Hi,
I’m trying to use auth0 with Flask and Python to have users login and then restrict their behaviours according to their permissions. I am following the tutorial to have them login but cannot figure out how to store the permissions of a logged in user.
At the moment I am creating an auth0 object like below:
auth0 = oauth.register(
'auth0',
client_id='YOUR_CLIENT_ID',
client_secret='YOUR_CLIENT_SECRET',
api_base_url='https://dev-c0xmgrpi.eu.auth0.com',
access_token_url='https://dev-c0xmgrpi.eu.auth0.com/oauth/token',
authorize_url='https://dev-c0xmgrpi.eu.auth0.com/authorize',
client_kwargs={
'scope': 'openid profile email',
},
)
Then i am having the user login like this:
@app.route('/login')
def login():
return auth0.authorize_redirect(redirect_uri='YOUR_CALLBACK_URL')
And my callback looks like this:
# Here we're using the /callback route.
@app.route('/callback')
def callback_handling():
# Handles response from token endpoint
auth0.authorize_access_token()
resp = auth0.get('userinfo')
userinfo = resp.json()
# Store the user information in flask session.
session['jwt_payload'] = userinfo
session['profile'] = {
'user_id': userinfo['sub'],
'name': userinfo['name'],
'picture': userinfo['picture']
}
return redirect('/dashboard')
How do I edit the callback so that it also stores permissions information in the session object? (Or is there a different better way of storing the permissions of a user?) . I’ve tried to see if the permissions are stored in the auth0 object but I can’t seem to find them there.
Note that I have definitely set my application settings so that the JWT returns information about the permissions so that’s not the problem.
Thanks!
Petros