-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmercadopago-oauth.py
337 lines (292 loc) · 10.8 KB
/
mercadopago-oauth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# This file is part of the MercadoPagoAPI-OAuth-Python Project
# (https://github.com/juniors90/MercadoPagoAPI-OAuth-Python/).
# Copyright (c) 2022, Ferreira Juan David
# License: MIT
# Full Text:
# https://github.com/juniors90/MercadoPagoAPI-OAuth-Python-Example/blob/master/LICENSE
# =============================================================================
# DOCS
# =============================================================================
"""MercadoPagoAPI-OAuth2-Python-Example
Implementation of Mercado Pago API OAuth in Flask.
"""
# =============================================================================
# IMPORTS
# =============================================================================
import datetime
import json
import logging
import os
import uuid
from dotenv import load_dotenv
from flask import (
Flask,
redirect,
render_template,
request,
session,
url_for,
)
import requests
load_dotenv()
app = Flask(__name__)
app.secret_key = "super-secret"
SERVER_URL = "http://localhost:5000"
settings = {
"title": "Mercadopago API with Python",
"base_url": "https://api.mercadopago.com/v1",
"authorization_endpoint": "https://auth.mercadopago.com.ar/authorization",
"token_endpoint": "https://api.mercadopago.com/oauth/token",
"APP_ACCESS_TOKEN": os.environ.get("APP_ACCESS_TOKEN"),
"client_id": os.environ.get("CLIENT_ID"),
"client_secret": os.environ.get("CLIENT_SECRET"),
"callback_url": os.environ.get("CALLBACK_URL"),
"response_type": "code",
"state": uuid.uuid1(),
"org_connection_completed_url": os.environ.get(
"ORG_CONNECTION_COMPLETED_URL"
),
"access_token": "",
"token_type": "",
"expires_in": "",
"scope": "",
"user_id": "",
"refresh_token": "",
"public_key": "",
"live_mode": "",
"access_token_details": "",
"code": "",
"api_response": "",
}
# Leave the line below as-is. This line of code verifies
# that you've modified the APP_ACCESS_TOKEN, CALLBACK_URL,
# CLIENT_ID, CLIENT_SECRET, CLIENT_REDIRECT_URI to the
# values above so that your application can complete OAuth.
assert (
os.environ["APP_ACCESS_TOKEN"] != "place_app_access_token_here"
), "You need to update your config key APP_ACCESS_TOKEN in this line"
assert (
os.environ.get("CALLBACK_URL") != "place_client_redirect_uri_here"
), "You need to update your config key CALLBACK_URL in this line"
assert (
os.environ.get("CLIENT_ID") != "place_client_id_here"
), "You need to update your config key CLIENT_ID in this line"
assert (
os.environ.get("CLIENT_SECRET") != "place_client_secret_here"
), "You need to update your config key CLIENT_SECRET in this line"
assert (
os.environ.get("ORG_CONNECTION_COMPLETED_URL") != "place_org_url_here"
), "You need to update your config key ORG_CONNECTION_COMPLETED_URL in this line"
def update_token_info(res):
json_response = res.json()
seconds = json_response["expires_in"]
expire_in = datetime.datetime.now() + datetime.timedelta(seconds=seconds)
session["access_token"] = json_response["access_token"]
session["expires_in"] = expire_in
session["token_type"] = json_response["token_type"]
session["refresh_token"] = json_response["refresh_token"]
session["scope"] = json_response["scope"]
session["user_id"] = json_response["user_id"]
session["refresh_token"] = json_response["refresh_token"]
session["public_key"] = json_response["public_key"]
session["live_mode"] = json_response["live_mode"]
access_token_details = {
"access_token": json_response["access_token"],
"token_type": json_response["token_type"],
"scope": json_response["scope"],
"user_id": json_response["user_id"],
"refresh_token": json_response["refresh_token"],
"public_key": json_response["public_key"],
"live_mode": json_response["live_mode"],
}
session["access_token_details"] = json.dumps(
access_token_details, indent=4
)
def update_settings_info(api_response=None):
settings["access_token"] = session["access_token"]
settings["token_type"] = session["token_type"]
settings["expires_in"] = session["expires_in"]
settings["scope"] = session["scope"]
settings["user_id"] = session["user_id"]
settings["refresh_token"] = session["refresh_token"]
settings["public_key"] = session["public_key"]
settings["live_mode"] = session["live_mode"]
settings["access_token_details"] = session["access_token_details"]
settings["api_response"] = "" if api_response is None else api_response
def delete_settings_info():
settings.pop("access_token")
settings.pop("token_type")
settings.pop("expires_in")
settings.pop("scope")
settings.pop("user_id")
settings.pop("refresh_token")
settings.pop("public_key")
settings.pop("live_mode")
settings.pop("access_token_details")
settings.pop("api_response")
def get_location(endpoint):
return settings[endpoint]
def api_get(access_token, resource_url):
headers = {
"Authorization": "Bearer " + access_token,
"Content-Type": "application/json",
}
res = requests.get(resource_url, headers=headers)
return res
def render_error(message, title=None):
_title = settings["title"] if title is None else title
ctx = {
"title": _title,
"error": message,
}
return render_template("error.html", **ctx)
def get_oidc_query_string():
query_params = {
"response_type": settings["response_type"],
"client_id": settings["client_id"],
"state": settings["state"],
"redirect_uri": settings["callback_url"],
}
params = [f"{key}={value}" for key, value in query_params.items()]
return "&".join(params)
@app.route("/", methods=["POST"])
def start_oidc():
settings["response_type"] = request.form["response_type"]
settings["client_id"] = request.form["client_id"]
settings["state"] = request.form["state"]
settings["callback_url"] = request.form["callback_url"]
redirect_url = (
f"{get_location('authorization_endpoint')}?{get_oidc_query_string()}"
)
return redirect(redirect_url, code=302)
@app.route("/callback")
def process_callback():
try:
code = request.args["code"]
headers = {
"Authorization": "Bearer " + settings["APP_ACCESS_TOKEN"],
"Content-Type": "application/json",
}
payload = {
"client_id": settings["client_id"],
"client_secret": settings["client_secret"],
"code": code,
"grant_type": "authorization_code",
"redirect_uri": settings["callback_url"],
}
token_endpoint = get_location("token_endpoint")
res = requests.post(token_endpoint, headers=headers, params=payload)
update_token_info(res)
update_settings_info()
organization_access_url = settings["org_connection_completed_url"]
if organization_access_url is not None:
return redirect(organization_access_url, code=302)
return index()
except Exception as e:
logging.exception(e)
return render_error("Error getting token!")
@app.route("/call-api", methods=["POST"])
def call_the_api():
try:
url = request.form["url"]
headers = {
"Authorization": "Bearer " + settings["access_token"],
"Content-Type": "application/json",
}
res = requests.get(url, headers=headers)
res_json = res.json()
session["api_response"] = json.dumps(res_json, indent=4)
update_settings_info(api_response=session["api_response"])
return index()
except Exception as e:
logging.exception(e)
return render_error("Error calling API!")
@app.route("/refresh-access-token")
def refresh_access_token():
try:
headers = {
"Authorization": "Bearer " + settings["APP_ACCESS_TOKEN"],
"Content-Type": "application/json",
}
payload = {
"client_id": settings["client_id"],
"client_secret": settings["client_secret"],
"code": settings["code"],
"grant_type": "refresh_token",
"redirect_uri": settings["callback_url"],
"refresh_token": settings["refresh_token"],
}
token_endpoint = get_location("token_endpoint")
res = requests.post(token_endpoint, params=payload, headers=headers)
update_token_info(res)
update_settings_info()
return redirect(url_for("index"))
except Exception as e:
logging.exception(e)
return render_error("Error getting refresh token!")
@app.route("/preferences")
def preferences():
try:
url = "https://api.mercadopago.com/checkout/preferences"
params = {
"items": [
{
"title": "Dummy Title",
"description": "Dummy description",
"picture_url": "http://www.myapp.com/myimage.jpg",
"category_id": "car_electronics",
"quantity": 1,
"currency_id": "ARS",
"unit_price": 10,
}
],
"payer": {
"name": "",
"surname": "",
"email": "",
"phone": {},
"identification": {},
"address": {
"zip_code": "",
"street_name": "",
"street_number": 1000,
},
},
"payment_methods": {
"excluded_payment_methods": [{}],
"excluded_payment_types": [{}],
},
"shipments": {"free_methods": [{}], "receiver_address": {}},
"back_urls": {
"failure": "http://localhost:5000/failure",
"pending": "http://localhost:5000/pending",
"success": "http://localhost:5000/success",
},
"differential_pricing": {},
"metadata": {},
}
headers = {
"Authorization": "Bearer " + settings["access_token"],
"Content-Type": "application/json",
}
res = requests.post(url, headers=headers, json=params)
session["api_response"] = json.dumps(res.json(), indent=4)
update_settings_info(api_response=session["api_response"])
return index()
except Exception as e:
logging.exception(e)
return render_error("Error calling API!")
@app.route("/")
def index():
if session.get("live_mode") and settings["api_response"] == "":
update_settings_info()
return render_template("main.html", **settings)
@app.route("/logout")
def logout():
session.clear()
delete_settings_info()
return redirect(url_for("index"))
if __name__ == "__main__":
app.run(host="localhost", port=5000, debug=True)