def auth_auth0(endpoint, client_id, client_secret, realm, username, password): client = GetToken(endpoint) try: resp = client.login(client_id, client_secret, username, password, None, realm, None) if resp: auth_success(username) else: auth_failure("Invalid credentials for username " + username) except Auth0Error, e: auth_failure('Auth0 error: ' + e.message)
def do_get_token(): get_token = GetToken(AUTH0_DOMAIN) result = get_token.login(client_id=CLIENT_ID, client_secret=CLIENT_SECRET, username=HC_USER_USERNAME, password=HC_USER_PASSWORD, scope='openid email profile', realm='healthcheck-users', audience='') del result['id_token'] # we don't need this - just mucks up console output print("Token result: ", result) users = Users(AUTH0_DOMAIN) user_info = users.userinfo(result['access_token']) print("User info: ", user_info)
def add_users(app, db): """ Adds a test user to db """ from neurostore.resources.auth import decode_token domain = app.config['AUTH0_BASE_URL'].split('://')[1] token = GetToken(domain) users = [{ "name": "user1", "password": "******", }, { "name": "user2", "password": "******", }] tokens = {} for u in users: name = u['name'] passw = u['password'] payload = token.login( client_id=app.config['AUTH0_CLIENT_ID'], client_secret=app.config['AUTH0_CLIENT_SECRET'], username=name + "@email.com", password=passw, realm='Username-Password-Authentication', audience=app.config['AUTH0_API_AUDIENCE'], scope='openid', ) token_info = decode_token(payload['access_token']) user = User( name=name, external_id=token_info['sub'], ) if User.query.filter_by(name=token_info['sub']).first() is None: db.session.add(user) db.session.commit() tokens[name] = { 'token': payload['access_token'], 'id': User.query.filter_by(external_id=token_info['sub']).first().id, } yield tokens
def get_jwt(): domain = 'openlattice.auth0.com' realm = 'Username-Password-Authentication' scope = 'openid email nickname roles user_id organizations' audience = 'https://api.openlattice.com' client_id = 'o8Y2U2zb5Iwo01jdxMN1W2aiN8PxwVjh' username = os.environ.get("bamboo_EDM_USERNAME") password = os.environ.get("bamboo_EDM_PASSWORD") get_token = GetToken(domain) token = get_token.login( client_id=client_id, client_secret="", username=username, password=password, scope=scope, realm=realm, audience=audience, grant_type='http://auth0.com/oauth/grant-type/password-realm') return token
class Auth0Api: domain = getDocketSecrets("auth0_domain") non_interactive_client_id = getDocketSecrets("auth0_non_interactive_client_id") application_client_id = getDocketSecrets("auth0_application_client_id") non_interactive_client_secret = getDocketSecrets( "auth0_non_interactive_client_secret" ) interactive_client_secret = getDocketSecrets("auth0_interactive_client_secret") audience = getDocketSecrets("auth0_audience") connection = "Username-Password-Authentication" def __init__(self): self.initAuth0() if not self.token: raise ValueError("Could not get the auth token.") def getToken(self): token = self.tokenManager.client_credentials( self.non_interactive_client_id, self.non_interactive_client_secret, "https://{}/api/v2/".format(self.domain), ) mgmt_api_token = token["access_token"] self.token = mgmt_api_token def initAuth0(self): self.tokenManager = GetToken(self.domain) self.databaseManager = Database(self.domain) self.getToken() self.auth0 = Auth0(self.domain, self.token) @autoAuthenticate def addUser(self, username, name, password, verifyEmail=False): userData = { "connection": "Username-Password-Authentication", "email": username, "name": name, "password": password, "verify_email": verifyEmail, } result = self.auth0.users.create(userData) try: userId = result["user_id"] except (KeyError, TypeError): logger.error( f"It was not possible to add the username: {username}.", exc_info=True, extra={"area": "users"}, ) return logger.info(f"User added with id: {userId}",) return userId @autoAuthenticate def deleteUser(self, userId): logger.info(f"Deleted user with id: {userId}") return self.auth0.users.delete(userId) @autoAuthenticate def updateUser(self, userId, updatedData): """ { "blocked": false, "email_verified": false, "email": "*****@*****.**", "verify_email": false, "phone_number": "+199999999999999", "phone_verified": false, "verify_phone_number": false, "password": "******", "user_metadata": {}, "app_metadata": {}, "connection": "Initial-Connection", "username": "******", "client_id": "DaM8bokEXBWrTUFCiJjWn50jei6ardyX" } """ result = self.auth0.users.update(userId, updatedData) try: assert result["user_id"] except (KeyError, TypeError, AssertionError): logger.error( "It was not possible to update the user with id: %s." % userId, exc_info=True, extra={"area": "users"}, ) return logger.info("Updated user with id: %s" % userId) return result @autoAuthenticate def getUser(self, userId): userData = self.auth0.users.get(userId) return userData def login(self, username, password): token = self.tokenManager.login( self.application_client_id, self.interactive_client_secret, username, password, "", "", self.audience, "password", ) auth_api_token = token["access_token"] if username != "*****@*****.**": logger.info(f"Loging from user: {username}") return auth_api_token def recoverPassword(self, username): result = self.databaseManager.change_password( self.application_client_id, username, self.connection ) logger.info(f"User: {username} requests a new password") return result def changePassword(self, userId, password): result = self.auth0.users.update(userId, {"password": password}) logger.info(f"User: {userId} requests to change the password") return result