Enabling SSO (Oauth) via Config Failing

I have been trying to get an Oauth configuration working for Auth0 and I can’t seem to get it actually working.

Here is an obfuscated config that I am using:

_auth0_config = {
    'consumer_key': 'id',
    'consumer_secret': 'secret',
    'request_token_params': {'scope': 'profile email'},
    'base_url': 'https://tenant-prod.auth0.com',
    'request_token_url': None,
    'access_token_method': 'POST',
    'access_token_url': 'https://tenant-prod.auth0.com/oauth/access_token',
    'authorize_url': 'https://tenant-prod.auth0.com/authorize'

  'auth0': {
    'default': 'true',
    'type': 'oauth',
    'title': 'Auth0',
    'oauth': _auth0_config

  'auth0': {
    'title': 'Auth0',
    'trusted_email': True,
    'type': 'oauth',
    'oauth': _auth0_config,
    'endpoint': '/userinfo',
    'identifier_field': 'sub',
    'mapping': {
      'user_name': 'preferred_username',
      'first_name': 'given_name',
      'last_name': 'family_name',
      'email': 'email'

PROVIDER_MAP = {"auth0": "auth0"}

Whatever I am doing must be wrong enough that I am just getting an “Internal server error” when restarting with nothing at all in any logs that I can find. Step one would probably be figuring out where the appropriate logs would be (I have checked /opt/indico/log and /var/log/uwsgi/app)…nothing useful.

Any assistance in debugging this would be amazing!

Thanks in advance!

If you get an internal server error, you might have a syntax error in your config (or some other error that happens at import time). The easiest way to see the actual error and traceback is to run indico shell since that loads the config as well.

'default': 'true', on the auth provider is incorrect for sure:

  • the correct value would be True without quotes
  • the default setting only makes sense on auth providers that use a form to enter credentials direct in indico. so for oauth this setting shouldn’t be present at all

You are a savior. That key was definitely it. I tried to use the indico shell and couldn’t figure out how to do it. I am running a production configuration, and I didn’t see a bin anywhere or any directory that had a binary to run.

So I am much further along, but still getting a fairly cryptic message of:

Authentication via auth0 failed: OAuth error ({u'msg': u'Invalid response from auth0_flaskmultipass', u'data': {'Not Found': u''}, u'type': 'invalid_response'})

I am guessing there is a mapping incorrect. Any way to easily debug that specifically?

it’s in your PATH when the virtualenv is active

Are you sure the endpoint is correct?

The docs don’t really specify what the endpoint is so I am taking a guess. What I was thinking the endpoint represented was what uri (built with the base_url in the config) can be used to pull the user’s information that we can map into our schema.

The userinfo endpoint in Auth0 is exactly that. I could be totally misunderstanding what the field represents though, just jumping into all this and it is a bit overwhelming :slight_smile:.

Docs on userinfo here.

Figured it out. Was using the incorrect access_token endpoint. It seems to be functioning as expected now.

Thank you so much for the help!