Simha
11
asked Nov 24 '18 at 0:41
Vijay SimhaVijay Simha
11
11
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53454248%2fenable-https-for-a-flaskappbuilder-based-application-for-oauth2-authentication%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53454248%2fenable-https-for-a-flaskappbuilder-based-application-for-oauth2-authentication%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
