auth0login updates

Start using JWT from auth0, along with updated social-auth-app plugin and newer jose. Tested locally but only with a http redirect, will test ssl in dev Signed-off-by: Corey Shields <cshields@gmail.com>
2020-12-30 10:29:28 -05:00 · 2020-12-30 10:29:28 -05:00 · bcee356c24
parent 46eb5aa8c8
commit bcee356c24
3 changed files with 22 additions and 10 deletions
--- a/auth0login/auth0backend.py
+++ b/auth0login/auth0backend.py
@ -1,5 +1,6 @@
 """SatNOGS DB Auth0 login module auth backend"""
 import requests
+from jose import jwt
 from social_core.backends.oauth import BaseOAuth2


@ -8,6 +9,7 @@ class Auth0(BaseOAuth2):
    name = 'auth0'
    SCOPE_SEPARATOR = ' '
    ACCESS_TOKEN_METHOD = 'POST'
+    REDIRECT_STATE = False
    EXTRA_DATA = [('email', 'email')]

    def authorization_url(self):
@ -27,14 +29,19 @@ class Auth0(BaseOAuth2):
        return details['user_id']

    def get_user_details(self, response):
-        url = 'https://' + self.setting('DOMAIN') + '/userinfo'
-        headers = {'authorization': 'Bearer ' + response['access_token']}
-        resp = requests.get(url, headers=headers)
-        userinfo = resp.json()
+        # Obtain JWT and the keys to validate the signature
+        id_token = response.get('id_token')
+        jwks = requests.get('https://' + self.setting('DOMAIN') + '/.well-known/jwks.json')
+        issuer = 'https://' + self.setting('DOMAIN') + '/'
+        audience = self.setting('KEY')  # CLIENT_ID
+        payload = jwt.decode(
+            id_token, jwks.json(), algorithms=['RS256'], audience=audience, issuer=issuer
+        )

        return {
-            'username': userinfo['nickname'],
-            'email': userinfo['email'],
-            # 'first_name': userinfo['name'],
-            'user_id': userinfo['sub']
+            'username': payload['nickname'],
+            # 'first_name': payload['name'],
+            # 'picture': payload['picture'],
+            'user_id': payload['sub'],
+            'email': payload['email']
        }
--- a/requirements.txt
+++ b/requirements.txt
@ -33,6 +33,7 @@ django-shortuuidfield==0.1.3
 django-widget-tweaks==1.4.8
 djangorestframework==3.12.2
 dnspython==1.16.0
+ecdsa==0.14.1
 enum34==1.1.10
 eventlet==0.30.0
 frozendict==1.2
@ -52,12 +53,14 @@ mysqlclient==2.0.2
 numpy==1.19.4
 oauthlib==3.1.0
 Pillow==8.0.1
+pyasn1==0.4.8
 pycparser==2.20
 PyJWT==2.0.0
 PyLD==2.0.3
 python-dateutil==2.8.1
 python-decouple==3.3
 python-dotenv==0.15.0
+python-jose==3.2.0
 python3-openid==3.2.0
 pytz==2020.5
 PyYAML==5.3.1
@ -67,6 +70,7 @@ Represent==1.6.0.post0
 requests==2.25.1
 requests-oauthlib==1.3.0
 rjsmin==1.1.0
+rsa==4.6
 rush==2018.12.1
 satellitetle==0.10.1
 satnogs-decoders~=1.0
@ -75,7 +79,7 @@ sgp4==2.14
 shortuuid==1.0.1
 simplejson==3.17.2
 six==1.15.0
-social-auth-app-django==3.4.0
+social-auth-app-django==4.0.0
 social-auth-core==3.3.3
 spacetrack==0.15.0
 sqlparse==0.4.1
--- a/setup.cfg
+++ b/setup.cfg
@ -47,7 +47,8 @@ install_requires =
    django-allauth~=0.44.0
    django-avatar~=5.0.0
    django-crispy-forms~=1.10.0
-    social-auth-app-django~=3.4.0
+    python-jose[cryptography]~=3.2.0
+    social-auth-app-django~=4.0.0
    # Static
    django_compressor~=2.4.0
    # API