authlib
diff --git a/‎authlib/integrations/base_client/async_app.py‎
Lines changed: 8 additions & 1 deletion b/‎authlib/integrations/base_client/async_app.py‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎authlib/integrations/base_client/async_openid.py‎
Lines changed: 15 additions & 1 deletion b/‎authlib/integrations/base_client/async_openid.py‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎authlib/integrations/base_client/framework_integration.py‎
Lines changed: 12 additions & 12 deletions b/‎authlib/integrations/base_client/framework_integration.py‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎authlib/integrations/base_client/sync_app.py‎
Lines changed: 24 additions & 1 deletion b/‎authlib/integrations/base_client/sync_app.py‎
Lines changed: 24 additions & 1 deletion
diff --git a/‎authlib/integrations/base_client/sync_openid.py‎
Lines changed: 15 additions & 1 deletion b/‎authlib/integrations/base_client/sync_openid.py‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎authlib/integrations/django_client/apps.py‎
Lines changed: 17 additions & 20 deletions b/‎authlib/integrations/django_client/apps.py‎
Lines changed: 17 additions & 20 deletions
diff --git a/‎authlib/integrations/flask_client/__init__.py‎
Lines changed: 46 additions & 6 deletions b/‎authlib/integrations/flask_client/__init__.py‎
Lines changed: 46 additions & 6 deletions
diff --git a/‎authlib/integrations/flask_client/apps.py‎
Lines changed: 92 additions & 0 deletions b/‎authlib/integrations/flask_client/apps.py‎
Lines changed: 92 additions & 0 deletions
@@ -1,3 +1,4 @@
+import time
 import logging
 from authlib.common.urls import urlparse
 from .errors import (
@@ -73,7 +74,13 @@ async def _on_update_token(self, token, refresh_token=None, access_token=None):
             )
 
     async def load_server_metadata(self):
-        raise NotImplementedError()
+        if self._server_metadata_url and '_loaded_at' not in self.server_metadata:
+            async with self.client_cls(**self.client_kwargs) as client:
+                resp = await client.request('GET', self._server_metadata_url, withhold_token=True)
+                metadata = resp.json()
+                metadata['_loaded_at'] = time.time()
+            self.server_metadata.update(metadata)
+        return self.server_metadata
 
     async def request(self, method, url, token=None, **kwargs):
         metadata = await self.load_server_metadata()
 
@@ -6,7 +6,21 @@
 
 class AsyncOpenIDMixin(object):
     async def fetch_jwk_set(self, force=False):
-        raise NotImplementedError()
+        metadata = await self.load_server_metadata()
+        jwk_set = metadata.get('jwks')
+        if jwk_set and not force:
+            return jwk_set
+
+        uri = metadata.get('jwks_uri')
+        if not uri:
+            raise RuntimeError('Missing "jwks_uri" in metadata')
+
+        async with self.client_cls(**self.client_kwargs) as client:
+            resp = await client.request('GET', uri, withhold_token=True)
+            jwk_set = resp.json()
+
+        self.server_metadata['jwks'] = jwk_set
+        return jwk_set
 
     async def userinfo(self, **kwargs):
         """Fetch user info from ``userinfo_endpoint``."""
 
@@ -18,43 +18,43 @@ def _get_cache_data(self, key):
         except (TypeError, ValueError):
             return None
 
-    def _clear_session_state(self, request):
+    def _clear_session_state(self, session):
         now = time.time()
-        for key in dict(request.session):
+        for key in dict(session):
             if '_authlib_' in key:
                 # TODO: remove in future
-                request.session.pop(key)
+                session.pop(key)
             elif key.startswith('_state_'):
-                value = request.session[key]
+                value = session[key]
                 exp = value.get('exp')
                 if not exp or exp < now:
-                    request.session.pop(key)
+                    session.pop(key)
 
-    def get_state_data(self, request, state):
+    def get_state_data(self, session, state):
         key = f'_state_{self.name}_{state}'
         if self.cache:
             value = self._get_cache_data(key)
         else:
-            value = request.session.get(key)
+            value = session.get(key)
         if value:
             return value.get('data')
         return None
 
-    def set_state_data(self, request, state, data):
+    def set_state_data(self, session, state, data):
         key = f'_state_{self.name}_{state}'
         if self.cache:
             self.cache.set(key, {'data': data}, self.expires_in)
         else:
             now = time.time()
-            request.session[key] = {'data': data, 'exp': now + self.expires_in}
+            session[key] = {'data': data, 'exp': now + self.expires_in}
 
-    def clear_state_data(self, request, state):
+    def clear_state_data(self, session, state):
         key = f'_state_{self.name}_{state}'
         if self.cache:
             self.cache.delete(key)
         else:
-            request.session.pop(key, None)
-            self._clear_session_state(request)
+            session.pop(key, None)
+            self._clear_session_state(session)
 
     def update_token(self, token, refresh_token=None, access_token=None):
         raise NotImplementedError()
 
@@ -1,8 +1,10 @@
+import time
 import logging
 from authlib.common.urls import urlparse
 from authlib.consts import default_user_agent
 from authlib.common.security import generate_token
 from .errors import (
+    MismatchingStateError,
     MissingRequestTokenError,
     MissingTokenError,
 )
@@ -204,6 +206,19 @@ def _get_oauth_client(self, **metadata):
         session.headers['User-Agent'] = self._user_agent
         return session
 
+    def _format_state_params(self, state_data, params):
+        if state_data is None:
+            raise MismatchingStateError()
+
+        code_verifier = state_data.get('code_verifier')
+        if code_verifier:
+            params['code_verifier'] = code_verifier
+
+        redirect_uri = state_data.get('redirect_uri')
+        if redirect_uri:
+            params['redirect_uri'] = redirect_uri
+        return params
+
     @staticmethod
     def _create_oauth2_authorization_url(client, authorization_endpoint, **kwargs):
         rv = {}
@@ -251,7 +266,15 @@ def request(self, method, url, token=None, **kwargs):
             return _http_request(self, session, method, url, token, kwargs)
 
     def load_server_metadata(self):
-        raise NotImplementedError()
+        if self._server_metadata_url and '_loaded_at' not in self.server_metadata:
+            with self.client_cls() as session:
+                resp = session.get(
+                    self._server_metadata_url, withhold_token=True, **self.client_kwargs)
+                metadata = resp.json()
+
+            metadata['_loaded_at'] = time.time()
+            self.server_metadata.update(metadata)
+        return self.server_metadata
 
     def create_authorization_url(self, redirect_uri=None, **kwargs):
         """Generate the authorization url and state for HTTP redirect.
 
@@ -4,7 +4,21 @@
 
 class OpenIDMixin(object):
     def fetch_jwk_set(self, force=False):
-        raise NotImplementedError()
+        metadata = self.load_server_metadata()
+        jwk_set = metadata.get('jwks')
+        if jwk_set and not force:
+            return jwk_set
+
+        uri = metadata.get('jwks_uri')
+        if not uri:
+            raise RuntimeError('Missing "jwks_uri" in metadata')
+
+        with self.client_cls() as session:
+            resp = session.get(uri, withhold_token=True, **self.client_kwargs)
+            jwk_set = resp.json()
+
+        self.server_metadata['jwks'] = jwk_set
+        return jwk_set
 
     def userinfo(self, **kwargs):
         """Fetch user info from ``userinfo_endpoint``."""
 
@@ -1,13 +1,16 @@
 from django.http import HttpResponseRedirect
-from ..base_client import OAuthError, MismatchingStateError
-from ..requests_client.apps import OAuth1App, OAuth2App
+from ..requests_client import OAuth1Session, OAuth2Session
+from ..base_client import (
+    BaseApp, OAuthError,
+    OAuth1Mixin, OAuth2Mixin, OpenIDMixin,
+)
 
 
 class DjangoAppMixin(object):
     def save_authorize_data(self, request, **kwargs):
         state = kwargs.pop('state', None)
         if state:
-            self.framework.set_state_data(request, state, kwargs)
+            self.framework.set_state_data(request.session, state, kwargs)
         else:
             raise RuntimeError('Missing state value')
 
@@ -24,7 +27,9 @@ def authorize_redirect(self, request, redirect_uri=None, **kwargs):
         return HttpResponseRedirect(rv['url'])
 
 
-class DjangoOAuth1App(DjangoAppMixin, OAuth1App):
+class DjangoOAuth1App(DjangoAppMixin, OAuth1Mixin, BaseApp):
+    client_cls = OAuth1Session
+
     def authorize_access_token(self, request, **kwargs):
         """Fetch access token in one step.
 
@@ -36,7 +41,7 @@ def authorize_access_token(self, request, **kwargs):
         if not state:
             raise OAuthError(description='Missing "oauth_token" parameter')
 
-        data = self.framework.get_state_data(request, state)
+        data = self.framework.get_state_data(request.session, state)
         if not data:
             raise OAuthError(description='Missing "request_token" in temporary data')
 
@@ -46,11 +51,13 @@ def authorize_access_token(self, request, **kwargs):
             params['redirect_uri'] = redirect_uri
 
         params.update(kwargs)
-        self.framework.clear_state_data(request, state)
+        self.framework.clear_state_data(request.session, state)
         return self.fetch_access_token(**params)
 
 
-class DjangoOAuth2App(DjangoAppMixin, OAuth2App):
+class DjangoOAuth2App(DjangoAppMixin, OAuth2Mixin, OpenIDMixin, BaseApp):
+    client_cls = OAuth2Session
+
     def authorize_access_token(self, request, **kwargs):
         """Fetch access token in one step.
 
@@ -72,19 +79,9 @@ def authorize_access_token(self, request, **kwargs):
                 'state': request.POST.get('state'),
             }
 
-        data = self.framework.get_state_data(request, params.get('state'))
-        if data is None:
-            raise MismatchingStateError()
-
-        code_verifier = data.get('code_verifier')
-        if code_verifier:
-            params['code_verifier'] = code_verifier
-
-        redirect_uri = data.get('redirect_uri')
-        if redirect_uri:
-            params['redirect_uri'] = redirect_uri
-        params.update(kwargs)
-        token = self.fetch_access_token(**params)
+        state_data = self.framework.get_state_data(request.session, params.get('state'))
+        params = self._format_state_params(state_data, params)
+        token = self.fetch_access_token(**params, **kwargs)
 
         if 'id_token' in token and 'nonce' in params:
             userinfo = self.parse_id_token(token, nonce=params['nonce'])
 
@@ -1,11 +1,51 @@
-# flake8: noqa
+from werkzeug.local import LocalProxy
+from .integration import FlaskIntegration, token_update
+from .apps import FlaskOAuth1App, FlaskOAuth2App
+from ..base_client import BaseOAuth, OAuthError
+
+
+class OAuth(BaseOAuth):
+    oauth1_client_cls = FlaskOAuth1App
+    oauth2_client_cls = FlaskOAuth2App
+    framework_integration_cls = FlaskIntegration
+
+    def __init__(self, app=None, cache=None, fetch_token=None, update_token=None):
+        super(OAuth, self).__init__(
+            cache=cache, fetch_token=fetch_token, update_token=update_token)
+        self.app = app
+        if app:
+            self.init_app(app)
+
+    def init_app(self, app, cache=None, fetch_token=None, update_token=None):
+        """Initialize lazy for Flask app. This is usually used for Flask application
+        factory pattern.
+        """
+        self.app = app
+        if cache is not None:
+            self.cache = cache
+
+        if fetch_token:
+            self.fetch_token = fetch_token
+        if update_token:
+            self.update_token = update_token
+
+        app.extensions = getattr(app, 'extensions', {})
+        app.extensions['authlib.integrations.flask_client'] = self
+
+    def create_client(self, name):
+        if not self.app:
+            raise RuntimeError('OAuth is not init with Flask app.')
+        return super(OAuth, self).create_client(name)
+
+    def register(self, name, overwrite=False, **kwargs):
+        self._registry[name] = (overwrite, kwargs)
+        if self.app:
+            return self.create_client(name)
+        return LocalProxy(lambda: self.create_client(name))
 
-from .oauth_registry import OAuth
-from .remote_app import FlaskRemoteApp
-from .integration import token_update, FlaskIntegration
-from ..base_client import OAuthError
 
 __all__ = [
-    'OAuth', 'FlaskRemoteApp', 'FlaskIntegration',
+    'OAuth', 'FlaskIntegration',
+    'FlaskOAuth1App', 'FlaskOAuth2App',
     'token_update', 'OAuthError',
 ]
@@ -0,0 +1,92 @@
+from flask import redirect, request, session
+from ..base_client import OAuthError, MismatchingStateError
+from ..requests_client.apps import OAuth1App, OAuth2App
+
+
+class FlaskAppMixin(object):
+    def save_authorize_data(self, **kwargs):
+        state = kwargs.pop('state', None)
+        if state:
+            self.framework.set_state_data(session, state, kwargs)
+        else:
+            raise RuntimeError('Missing state value')
+
+    def authorize_redirect(self, redirect_uri=None, **kwargs):
+        """Create a HTTP Redirect for Authorization Endpoint.
+
+        :param redirect_uri: Callback or redirect URI for authorization.
+        :param kwargs: Extra parameters to include.
+        :return: A HTTP redirect response.
+        """
+        rv = self.create_authorization_url(redirect_uri, **kwargs)
+        self.save_authorize_data(redirect_uri=redirect_uri, **rv)
+        return redirect(rv['url'])
+
+
+class FlaskOAuth1App(FlaskAppMixin, OAuth1App):
+    def authorize_access_token(self, **kwargs):
+        """Fetch access token in one step.
+
+        :return: A token dict.
+        """
+        params = request.args.to_dict(flat=True)
+        state = params.get('oauth_token')
+        if not state:
+            raise OAuthError(description='Missing "oauth_token" parameter')
+
+        data = self.framework.get_state_data(session, state)
+        if not data:
+            raise OAuthError(description='Missing "request_token" in temporary data')
+
+        params['request_token'] = data['request_token']
+        redirect_uri = data.get('redirect_uri')
+        if redirect_uri:
+            params['redirect_uri'] = redirect_uri
+
+        params.update(kwargs)
+        self.framework.clear_state_data(session, state)
+        return self.fetch_access_token(**params)
+
+
+class FlaskOAuth2App(FlaskAppMixin, OAuth2App):
+    def authorize_access_token(self, **kwargs):
+        """Fetch access token in one step.
+
+        :return: A token dict.
+        """
+        if request.method == 'GET':
+            error = request.args.get('error')
+            if error:
+                description = request.args.get('error_description')
+                raise OAuthError(error=error, description=description)
+
+            params = {
+                'code': request.args['code'],
+                'state': request.args.get('state'),
+            }
+        else:
+            params = {
+                'code': request.form['code'],
+                'state': request.form.get('state'),
+            }
+
+        data = self.framework.get_state_data(session, params.get('state'))
+
+        if data is None:
+            raise MismatchingStateError()
+
+        code_verifier = data.get('code_verifier')
+        if code_verifier:
+            params['code_verifier'] = code_verifier
+
+        redirect_uri = data.get('redirect_uri')
+        if redirect_uri:
+            params['redirect_uri'] = redirect_uri
+
+        params.update(kwargs)
+        token = self.fetch_access_token(**params)
+
+        if 'id_token' in token and 'nonce' in params:
+            userinfo = self.parse_id_token(token, nonce=params['nonce'])
+            token['userinfo'] = userinfo
+        return token