Django 404 page after login

lucasntn · October 18, 2023, 7:33pm

Hi team,

I’ve been working on integration tests, with Auht0 and a Django application.
To get started, I used the tutorial provided by the Auth0 team.

Everything looked to work fine, except for the fact that the django views were not returning the correct URL.

So, I made the following changes and the integration seemed to work.

ON DJANGO VIEWS

I basically changed the way the functions return URLS, to prevent them from returning 127 . . .

How it was

def login(request):
    return oauth.auth0.authorize_redirect(
        request, request.build_absolute_uri(reverse("callback"))
    )

def callback(request):
    token = oauth.auth0.authorize_access_token(request)
    request.session["user"] = token
    return redirect(request.build_absolute_uri(reverse("index")))

def logout(request):
    request.session.clear()

    return redirect(
        f"https://{settings.AUTH0_DOMAIN}/v2/logout?"
        + urlencode(
            {
                "returnTo": request.build_absolute_uri(reverse("index")),
                "client_id": settings.AUTH0_CLIENT_ID,
            },
            quote_via=quote_plus,
        ),
    )

How is now

def auth_login(request):
	return oauth.auth0.authorize_redirect(
        request, 'https://mydomain.com.br/callback/'
    )

def callback(request):
    token = oauth.auth0.authorize_access_token(request)
    request.session["user"] = token
    return redirect('https://mydomain.com.br/')

def auth_logout(request):
    request.session.clear()

    return redirect(
         f"https://{settings.AUTH0_DOMAIN}/v2/logout?"
        + urlencode(
            {
                "returnTo": 'https://mydomain.com.br',
                "client_id": settings.AUTH0_CLIENT_ID,
            },
            quote_via=quote_plus,
        ),
    )

The problem now is that after the login, a 404 returns. Any other page I try to access after the login request returns the same thing.

If I use the logout method, the session ends successfully.

The request is being made on ip 127… and I believe it should be passing the URL sent, and not this ‘LOCAL ONE’, in the view.

Does anyone have any idea how I can fix this to finish this testing stage?

dan.woda · October 23, 2023, 8:12pm

Hi @lucasntn

Welcome to the Auth0 Community!

From that error, it looks like like there’s something wrong with your sourcing urls file. Can you please show us what is going on in that file?

lucasntn · October 23, 2023, 9:16pm

Hello!

You’re right, the problem was in the application’s index URL.
I replicated the tutorial without changing my index URL.

When I tested it with the index that you provide as an example, it worked.
The problem now is actually a doubt about this resource.

The authentication in the example was done only in auth0, but not in the application itself.

Is that right, or did I do something wrong?

If so, do you have any solution for authentication such as single sign on?
I have been testing other packs, but if there is a way to suggest it, I would appreciate it.

Thanks.

dan.woda · October 24, 2023, 1:40pm

Do you mean that Auth0 is authenticating the user? If so, that is correct. You application sends the user to Auth0 to authenticate, and Auth0 returns a token if they are successful. Auth0 also sets a cookie for SSO and other apps can use it to log the user in without presenting credentials again.

SSO is enabled by default with Auth0. You should be able to set up a second application and log the user in without presenting their credentials. It uses a cookie session.

lucasntn · October 24, 2023, 4:00pm

Hi @dan.woda

First of all, thank you very much for your support!

I think I didn’t express myself well.

In fact, works follows the Auht0 tutorial, but it does not authenticate the user in the Django backend.

Studying other solutions, I saw that it is necessary to set middleware or AUTHENTICATION_BACKENDS , so that the login is synchronized.

To summarize, I would like to know if the path presented in the tutorial has any solution to perform authentication in the django backend as well.

Thanks again.

dan.woda · October 25, 2023, 2:05pm

I’m sorry, I’m having trouble understanding your question.

Are you asking about how to authenticate requests to a Django backend API? If so, see this doc:

lucasntn · October 25, 2023, 3:29pm

I’m sorry, English is not my native language.

I may end up confusing some terms.

To be direct, I need to authenticate users in a Django application using Auth0.

I made the following tutorial:

It allows authentication, but only in auth0, the user cannot access pages that require login to the application.

I have been testing using SAML2, I don’t know if you have any cases that I can use as a reference.
It would be, Django authentication with Auth0.

If there isn’t, no problem, I’ll continue my studies to find a way to make this possible.

Thansk for the support!

dan.woda · October 26, 2023, 3:03pm

@lucasntn,

No problem! Thanks for your patience .

It sounds like you may be trying to authenticate with a third party identity provider who uses SAML. You can do that with a SAML Configuration in a connection with Auth0.

Does that help?

lucasntn · October 26, 2023, 3:45pm

Hi @dan.woda, first of all, thanks for the support.
I found a way to make it work.

I will share and contextualize it better.
The error was occurring in one scenario and actually the solution was found in a different path.
I believe the topic was confusing because of this, and the fact that English is not my native language.

THE CONTEXT

Find a way to log in to a Django application using Auth0.

First try (DID NOT WORK) → Using the Tutorial mentioned at the opening of the topic, using Authlib package.
It didn’t work as I expected, so I started researching other alternatives.

Second try (WORKED) → After a lot of research, I found a package that allowed logging into the Django application using Auth0. The package is ’ [Python Social Auth - Django]

THE TUTORIAL

THE PYTHON SOCIAL AUTH - DJANGO ON GIT: GitHub - python-social-auth/social-app-django: Python Social Auth - Application - Django

What do you need:

Django application running at least with basic settings;
Auth0 account.

CREATING APPLICATION ON AUTH0

In the applications menu, create a new application;
Select → Regular Web Applications;
On settings → Allowed Callback URLS: http://yoururl.com/complete/auth0
(this URL will be configured in the Django application when the package is installed, it can be changed if necessary)
On settings → Allowed Logout URLS http://yoururl.com/
On settings → Allowed Web Origins: http://yoururl.com/
If you want authentication from another application;
On settings → Cross-Origin Authentication: Allow Cross-Origin Authentication to True and set Allowed Origins (CORS).

CONFIGURING DJANGO APPLICATION

Install the Packs;

pip install django social-auth-app-django
pip install python-jose

In Settings.py include Django social in your applications;

INSTALLED_APPS = [
#
# other apps . . .
#
'social_django',
]

In Settings.py include Social Auth settings with Auth0;

# settings.py

SOCIAL_AUTH_TRAILING_SLASH = False

# Auth0 Credentials (better with environment variables)

SOCIAL_AUTH_AUTH0_DOMAIN = 'Auth0 Application Domain'
SOCIAL_AUTH_AUTH0_KEY = 'Auth0 Client ID'
SOCIAL_AUTH_AUTH0_SECRET = 'Client Secret'

#  Set SCOPE for authentication

SOCIAL_AUTH_AUTH0_SCOPE=[
    'openid',
    'profile',
    'email',
]

# Set configuration for BACKEND authentication
AUTHENTICATION_BACKENDS={
    'social_core.backends.auth0.Auth0OAuth2',
    'django.contrib.auth.backends.ModelBackend'
}

# Configure login and logout URL
LOGIN_URL = 'login/auth0'
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'

IMPORTANT → For better application security, Auth0 credentials must be set as environment variables.

In your application’s main URLS file, include the pack URLS.

path('', include('social_django.urls')),

The configuration is ready, if you prefer, you can include a link in the login template to the authentication URL.

 <a href="/login/auth0">Login Auth0</a>

CONSIDERATIONS

This tutorial is for a basic installation of Django, for more complex configurations, access the documentation: https://python-social-auth.readthedocs.org/
If you are using a ‘Custom User Model’, you can configure it in settings.py, using the variable:

SOCIAL_AUTH_USER_MODEL = 'yourapp.ModelName'

The user must exist in the Auth0 base;
If the user does not exist in the Django database, it can be created during login;
If the user exists in the Django Base, it will be necessary to link by the Django administration panel in the ‘Associations’ menu;
Other settings can be changed by changing the logic within the pack.

********************************** End of tutorial ***************************************

I believe that’s it.
I don’t know if it will help anyone, but I thought it would be cool to share.
Thanks again

dan.woda · October 27, 2023, 1:01pm

This is awesome! Thank you for sharing with so much detail.

system · November 10, 2023, 1:02pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.