CODEWITHSUNDEEP
pythonflaskauth0
user3318587
user3318587

Reputation: 39

How to get JWT in Auth0 Python web app?

I took this project as starting point: https://github.com/auth0-samples/auth0-python-web-app

According to https://auth0.com/docs/tokens/access-token, I am supposed to get a JWT if I set the audience to an URL pointing to a custom API. This is exactly what I have done, but still I only get an opaque Access Token, as if the audience would still point to abc.eu.auth0.com/userinfo

I wonder, if I need to do something else to get the JWT?

I have already tried to add "access_token_params":

 auth0 = oauth.remote_app(
    'auth0',
    consumer_key=AUTH0_CLIENT_ID,
    consumer_secret=AUTH0_CLIENT_SECRET,
    access_token_params={
        'scope': 'openid profile',
        'audience': AUTH0_AUDIENCE
    },
    request_token_params={
        'scope': 'openid profile',
        'audience': AUTH0_AUDIENCE
    },
    base_url='https://%s' % AUTH0_DOMAIN,
    access_token_method='POST',
    access_token_url='/oauth/token',
    authorize_url='/authorize',
)

Sadly, no success. I would be glad if you could give me hints what I might have missed.

Upvotes: 1

Views: 1921

Answers (1)

abigperson
abigperson

Reputation: 5362

You do not need the access_token_parameters argument in the remote_app definition.

Within your callback route the code should look something like this:

@app.route('/auth/callback/')
def auth_callback():
    response = auth0.authorized_response()
    print(response.get("id_token"))

The response from this call is a dictionary which contains the access_token as well as an id_token which is the JWT

If you intend to get information out of this JWT you need to parse it with an appropriate 3rd party library. There are several available... you can also validate the token (e.g. see the contents) through this website:

https://jwt.io/ (paste the output of the "print" command above into the debugger)

There is also a list of python libraries and their capabilities below their JWT debugger on this site.

It, roughly, contains the same information that you get when you exchange the access_token with the /userinfo/ endpoint to get a user's profile.

Also...

I found, when I switched from using the Lock library to the Flask-OAuthlib library that I needed to add "email" into the scope parameter. This depends on the connection types you allow, but my scope now looks like: "openid profile email"

Upvotes: 2

Related Questions