Hello, sorry in advance if this is a noob question but we are new to the platform and pretty stuck…
Currently, in Auth0 we have an Application configured to be a SPA with an API as Custom API.
We then have a Python Flask API with Flask-RESTful which follows the boilerplate code provided. We then use react on our webapp with the Universal Login.
API Code copy/paste from guide
class AuthError(Exception):
def __init__(self, error, status_code):
self.error = error
self.status_code = status_code
@app.errorhandler(AuthError)
def handle_auth_error(ex):
response = jsonify(ex.error)
response.status_code = ex.status_code
return response
# Format error response and append status code
def get_token_auth_header():
"""Obtains the access token from the Authorization Header"""
auth = request.headers.get("Authorization", None)
if not auth:
raise AuthError(
{
"code": "authorization_header_missing",
"description": "Authorization header is expected",
},
401,
)
parts = auth.split()
if parts[0].lower() != "bearer":
raise AuthError(
{
"code": "invalid_header",
"description": "Authorization header must start with" " Bearer",
},
401,
)
elif len(parts) == 1:
raise AuthError(
{"code": "invalid_header", "description": "Token not found"}, 401
)
elif len(parts) > 2:
raise AuthError(
{
"code": "invalid_header",
"description": "Authorization header must be" " Bearer token",
},
401,
)
token = parts[1]
return token
def requires_scope(required_scope):
"""Determines if the required scope is present in the access token
Args:
required_scope (str): The scope required to access the resource
"""
token = get_token_auth_header()
unverified_claims = jwt.get_unverified_claims(token)
if unverified_claims.get("scope"):
token_scopes = unverified_claims["scope"].split()
for token_scope in token_scopes:
if token_scope == required_scope:
return True
return False
def requires_auth(f):
"""Determines if the access token is valid"""
@wraps(f)
def decorated(*args, **kwargs):
token = get_token_auth_header()
jsonurl = urlopen("https://" + AUTH0_DOMAIN + "/.well-known/jwks.json")
jwks = json.loads(jsonurl.read())
print(jwks)
print(token)
try:
unverified_header = jwt.get_unverified_header(token)
except jwt.JWTError:
raise AuthError(
{
"code": "invalid_header",
"description": "Invalid header. "
"Use an RS256 signed JWT Access Token",
},
401,
)
if unverified_header["alg"] == "HS256":
raise AuthError(
{
"code": "invalid_header",
"description": "Invalid header. "
"Use an RS256 signed JWT Access Token",
},
401,
)
rsa_key = {}
for key in jwks["keys"]:
if key["kid"] == unverified_header["kid"]:
rsa_key = {
"kty": key["kty"],
"kid": key["kid"],
"use": key["use"],
"n": key["n"],
"e": key["e"],
}
if rsa_key:
print(rsa_key)
try:
payload = jwt.decode(
token,
rsa_key,
algorithms=ALGORITHMS,
audience=API_IDENTIFIER,
issuer="https://" + AUTH0_DOMAIN + "/",
)
except jwt.ExpiredSignatureError:
raise AuthError(
{"code": "token_expired", "description": "token is expired"}, 401
)
except jwt.JWTClaimsError as jce:
print(jce)
raise AuthError(
{
"code": "invalid_claims",
"description": "incorrect claims,"
" please check the audience and issuer",
},
401,
)
except Exception:
raise AuthError(
{
"code": "invalid_header",
"description": "Unable to parse authentication" " token.",
},
401,
)
_request_ctx_stack.top.current_user = payload
return f(*args, **kwargs)
raise AuthError(
{"code": "invalid_header", "description": "Unable to find appropriate key"},
401,
)
return decorated
I have been using postman to test the api but cannot get a user auth token to work. Only when I use a token from the Auth0 API Test tab will it let me through the requires_auth decorator.