Ive setup an auth0 app. I am trying to setup an auth webapp flow and code authorization flow as well;
I am following this article: Auth0 Django SDK Quickstarts: Login
to implement Auth0 web app flow.
To implement backend code authorization flow im following: Auth0 Django API SDK Quickstarts: Authorization
Implementations are in this file: apps/auth_zero/auth0backend.py
to write both the standard web app flow and the code authorization flow.
which subroutes /login/auth0 as auth0/login/auth0; check the main app urls.
But I get 404 not found when i Press Login:
I suspect something must be wrong in my settings;
The repo for ref is: covidX/covidX at 1777fe574c640c31db587e361c32758bc0c175d2 · Xcov19/covidX · GitHub
this is my middleware:
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
# Map username from the Access Token payload to
# Django authentication system
"django.contrib.auth.middleware.RemoteUserMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
]
These are my backend and auth0 jwt configs:
# SOCIAL AUTH AUTH0 BACKEND CONFIG
SOCIAL_AUTH_TRAILING_SLASH = os.getenv("SOCIAL_AUTH_TRAILING_SLASH")
SOCIAL_AUTH_AUTH0_KEY = os.environ.get("SOCIAL_AUTH_AUTH0_KEY")
SOCIAL_AUTH_AUTH0_SECRET = os.environ.get("SOCIAL_AUTH_AUTH0_SECRET")
SOCIAL_AUTH_AUTH0_SCOPE = ["openid", "profile", "email"]
SOCIAL_AUTH_AUTH0_DOMAIN = os.environ.get("SOCIAL_AUTH_AUTH0_DOMAIN")
SOCIAL_AUTH_ACCESS_TOKEN_METHOD = os.getenv("ACCESS_TOKEN_METHOD")
JWT_AUDIENCE = os.getenv("JWT_AUDIENCE")
if AUDIENCE := (
os.getenv("AUTH0_AUDIENCE") or f"https://{SOCIAL_AUTH_AUTH0_DOMAIN}/userinfo"
):
SOCIAL_AUTH_AUTH0_AUTH_EXTRA_ARGUMENTS = {"audience": AUDIENCE}
# Set JWT_AUDIENCE to API identifier and the JWT_ISSUER to Auth0 domain
JWT_AUTH = {
"JWT_PAYLOAD_GET_USERNAME_HANDLER": (
"apps.auth_zero.auth0backend." "jwt_get_username_from_payload_handler"
),
"JWT_DECODE_HANDLER": "apps.auth_zero.auth0backend.jwt_decode_token",
"JWT_ALGORITHM": "RS256",
"JWT_AUDIENCE": JWT_AUDIENCE,
"JWT_ISSUER": "https://dev-mavl72j2.eu.auth0.com/",
"JWT_AUTH_HEADER_PREFIX": "Bearer",
}
AUTHENTICATION_BACKENDS = {
"apps.auth_zero.auth0backend.Auth0",
"django.contrib.auth.backends.ModelBackend",
"django.contrib.auth.backends.RemoteUserBackend",
"guardian.backends.ObjectPermissionBackend",
}
LOGIN_URL = "/auth0/login/auth0"
LOGIN_REDIRECT_URL = "/"
AUTH_REDIRECT_URI = "/auth0/complete/auth0"
Im using drf, its settings are:
REST_FRAMEWORK = {
# Use Django's standard `django.contrib.auth` permissions,
# or allow read-only access for unauthenticated users.
"DEFAULT_PERMISSION_CLASSES": [
"rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly",
"rest_framework.permissions.AllowAny",
],
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework_jwt.authentication.JSONWebTokenAuthentication",
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.BasicAuthentication",
),
"DEFAULT_RENDERER_CLASSES": [
"rest_framework.renderers.BrowsableAPIRenderer",
"rest_framework.renderers.JSONOpenAPIRenderer",
],
}