Minor code cleanup

app.py

@@ -14,9 +14,10 @@ def create_app(test_config=None):
 	else:
 		app.config.from_mapping(test_config)
 	# oauthlib enforces the OAuth2.0 requirement to use HTTPS, when this is not set
-	os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' # That behaviour sucks, so disable it
+	if app.debug:
+		os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
 
-	@app.route("/auth")
+	@app.route('/auth')
 	def auth():
 		if not session.get('user_id'):
 			abort(401)
@@ -33,7 +34,7 @@ def create_app(test_config=None):
 		return OAuth2Session(request.headers['X-CLIENT-ID'],
 			redirect_uri=request.headers['X-REDIRECT-URI'], **kwargs)
 
-	@app.route("/login")
+	@app.route('/login')
 	def login():
 		client = get_oauth()
 		url, state = client.authorization_url(app.config['OAUTH2_AUTH_URL'])
@@ -45,10 +46,10 @@ def create_app(test_config=None):
 			session['url'] = request.values.get('url', '/')
 		return redirect(url)
 
-	@app.route("/callback")
+	@app.route('/callback')
 	def callback():
 		client = get_oauth(state=session.pop('state'))
-		token = client.fetch_token(app.config['OAUTH2_TOKEN_URL'],
+		client.fetch_token(app.config['OAUTH2_TOKEN_URL'],
 			client_secret=request.headers['X-CLIENT-SECRET'],
 			authorization_response=request.url, verify=(not app.debug))
 		userinfo = client.get(app.config['OAUTH2_USERINFO_URL']).json()
@@ -60,27 +61,27 @@ def create_app(test_config=None):
 		session['user_groups'] = userinfo['groups']
 		return redirect(session.pop('url'))
 
-	@app.route("/logout")
+	@app.route('/logout')
 	def logout():
 		session.clear()
 		resp = Response('Ok', 200)
 		if request.values.get('redirect_url'):
 			resp = redirect(request.values.get('redirect_url'))
 		if request.values.get('clear_cookies'):
-			for key, data in request.cookies.items():
+			for key, _ in request.cookies.items():
 				resp.delete_cookie(key)
 		return resp
 
-	@app.route("/status")
+	@app.route('/status')
 	def status():
-		resp = Response('''Proxy Configuration Status
+		resp = Response(f'''Proxy Configuration Status
 
 For this proxy service to work properly, the OAuth client crendentials must
 be injected in by the webserver as HTTP-headers:
 
-X-CLIENT-ID: %s
-X-CLIENT-SECRET: %s
-X-REDIRECT-URI: %s
+X-CLIENT-ID: {request.headers.get('X-CLIENT-ID', '(unset)')}
+X-CLIENT-SECRET: {'(set)' if request.headers.get('X-CLIENT-SECRET') else '(unset)'}
+X-REDIRECT-URI: {request.headers.get('X-REDIRECT-URI', '(unset)')}
 
 If you accessed this ressource with the URL
 
@@ -92,9 +93,7 @@ then the redirect URI must be set to:
 
 This exact redirect URI must also be registered with the OAuth server as
 a valid redirect_uri for the client_id.
-'''%(request.headers.get('X-CLIENT-ID', '(unset)'),
-		'(set)' if request.headers.get('X-CLIENT-SECRET') else '(unset)',
-		request.headers.get('X-REDIRECT-URI', '(unset)')))
+''')
 		resp.mimetype = 'text/plain; charset=utf-8'
 		return resp