Learn how to use Django to build web applications easily, and Auth0 to make the process even faster and more secure.
Read on 
>> Django Tutorial: Building and Securing Web Applications
2 Likes
Tell us what you think about this post!
Hi Sir,
Getting the below error.
File “”, line 1006, in _gcd_import
File “”, line 983, in _find_and_load
File “”, line 953, in _find_and_load_unlocked
File “”, line 219, in _call_with_frames_removed
File “”, line 1006, in _gcd_import
File “”, line 983, in _find_and_load
File “”, line 965, in _find_and_load_unlocked
ModuleNotFoundError: No module named ‘myproject’
can you please help me on this.
Hmmm, there is no myproject on the article. Are you following it step by step? If so, you can share your project with me (on a GitHub repo, preferably), and I will try to help you identify the problem.
I am still getting the login screen for django admin at localhost:8000/admin/
webapp/urls.py
from django.urls import path, include
from . import views
from django.contrib.auth.decorators import login_required
from django.contrib import admin
admin.autodiscover()
admin.site.login = login_required(admin.site.login)
urlpatterns = [
path('', views.index, name='index'),
path('', include('social_django.urls')),
path('profile/', views.profile),
path('logout/', views.logout),
]
Everything else works. I can use auth0 to access the admin panel if I am already logged in. However, if I’m logged out, the url localhost:8000/admin/ does not redirect me to the auth0 login page.
Hi, @codetricity. Welcome to our community and thanks for reaching out.
The app you are building an exact copy of the steps described in this article? If so, can you please share the code in a GitHub repository with me so I can check out the whole thing?
Thanks!
Thank you for your help.
- It’s an exact copy of the tutorial
- I have it on a private GitHub repo. Can you share your GitHub ID with me so that I can add you as a collaborator?
I’m new to authentication and I’m worried that my secret credentials might be embedded into the GitHub code and thus am worried about making it a public repo. If you send me your GitHub username, I can add you as a collaborator to the private repo. Thanks.
On auth0, I have a separate application for this tutorial. So, maybe there is no risk in making it public?
Yes, sure. My GitHub username is brunokrebs.
Thank you. I just sent you an invitation to collaborate on my private GitHub repo.
Your tutorial is very high quality. Clear and easy to follow. Well done.
The tutorial you wrote is the main reason I’m looking at Auth0. I had seen a bunch of other tutorials for other solutions, but yours is the best.
At the moment, we’re looking at Django deployment for many sites as it’s very fast to get sites up quickly. We’re also using the same Auth0 login for one Discourse site as a test.
The one problem we’re having in our evaluation is that we were not able to reset the Auth0 password with the email link today. The email was never sent. It worked yesterday.
I want to get your Django tutorial site up on a public server along with an existing public Discourse server to demo Auth0 to my co-workers to get feedback. I can actually demo it right now, but it would be cool to also show the redirect from localhost:8000/admin/ to the Auth0 login when the user is not already logged in. It’s not completely required as I can direct them to localhost:8000/manage for the demo.
Hi, I have cloned your repo a couple of hours ago and confirmed the issue. I didn’t solve yet (no idea to be honest what happened), but I will try to take a look during the weekend.
3 Likes
I had to add the following to the class Auth0 (auth0.py) to avoid self-signed certificate error.
I think it’s also important to mention that self.setting(‘DOMAIN’) and self.setting(‘KEY’) do not have to be modified
…
import ssl
…
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
id_token = response.get(‘id_token’)
jwks = request.urlopen(‘https://’ + self.setting(‘DOMAIN’) + ‘/.well-known/jwks.json’, context=ctx)
…
1 Like
Thanks a lot for sharing that with the rest of community!
Important Note: this disables verification of the TLS/SSL certificate on your tenant. This is fine for short-term testing, but you don’t want to do this in production. If you’re getting a self-signed certificate error, make sure your environment has a complete list of current root certificates.
1 Like
I was running into an issue when setting the custom admin role in Rules. I had set it all up perfectly in code and in the Rules section in my Auth0 Dashboard. When I tried logging in to an account that I already had pre-created, I got this error:
Exception Type: KeyError
Exception Value:‘https://www.django-webapp.com/role’
This happens because we don’t populate the key value with the role string when the user has no email or the user’s email is not verified. So, to make sure we don’t run into this issue, I added this check into my ./src/webapp/authentication/auth0.py:
…
audience = self.setting(‘KEY’) # CLIENT_ID
payload = jwt.decode(id_token, jwks.read(), algorithms=[‘RS256’], audience=audience, issuer=issuer)
email_verified = payload[‘email_verified’]
new_role = ‘user’
if email_verified is True:
new_role = payload[‘https://django-webapp/role’]
return {
‘username’: payload[‘nickname’],
‘first_name’: payload[‘name’],
‘picture’: payload[‘picture’],
‘user_id’: payload[‘sub’],
‘role’: new_role,
}
1 Like
Thanks for sharing that with the rest of community!
I am using auth0 with django and redirecting users to django amin site. In the process roles, I have added:
if details[‘role’]==‘user’:
user.is_staff = True
user.is_superuser = False
user.is_active= True
user.save()
if the user is a super user , the user gets all rights in the admin site. However, when I assign groups and permissions to a staff user, the staff user is not able to view anything on the admin site. It says,
You don’t have permission to view or edit anything.
Please let me know if I need to add any extra layer to get the django groups and permissions working?