feat: editable user with more fields

website/models.py

@@ -11,6 +11,8 @@
 class User(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     username = db.Column(db.String(40), unique=True)
+    name = db.Column(db.String(50), nullable=True, default='')
+    email = db.Column(db.String(120), nullable=True, default='')
 
     def __str__(self):
         return self.username

website/oauth2.py

@@ -34,7 +34,16 @@ def exists_nonce(nonce, req):
 
 
 def generate_user_info(user, scope):
-    return UserInfo(sub=str(user.id), name=user.username)
+    claims = scope.split(' ')
+    extra = dict()
+    for claim in claims:
+        if hasattr(user, claim):
+            extra[claim] = getattr(user, claim)
+        if claim=='preferred_username' and hasattr(user, 'username'):
+            extra[claim] = getattr(user, 'username')
+    if not 'name' in extra:
+        extra['name'] = user.username
+    return UserInfo(sub=str(user.id), preferred_username=user.username, **extra)
 
 
 def create_authorization_code(client, grant_user, request):

website/routes.py

@@ -5,7 +5,7 @@
 from authlib.integrations.flask_oauth2 import current_token
 from authlib.oauth2 import OAuth2Error
 from .models import db, User, OAuth2Client
-from .oauth2 import authorization, require_oauth
+from .oauth2 import authorization, require_oauth, generate_user_info
 
 
 bp = Blueprint(__name__, 'home')
@@ -40,6 +40,22 @@ def home():
 def split_by_crlf(s):
     return [v for v in s.splitlines() if v]
 
+@bp.route('/edit_user', methods=('GET', 'POST'))
+def edit_user():
+    user = current_user()
+    if not user:
+        return redirect('/')
+
+    if request.method == 'GET':
+        return render_template('edit_user.html', user=user)
+
+    form = request.form
+    user.name = form['name']
+    user.email = form['email']
+
+    db.session.commit()
+    return redirect('/')
+
 
 @bp.route('/create_client', methods=('GET', 'POST'))
 def create_client():
@@ -97,6 +113,13 @@ def issue_token():
     return authorization.create_token_response()
 
 
+@bp.route('/oauth/userinfo')
+@require_oauth('profile')
+def userinfo():
+    user = current_token.user
+    return jsonify(generate_user_info(current_token.user, current_token.scope))
+
+
 @bp.route('/api/me')
 @require_oauth('profile')
 def api_me():

website/templates/edit_user.html

@@ -0,0 +1,29 @@
+<style>
+    label, label > span { display: block; }
+    label { margin: 15px 0; }
+</style>
+
+<a href="/">Home</a>
+<h2>Edit User</h2>
+
+<form action="" method="post">
+    <label>
+        <span>Id</span>
+        <span>{{user.id}}</span>
+      </label>
+    <label>
+        <span>Username</span>
+        <span>{{user.username}}</span>
+    </label>
+
+    <label>
+        <span>Name</span>
+        <input type="text" name="name" value="{{user.name if user.name}}">
+    </label>
+
+    <label>
+        <span>Email</span>
+        <input type="text" name="email" value="{{user.email if user.email}}">
+    </label>
+    <button>Submit</button>
+</form>

website/templates/home.html

@@ -1,6 +1,6 @@
 {% if user %}
   <style>pre{white-space:wrap}</style>
-<div>Logged in as <strong>{{user}}</strong></div>
+<div>Logged in as <a href="/edit_user"><strong>{{user}}</strong></a></div>
 
 {% for client in clients %}
 <pre>