I have been trying to get an Oauth configuration working for Auth0 and I can’t seem to get it actually working.
Here is an obfuscated config that I am using:
_auth0_config = {
'consumer_key': 'id',
'consumer_secret': 'secret',
'request_token_params': {'scope': 'profile email'},
'base_url': 'https://tenant-prod.auth0.com',
'request_token_url': None,
'access_token_method': 'POST',
'access_token_url': 'https://tenant-prod.auth0.com/oauth/access_token',
'authorize_url': 'https://tenant-prod.auth0.com/authorize'
}
AUTH_PROVIDERS = {
'auth0': {
'default': 'true',
'type': 'oauth',
'title': 'Auth0',
'oauth': _auth0_config
}
}
IDENTITY_PROVIDERS = {
'auth0': {
'title': 'Auth0',
'trusted_email': True,
'type': 'oauth',
'oauth': _auth0_config,
'endpoint': '/userinfo',
'identifier_field': 'sub',
'mapping': {
'user_name': 'preferred_username',
'first_name': 'given_name',
'last_name': 'family_name',
'email': 'email'
}
}
}
PROVIDER_MAP = {"auth0": "auth0"}
Whatever I am doing must be wrong enough that I am just getting an “Internal server error” when restarting with nothing at all in any logs that I can find. Step one would probably be figuring out where the appropriate logs would be (I have checked /opt/indico/log
and /var/log/uwsgi/app
)…nothing useful.
Any assistance in debugging this would be amazing!
Thanks in advance!
If you get an internal server error, you might have a syntax error in your config (or some other error that happens at import time). The easiest way to see the actual error and traceback is to run indico shell
since that loads the config as well.
'default': 'true',
on the auth provider is incorrect for sure:
- the correct value would be
True
without quotes
- the
default
setting only makes sense on auth providers that use a form to enter credentials direct in indico. so for oauth this setting shouldn’t be present at all
You are a savior. That key was definitely it. I tried to use the indico shell
and couldn’t figure out how to do it. I am running a production configuration, and I didn’t see a bin
anywhere or any directory that had a binary to run.
So I am much further along, but still getting a fairly cryptic message of:
Authentication via auth0 failed: OAuth error ({u'msg': u'Invalid response from auth0_flaskmultipass', u'data': {'Not Found': u''}, u'type': 'invalid_response'})
I am guessing there is a mapping incorrect. Any way to easily debug that specifically?
it’s in your PATH when the virtualenv is active
Are you sure the endpoint
is correct?
The docs don’t really specify what the endpoint is so I am taking a guess. What I was thinking the endpoint
represented was what uri (built with the base_url
in the config) can be used to pull the user’s information that we can map into our schema.
The userinfo
endpoint in Auth0 is exactly that. I could be totally misunderstanding what the field represents though, just jumping into all this and it is a bit overwhelming .
Docs on userinfo
here.
Figured it out. Was using the incorrect access_token endpoint. It seems to be functioning as expected now.
Thank you so much for the help!