I am following this tutorial by auth0 to implement access token verification in a python flask app running on Google App Engine (flex).
However I am receiving HTTP 403 Forbidden from this code:
jwks = requests.get(f"https://{domain}/.well-known/jwks.json").json()
I can confirm that the URL being sent is the correct one, and that when I call this with this python on my local system I receive the correct JSON. It is only when being run on the server does this return 403 forbidden.
Good afternoon,
I see that you submitted a support ticket as well. Were you able to try to remove the f before the url? https://{domain}/.well-known/jwks.json โโโโโโ is a public URL so it should be accessible.
Thanks!
I believe the cause of this was that I was proxying the custom domain through CloudFlare. I could access the data I needed by using the direct domain provided by auth0, and if I used a different User-Agent I could stop the 403. I suspect Cloudflare is blocking ranges from Google Cloud Platform with a generic user agent from making these requests.
Glad you have found it and thank you for sharing with the rest of community!