Getting Authorization header

Hello, for a project that I am working on, I need to get the jwt token generated for a user from the url.

My frontend is plain HTML.
My application is running on Flask.


I know that when I open the above URL - once only - it asks me to login using Auth0 interface and on successful login it doesn’t allow me to login as a different user… Every time I hit the above URL in the browser, it automatically takes me to the callback url - /profile in my case. I need to test two users, need to get the token for two different users so,
Question 1. How do I set it up to ask me to login every time I open the above URL?
I tried setting the token expiration time to only 1 minute - in the application settings as well as at the API settings. However, only once it asks me to login.

After I login with the user credentials that I created, in the browser URL I see the token.

I have tested the token successfully using POSTMAN by selecting Bearer token in the Authorziation Headers and added the token that I retrieved from the browser URL.

Instead of doing it manually, I want to have the python program open the url (which I did) by writing the below code and then retrieve the token from Authorization in response.headers[‘Authorization’]:

def memLogin():
link = ‘
return redirect(link)

def memProfile():
return render_template(‘memProfile.html’)

memProfile.html page is a simple HTML page.

Question 2 : How do I write a program which will set (if required) Authorization in response.headers?
Right now response.headers doesn’t have Authorization.

Thank You in advance.

Hi @priya.varghese

To set the session time low (to force a re-login) you need to change the session timeouts, not the token timeouts. The session timeouts are in your tenant settings on the advanced tab.

Are you using Auth0’s Python Quickstart? It is available when you click on “Create Application”, choose Web App, and then choose Python as the stack. There’s also a tutorial for Flask here: Auth0 Python API SDK Quickstarts: Authorization

You are using response_type=token in your /authorize call. Don’t do that! This is implicit mode and not recommended. You should be using response_type=code

Take a look at the quickstarts, they will help a lot.