Skip to content

Instantly share code, notes, and snippets.

@dkozel

dkozel/manual_auth0.py Secret

Created February 18, 2021 10:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dkozel/9e1f110acb8b3e4460bad6daef29c03e to your computer and use it in GitHub Desktop.
Save dkozel/9e1f110acb8b3e4460bad6daef29c03e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
manual_auth0.py
# NOTICE: This code is not for reuse. It is a work in progress illustration of what I'd like to do with the auth0-python library.
import http.client
from selenium import webdriver # Needed to instantiate a browser whose current URL may be set and read
from time import sleep # Needed to prevent busy-waiting for the browser to complete the login process!
from json import loads # Only needed if using .loads() instead of manually parsing the final server response
###
def get_response( conn ):
res = conn.getresponse()
data = res.read()
return data.decode( "utf-8" )
###
# Takes a hostname as input, and attempts auth0 authentication using a web browser.
# The browser is set to Firefox() currently, but can be any which the Selenium module supports (e.g. Chrome()).
# The output is None for an unsuccessful login, or the response dictionary for a successful one.
# The token required by the final API is stored under the key "id_token".
def get_auth0_tokens( host ):
conn = http.client.HTTPSConnection( host )
# Step 1: request an auth0 code
# (this seems to return a redirect to a login URL)
url1 = "/authorize"
client_id = "DEADCAFE012345"
redirect_uri = "https://dkozel.auth0.com/mobile"
scope = "openid%20profile"
state = "csrfnonce"
payload1 = f'response_type=code&client_id={client_id}&redirect_uri={redirect_uri}&scope={scope}&state={state}'
conn.request( "GET", url1 + "?" + payload1 )
response = get_response( conn )
#print( response )
# Step 2: open a browser, and display the login URL
rstr = "Found. Redirecting to "
if response.find( rstr ) != -1:
url2 = response.split( rstr )[ 1 ]
driver = webdriver.Firefox()
url2 = "https://" + host + url2
driver.get( url2 )
else:
print( "ERROR: request for authorisation did not return a valid login URL" )
return
# Step 3: wait for the URL in the browser to change (i.e. the user has entered their login information, hopefully correctly!),
# and then close the browser
response = driver.current_url
while( response == url2 ):
sleep( 1 )
response = driver.current_url
driver.close()
# Step 4: attempt to extract the auth0 code from the URL the browser was directed to,
# and use if to request (finally!) the id_token needed to register with smartlink.flexlib.com
rstr = "code="
if response.find( rstr ) != -1:
code = response.split( rstr )[ 1 ]
url3 = "/dkozel.auth0.com/oauth/token"
headers3 = { 'content-type': "application/x-www-form-urlencoded" }
payload3 = f'response_type=token&client_id={client_id}&redirect_uri={redirect_uri}&scope={scope}state={state}&grant_type=authorization_code&code={code}'
conn.request( "POST", url3, payload3, headers3 )
response = get_response( conn )
#print( response )
else:
print( "ERROR: code was not returned during the login attempt; was your login incorrect?" )
return
# Step 5: attempt to extract the token data (in particular, id_token) from the auth0 server's response
rstr = '"id_token":"'
if response.find( rstr ) != -1:
response = loads( response )
#print( "id_token is:", response[ "id_token" ] )
return response
else:
print( "ERROR: id_token was not returned by the auth0 server" )
return
##############
print( "Using browser-based authentication..." )
HOST = "dkozel.auth0.com"
data = get_auth0_tokens( HOST )
print( "Received id_token =", data[ "id_token" ] )
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment