-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth0SessionMgr.py
More file actions
113 lines (88 loc) · 3.79 KB
/
auth0SessionMgr.py
File metadata and controls
113 lines (88 loc) · 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import requests
import threading
class Auth0Session:
def __init__(self, auth0_id, auth0_secret, auth0_connection, auth0_domain):
self.lock = threading.Lock()
#get this data out of the Auth0 portal
self.auth0_id = auth0_id # Client ID under application management
self.auth0_connection = auth0_connection # string representing the name of the application in Aplication mgmt
self.auth0_domain = auth0_domain #Domain under Application mgmt - e.g. acme.auth0.com
######################################
## Do Not Store This Anywhere In Your Code!!!!
## No one should see this secret ever! Definately do not deploy this in a front end anywhere!
self.auth0_secret = auth0_secret #Client Secret under application management
self.s = requests.Session()
def login(self, username, password, userid, domain):
self.username = username
self.password = password
self.userid = userid
self.domain = domain
session = requests.Session()
# first we have to get an auth token from Auth0
try:
#we have to make a call to Auth0 in order to get a session token
r = session.post(
'https://'+auth0_domain+'/oauth/token',
json={
'client_id': self.auth0_id,
'username': self.username,
'password': self.password,
'connection' : auth0_connection,
'client_secret': self.auth0_secret,
'grant_type': 'password' #we are using password authentication
},
headers={'Content-Type': 'application/json'}
)
except requests.exceptions.RequestException as e:
print(r)
print (r.text)
return e
#if the call is successful, we will get back a session token from auth0 that we can use
# to register a session directly with our app now
data = r.json()
self.token = data['id_token']
#now we have an access token, we can use it to call our application to get a session
# to get the correct formatting of this call, you need to use Chrome Dev Tools to
# monitor your application during login, and see what calls are being made
#
# here's an example structure
self.headers = { 'authorization' : 'Bearer ' + self.token }
r = requests.get('https://acme.com/api/v1/', headers=self.headers, verify=False)
#print(url)
try:
r2 = self.s.get(url)
except requests.exceptions.RequestException as e:
print(r)
print (r.text)
return e
return
#####################################################################3
#
# wrap a post in the existing authenticated session
#
def post(self, url, payload):
self.lock.acquire()
try:
r = self.s.post(url, data=payload, headers=self.headers)
except requests.exceptions.RequestException as e:
print(r)
print (r.text)
return e
finally:
self.lock.release()
print (r)
#####################################################################3
#
# wrap a get in the existing authenticated session
#
def get(self, url, payload=None):
self.lock.acquire()
try:
r = self.s.post(url, data=payload, headers=self.headers)
except requests.exceptions.RequestException as e:
print(r)
print (r.text)
return e
finally:
self.lock.release()
print (r)