IdentityPython
diff --git a/‎flask_rp/__init__.py‎ b/‎flask_rp/__init__.py‎
diff --git a/‎flask_rp/application.py‎
Lines changed: 53 additions & 0 deletions b/‎flask_rp/application.py‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎flask_rp/bc_conf.py‎
Lines changed: 93 additions & 0 deletions b/‎flask_rp/bc_conf.py‎
Lines changed: 93 additions & 0 deletions
diff --git a/‎flask_rp/certs/cert.pem‎
Lines changed: 31 additions & 0 deletions b/‎flask_rp/certs/cert.pem‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎flask_rp/certs/key.pem‎
Lines changed: 52 additions & 0 deletions b/‎flask_rp/certs/key.pem‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎flask_rp/fc_conf.py‎
Lines changed: 85 additions & 0 deletions b/‎flask_rp/fc_conf.py‎
Lines changed: 85 additions & 0 deletions
diff --git a/‎flask_rp/templates/opbyuid.html‎
Lines changed: 31 additions & 0 deletions b/‎flask_rp/templates/opbyuid.html‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎flask_rp/templates/opresult.html‎
Lines changed: 38 additions & 0 deletions b/‎flask_rp/templates/opresult.html‎
Lines changed: 38 additions & 0 deletions
@@ -0,0 +1,53 @@
+import os
+
+from flask.app import Flask
+
+from cryptojwt.key_jar import init_key_jar
+from oidcservice.service_factory import service_factory
+
+from oidcrp import RPHandler
+
+dir_path = os.path.dirname(os.path.realpath(__file__))
+
+
+def init_oidc_rp_handler(app):
+    oidc_keys_conf = app.config.get('OIDC_KEYS')
+    verify_ssl = app.config.get('VERIFY_SSL')
+
+    _kj = init_key_jar(**oidc_keys_conf)
+    _kj.verify_ssl = verify_ssl
+
+    _path = oidc_keys_conf['public_path']
+    if _path.startswith('./'):
+        _path = _path[2:]
+    elif _path.startswith('/'):
+        _path = _path[1:]
+
+    rph = RPHandler(base_url=app.config.get('BASEURL'), hash_seed="BabyHoldOn",
+                    keyjar=_kj, jwks_path=_path,
+                    client_configs=app.config.get('CLIENTS'),
+                    services=app.config.get('SERVICES'),
+                    verify_ssl=verify_ssl, service_factory=service_factory,
+                    module_dirs=['oidc'])
+
+    return rph
+
+
+def oidc_provider_init_app(config_file, name=None, **kwargs):
+    name = name or __name__
+    app = Flask(name, static_url_path='', **kwargs)
+    app.config.from_pyfile(os.path.join(dir_path, config_file))
+
+    app.users = {'test_user': {'name': 'Testing Name'}}
+
+    try:
+        from .views import oidc_rp_views
+    except ImportError:
+        from views import oidc_rp_views
+
+    app.register_blueprint(oidc_rp_views)
+
+    # Initialize the oidc_provider after views to be able to set correct urls
+    app.rph = init_oidc_rp_handler(app)
+
+    return app
@@ -0,0 +1,93 @@
+PORT = 8090
+BASEURL = "https://localhost:{}".format(PORT)
+
+# If BASE is https these has to be specified
+SERVER_CERT = "certs/cert.pem"
+SERVER_KEY = "certs/key.pem"
+CA_BUNDLE = None
+
+# This is just for testing an local usage. In all other cases it MUST be True
+VERIFY_SSL = False
+
+KEYDEFS = [{"type": "RSA", "key": '', "use": ["sig"]},
+           {"type": "EC", "crv": "P-256", "use": ["sig"]}]
+
+HTML_HOME = 'html'
+
+SECRET_KEY = 'secret_key'
+SESSION_COOKIE_NAME = 'rp_session'
+
+PREFERRED_URL_SCHEME = 'https'
+
+OIDC_KEYS = {
+    'private_path': "./priv/jwks.json",
+    'key_defs': KEYDEFS,
+    'public_path': './static/jwks.json'
+}
+
+PUBLIC_JWKS_PATH = '{}/{}'.format(BASEURL, OIDC_KEYS['public_path'])
+
+# # information used when registering the client, this may be the same for all OPs
+#
+DEFAULT_CLIENT_PREFS = {
+    "application_type": "web", "application_name": "rphandler",
+    "contacts": ["ops@example.com"],
+    "response_types": ["code"],
+    "scope": ["openid", "profile", "email", "address", "phone"],
+    "token_endpoint_auth_method": ["client_secret_basic",
+                                   'client_secret_post']
+}
+
+# Default set if nothing else is specified
+DEFAULT_SERVICES = {
+    'ProviderInfoDiscovery': {}, 'Registration': {},
+    'Authorization': {}, 'AccessToken': {},
+    'RefreshAccessToken': {}, 'UserInfo': {},
+    'EndSession': {}
+}
+
+CLIENT_CONFIG = {
+    'client_preferences': DEFAULT_CLIENT_PREFS,
+    'services': DEFAULT_SERVICES
+}
+
+# The keys in this dictionary are the OPs short user friendly name
+# not the issuer (iss) name.
+# The special key '' is ued for OPs that support dynamic interactions.
+
+CLIENTS = {
+    # The ones that support web finger, OP discovery and client registration
+    # This is the default, any client that is not listed here is expected to
+    # support dynamic discovery and registration.
+    "": CLIENT_CONFIG,
+    "filip": {
+        'issuer':"https://guarded-cliffs-8635.herokuapp.com/",
+        "redirect_uris": ["{}/authz_cb/filip".format(BASEURL)],
+        "post_logout_redirect_uris": ["{}/session_logout".format(BASEURL)],
+        "client_preferences": DEFAULT_CLIENT_PREFS,
+        "services": DEFAULT_SERVICES,
+        # "backchannel_logout_session_required": True,
+        "backchannel_logout_uri": "{}/bc_logout".format(BASEURL)
+    },
+    "flop": {
+        'issuer':"https://127.0.0.1:5000/",
+        "redirect_uris": ["{}/authz_cb/flop".format(BASEURL)],
+        "post_logout_redirect_uris": ["{}/session_logout".format(BASEURL)],
+        "client_preferences": DEFAULT_CLIENT_PREFS,
+        "services": DEFAULT_SERVICES,
+        # "backchannel_logout_session_required": True,
+        "backchannel_logout_uri": "{}/bc_logout/flop".format(BASEURL)
+    },
+    "filip_local": {
+        'issuer': "http://localhost:3000/",
+        "redirect_uris": ["{}/authz_cb/filip_local".format(BASEURL)],
+        "post_logout_redirect_uris": ["{}/session_logout".format(BASEURL)],
+        "client_preferences": DEFAULT_CLIENT_PREFS,
+        "services": DEFAULT_SERVICES,
+        # "backchannel_logout_session_required": True,
+        "backchannel_logout_uri": "{}/bc_logout".format(BASEURL)
+    }
+}
+
+# Whether an attempt to fetch the userinfo should be made
+USERINFO = True
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFUDCCAzigAwIBAgIJAJWgBcizyJrFMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV
+BAYTAlNFMQ0wCwYDVQQKDARPSURGMR8wHQYDVQQDDBZGZWQgYXdhcmUgUlAgdGVz
+dCB0b29sMB4XDTE3MDIxMzE5MDg1MloXDTE4MDIxMzE5MDg1MlowPTELMAkGA1UE
+BhMCU0UxDTALBgNVBAoMBE9JREYxHzAdBgNVBAMMFkZlZCBhd2FyZSBSUCB0ZXN0
+IHRvb2wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3NrEL+VKs00NT
+R+ZpGRxvDoeLhD7EM+uf7IqHl6IN3H6pflAOE8YqnTepdglhGH4a7nyftINTZjDU
+86anR+OKPoY2Padf4E+YceJOcaT6lB5XOWxBu4j3wDRHb6jMUwMDUXHsmh389Bvx
+X44KSYe/mhjkrIV8bolhT9NpNjPVUdUvpwpSxDOhSjq7BCmfdvXJrNNYElEQaDSc
+yJ4h6BAOp/FfdnWKAeiVDpIF5QqZgr0gzKiV5LEvwsNfHynsLgrlgK2+Fd8qIqbC
+/fHtB1BEL3h01dlBR1Y4ocMM5we23Phe4lwQs8QojPTnnr14fWynrjNi0Km0TcMT
+TDHVnw5qO5dSr4LpBcfIo82YWpj6lTEKQwKin+SPz0k0kD4E83rtsGp8n3FWHVAo
+BsIJ4O58REi3YTh1NCe/bjsQWiFOPW0N9GOl0UTOUj90cGVbO9i91aDFHHQWOIiA
+VsmZ35yOjQ031It9Kzv4YcmWXQcdKYnzUQ5eSXZPmJFoebKgQF6neFlg1hp6uDKi
+NRxkaPWGVCVZXPmgRwVcFdbxI8OpNqPEFQGskUPGJS5CF1o8o6wuVwPSSwxDVoYM
+12TTdATH1he4cK69ej/1F2oHCVQ0KE46fNABaxNKxGls0bPPPJBPrQBjoAR2qxgg
+iFz2DjumVC3EySwXLsH4tXTjyuVbSQIDAQABo1MwUTAdBgNVHQ4EFgQUiD0bTabj
+Q0Pf0vVJneGr5TQRO+4wHwYDVR0jBBgwFoAUiD0bTabjQ0Pf0vVJneGr5TQRO+4w
+DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAnYCE5MdqVXHBxMGZ
+1bIZxwLg9pe5poaX7l7XGdXxnBKWxfqwCx2UHQZIBdV3eIt8lgtuOL1en9ZCHAIY
+X0OZCafQ1Jzx3nXV4qOoolfmri0DQs60LPozoXKW61mah8fFhf/XdjuZxYH+XVV6
+39E08MY4ZWDzzNoDe5zhGWw+IOfowx5wNTtZ8CipWUv4FiO9cUZJ/1hnJgE0CQNH
+v4v0g0lIuWs7eArbzvxTu3jHWx/+eYvl2TSYxEHpVulbesnI27M34nS0OePqbywO
+eGBtM65UuCCBh27FO+O7qJWA3sRPuw/cll0vi69WVYHO5rk7yji1hiTT2MKTEizP
+GmdT/FXG4nEsM6WaEe4FMJN6cZf49BUzRcEdW6k8i2YIysHf8fi3Xv1JF74OB5bF
+TogV/Fu/LzXsfA/XTj9ki0hUNmueyNT/xBD5tOH4FqHQvMWpjpzfwI90ENVeY+Ad
+BCU2Ck1HBEuUhUNaC1d6QkU6pn3voPvaWK49+T9NyrFVMNHVWHeLUHJ/i9kgWXLl
+TgAbTCmnJOHTxxCVCf40EjOpPR3hlCadYr8vOGyuHPk1M2Lppgh2kQtFX5ubhhfW
+IKP5TPKuZlu3z9RjfUvIxqWC6cbwjlOGIx2K0uCnIbpTzTuaLHJSWWRUpDzNL6lg
+V620B7/n1jo2JDudjhjD2uLekJg=
+-----END CERTIFICATE-----
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC3NrEL+VKs00NT
+R+ZpGRxvDoeLhD7EM+uf7IqHl6IN3H6pflAOE8YqnTepdglhGH4a7nyftINTZjDU
+86anR+OKPoY2Padf4E+YceJOcaT6lB5XOWxBu4j3wDRHb6jMUwMDUXHsmh389Bvx
+X44KSYe/mhjkrIV8bolhT9NpNjPVUdUvpwpSxDOhSjq7BCmfdvXJrNNYElEQaDSc
+yJ4h6BAOp/FfdnWKAeiVDpIF5QqZgr0gzKiV5LEvwsNfHynsLgrlgK2+Fd8qIqbC
+/fHtB1BEL3h01dlBR1Y4ocMM5we23Phe4lwQs8QojPTnnr14fWynrjNi0Km0TcMT
+TDHVnw5qO5dSr4LpBcfIo82YWpj6lTEKQwKin+SPz0k0kD4E83rtsGp8n3FWHVAo
+BsIJ4O58REi3YTh1NCe/bjsQWiFOPW0N9GOl0UTOUj90cGVbO9i91aDFHHQWOIiA
+VsmZ35yOjQ031It9Kzv4YcmWXQcdKYnzUQ5eSXZPmJFoebKgQF6neFlg1hp6uDKi
+NRxkaPWGVCVZXPmgRwVcFdbxI8OpNqPEFQGskUPGJS5CF1o8o6wuVwPSSwxDVoYM
+12TTdATH1he4cK69ej/1F2oHCVQ0KE46fNABaxNKxGls0bPPPJBPrQBjoAR2qxgg
+iFz2DjumVC3EySwXLsH4tXTjyuVbSQIDAQABAoICAQCoZ801hGdKFKa91kkkMcDB
+FEnjJBvNnSvoRDTRjb+XniWPBlvvlJ2CbiDL04OrjCfd+Xj0E6ji7/vSwmNdP+cX
+G4GiOemvZy/CoGu0TyGmcp+w7Udk5Exx7moff7NYnLUYR7TAFqmZ6YgFxh95tTzi
+EXLwPuQ0DCabHBTnkLr0SdP7iT8j9NTAXMq/PIRF38LtLb7WJX/95Mr3kjBIWlbo
+IdbsOKaxxC9VU59Fa9LiaBoQHA6aOSvlCtEqjiqqvWemrTEGmHQY9uDyOxo1FZPi
+GQBP5IFeT4Qhag8vvOyKWXKzRL37XEHiRC6Y+ICQUDmfp6/0FHjpEtFM26yy/xDv
+ZtL7/b7TEQMmp2CWD8WV8a9oalTRqyrGTBeeSg6CV5tnx3wnM0krkCvJ+Eadki23
+Wp34s7v8NPmVMTqG/UIW21tmzb40KjXNI8MgNXASBIKm9W2z2xXQ07xELsSfWm9O
+p0umh1xHLqX7rNmigg/odW3K9aocF8NOhuc4aYgVZH18sMhkhja3dgwCe8YSImyW
+0uHZC6wKIXnD44lS2BmdYsIY/k+uZKNum6lE7x/F1V2vbzkzShuJ7VCD3IhQW6nK
+XNQBXju/CnMiMW6mpZsSZG8mIjx8hNKLYv492ZNgnbeP2HHM5WAsKTOKLO0FldFS
+sbRSXTTM40j7AcurS7DKQQKCAQEA2WdkRhGXOuOlHSq/W4YZ6Mq2kydp46ARQS8b
+zKbUXX6+7GyU6TSB71eblP4003NGx8rdasyZTpexRH4sTKv0/GLM2eSDEi7/GV1w
+HISwdIa8NlHiOT9qPONqdhH0KDy5lDrCTMa9B5QpbYo4l/F/4O52zJc1CuRacpyi
+58hY3Me2UND2yHqb2TKxOwwHumE8FEMs9CqixLE4oAaoiNdJi08pyg7o/6oxPaUE
+CKmGX6r9eW5piFCLGAkmfAgBjYejrFDAp8eY6Yx5dRWMdLddQnm/5tl0rzFho+71
+UwtOIZtowKeWms1N/+duOmcfYyDsRJ/Ec3pzxphzcHrWEllP9wKCAQEA171qkSxv
++53viIJbaJ636emDg4kZ3asGLODefEcbe0XS0xHmsb+WZpRIBkNMJFj3k2IYcUSO
+7DObemF4ln9CJY+DxHZJzr/mo8T3X0yt0aK8O75+fXHQ/991kUMcx21BmXMjybYj
+TA5vv956AYV9Kt37ye87dYMtEINtchdukYqyrLZ9+0lBV1XrGKALMC68EyyTtDFs
+AtJzKVTYnKNkYFWkA6cq+GZvlEbx74dZopH/yVo+P/wGiU5AH1bq5847uq5LIwIU
+j2ZkKBJr8Y3YvFjAaRNRGNXOhHUo3BPkgkYZGnC2WP9UJT3w7PgjwyUpbFZurwIr
+Sz1QdbNZ+spevwKCAQBgyN6jMwGYfe/r5DP8kt7F/Dj7mfhSFdiYpFhD66FvXhWx
+O0Wv7GhMHTxuQB1UZWWFXJLmEN/PVUjdrS4blBIkqfd4qXqQhcubhzV5/Lhxp+ny
+ZNHJmqm5IaUrmyKPJzmW+/G0LGXLEfK/iWFYg3LiuEa7HjXG+5IopAMCHPcyktZf
+dCfpaGwpbZ/pIZnvJ4qPmrhQmwqLdjo3Q7+T7AQZuMxp3+lqqGHzh5scIBxqSr09
+aiIhRXom4Sv427eVQmVjOTALgZhZoOgRb95vt5IVHg6IvxZrSBin2qHsroPCAmXI
+HtO1ZuDqpCU2auJWRznn8xiKMGGKcCQ0VvsmgAxRAoIBAQDPsB7OQRxQ+3skTHIZ
+Jmrg+ZdM4oiPGFyqiZRFyeKP6ukJnvsadNkiSW+I7/J2L1uve8kSCbEZfJkZ2InR
+QBN6u01brZBiQ+WSFUUbbmMLJIHXdgypUQ+ltAanYBdteSWkxu5V+kzCpEc6S7/i
+hRK5WNhTT0ZLW4vfkNak9h/QZtiZYlmntp77p8/adgAvU15liw1qdAWKNfT9fhvF
+t5ojD28EwUKhvWN/OEkikYdd9PVsbr7ss//K4RTj1rXvkF952N6mhhMq9aRH22wl
+L6vNrhcVUK5KnVHhvDQoodHjA/6YsJcq2Cq2a4nrZvpum/DjxdVqD0mEdjNmC9H8
+mCNbAoIBAHbkApjatORw6Bb+zAbfLs2vKLMs0sVABmA2AzTukm8+k3Clji4npGxh
+IGj4c2kBa93yOd25qONoNvFfcig+LbCnq5aT8qSLTl7iecRNvvAlxA1r7MHRqjYO
+bFGAM5cCZC+hpOmXF80IOmQMfaV33tCHJ0uf1fOvkreAQxPOJqEskYGFHqN8zfeW
+zsSMnea+oHvfAhHmQcikJV/YiomYb0Urz838o5o+JLTkBs+miwPNTZW5iVEnYLUh
+NtABZU3c1ohXAw8i4Z/Jdmxzsro75D3ekRfa/coPCcnUK0MqYd8C/uEVe5rgXOWZ
+Svp9rK9sO9LqfKBeV9NKW9/wb/X6lU4=
+-----END PRIVATE KEY-----
@@ -0,0 +1,85 @@
+PORT = 8090
+BASEURL = "https://localhost:{}".format(PORT)
+
+# If BASE is https these has to be specified
+SERVER_CERT = "certs/cert.pem"
+SERVER_KEY = "certs/key.pem"
+CA_BUNDLE = None
+
+# This is just for testing an local usage. In all other cases it MUST be True
+VERIFY_SSL = False
+
+KEYDEFS = [{"type": "RSA", "key": '', "use": ["sig"]},
+           {"type": "EC", "crv": "P-256", "use": ["sig"]}]
+
+HTML_HOME = 'html'
+
+SECRET_KEY = 'secret_key'
+SESSION_COOKIE_NAME = 'rp_session'
+
+PREFERRED_URL_SCHEME = 'https'
+
+OIDC_KEYS = {
+    'private_path': "./priv/jwks.json",
+    'key_defs': KEYDEFS,
+    'public_path': './static/jwks.json'
+}
+
+PUBLIC_JWKS_PATH = '{}/{}'.format(BASEURL, OIDC_KEYS['public_path'])
+
+# # information used when registering the client, this may be the same for all OPs
+#
+DEFAULT_CLIENT_PREFS = {
+    "application_type": "web", "application_name": "rphandler",
+    "contacts": ["ops@example.com"],
+    "response_types": ["code"],
+    "scope": ["openid", "profile", "email", "address", "phone"],
+    "token_endpoint_auth_method": ["client_secret_basic",
+                                   'client_secret_post']
+}
+
+# Default set if nothing else is specified
+DEFAULT_SERVICES = {
+    'ProviderInfoDiscovery': {}, 'Registration': {},
+    'Authorization': {}, 'AccessToken': {},
+    'RefreshAccessToken': {}, 'UserInfo': {},
+    'EndSession': {}
+}
+
+CLIENT_CONFIG = {
+    'client_preferences': DEFAULT_CLIENT_PREFS,
+    'services': DEFAULT_SERVICES
+}
+
+# The keys in this dictionary are the OPs short user friendly name
+# not the issuer (iss) name.
+# The special key '' is ued for OPs that support dynamic interactions.
+
+CLIENTS = {
+    # The ones that support web finger, OP discovery and client registration
+    # This is the default, any client that is not listed here is expected to
+    # support dynamic discovery and registration.
+    "": CLIENT_CONFIG,
+    "filip": {
+        'issuer':"https://guarded-cliffs-8635.herokuapp.com/",
+        "redirect_uris": ["{}/authz_cb/filip".format(BASEURL)],
+        "post_logout_redirect_uris": ["{}/session_logout".format(BASEURL)],
+        "client_preferences": DEFAULT_CLIENT_PREFS,
+        "services": DEFAULT_SERVICES,
+        # "backchannel_logout_session_required": True,
+        "frontchannel_logout_uri": "{}/fc_logout/filip".format(BASEURL)
+    },
+    "flop": {
+        'issuer':"https://127.0.0.1:5000/",
+        "redirect_uris": ["{}/authz_cb/flop".format(BASEURL)],
+        "post_logout_redirect_uris": ["{}/session_logout".format(BASEURL)],
+        "client_preferences": DEFAULT_CLIENT_PREFS,
+        "services": DEFAULT_SERVICES,
+        # "backchannel_logout_session_required": True,
+        "frontchannel_logout_uri": "{}/fc_logout/flop".format(BASEURL),
+        "frontchannel_logout_session_required": True
+    }
+}
+
+# Whether an attempt to fetch the userinfo should be made
+USERINFO = True
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+
+<html>
+<head>
+    <meta charset="UTF-8">
+    <title>pyoidc RP</title>
+</head>
+<body>
+<h1>OP by UID</h1>
+<p>
+    You can perform a login to an OP's by using your unique identifier at the OP.
+    A unique identifier is defined as your username@opserver, this may be equal to an e-mail address.
+    A unique identifier is only equal to an e-mail address if the op server is published at the same
+    server address as your e-mail provider.
+</p>
+<form action="rp" method="get">
+  <h2>Start sign in flow</h2>
+  <h3>By entering your unique identifier:</h3>
+  <input type="text" id="uid" name="uid" class="form-control" placeholder="UID" autofocus>  
+  <h3><em>Or</em> you can chose one of the preconfigured OpenID Connect Providers</h3>
+  <select name="iss">
+  <option value=""></option>
+      {% for op in providers %}
+        <option value="{{ op }}">{{ op }}</option>
+      {% endfor %}
+  </select>
+  <button type="submit">Start</button>
+</form>
+</body>
+</html>
+
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+
+
+<html>
+<head>
+    <title>pyoidc RP</title>
+</head>
+<body>
+
+<h1>OP result</h1>
+<h2>You have successfully logged in!</h2>
+<dl>
+    <dt>Accesstoken</dt>
+    <dd>{{ access_token }}</dd>
+    <h3>Endpoints</h3>
+    {% for end_point, url in endpoints.items() %}
+        <dt>{{ end_point }}</dt>
+        <dd>{{ url }}</dd>
+    {% endfor %}
+</dl>
+<h3>User information</h3>
+<dl>
+    {% for key, value in userinfo.items() %}
+        <dt>{{ key }}</dt>
+        <dd>{{ value }}</dd>
+    {% endfor %}
+</dl>
+
+{% if check_session_iframe is defined %}
+    <iframe id="rp_iframe" src="/session_iframe" hidden></iframe>
+    <iframe id="op_iframe" src={{ check_session_iframe }} hidden></iframe>
+{% endif %}
+
+<input type="button" onclick="location.href='{{ logout_url }}'"
+       value="Logout!" />
+
+</body>
+</html>