Did you get this to work. This is very valuable. I can help fix it during the week-end. Not going anywhere. ;-)
On Friday, 13 March 2020 06:00:40 UTC-7, Kevin Keller wrote: > > You need to change your okta tenant URLs and the client Id and Secret. > > I still points to my tenant :) > > > > > On Thu, Mar 12, 2020 at 3:05 PM Kevin Keller <[email protected]> wrote: > >> This goes into your db.py and you also need to install okta_jwt via pip. >> >> I still haven figured it out how to terminate the session in Okta and >> Web2py at the same time >> >> The redirect in the logout terminates the okta session but not the web2py >> one. >> For that you need session.forget and session.renew but this commands >> being in the model dont work, they only work in the controller. >> So need to find a way to destroy the sessions in the models through some >> sort of global variable or store the sessions in the DB retrieve them in >> the model and detroy them there. >> >> >> >> On Thu, Mar 12, 2020 at 3:02 PM Kevin Keller <[email protected]> wrote: >> >>> Okta_CLIENT_ID='0xxxxx' >>> Okta_CLIENT_SECRET="xxxxx" >>> >>> ## import required modules >>> try: >>> import json >>> except ImportError: >>> from gluon.contrib import simplejson as json >>> from gluon.contrib.login_methods.oauth20_account import OAuthAccount >>> >>> >>> ## extend the OAUthAccount class >>> class OktaAccount(OAuthAccount): >>> # """OAuth impl for FaceBook""" >>> AUTH_URL="https://keller.okta.com/oauth2/default/v1/authorize"; >>> TOKEN_URL="https://keller.okta.com/oauth2/default/v1/token"; >>> >>> def __init__(self): >>> OAuthAccount.__init__(self, None, Okta_CLIENT_ID, Okta_CLIENT_SECRET, >>> self.AUTH_URL, self.TOKEN_URL, >>> scope='openid profile email', >>> state="okta", >>> display='popup') >>> >>> >>> def get_user(self): >>> if not self.accessToken(): >>> return None >>> #global token >>> token= None >>> token=self.accessToken() >>> print (token) >>> from okta_jwt.jwt import validate_token >>> issuer="https://keller.okta.com/oauth2/default"; >>> audience="api://default" >>> if token != None: >>> profile=validate_token(token, issuer, audience, Okta_CLIENT_ID) >>> #print (profile) >>> if profile['sub']: >>> >>> username = profile['sub'] >>> >>> >>> email = profile['sub'] >>> else: >>> self.session.token = None >>> >>> if profile['sub']: >>> return dict(first_name = profile['firstname'], >>> last_name = profile['lastname'], >>> username = username, >>> email = '%s' %(email)) >>> >>> >>> def logout_new(self, next="/"): >>> #self.session.token = None >>> redirect(' >>> https://keller.okta.com/oauth2/default/v1/logout?id_token_hint='+token+ >>> '&post_logout_redirect_uri='+' >>> http://130.61.243.125:8000/OktaWF/default/index') >>> session.renew(clear_session=True) >>> session.forget(response) >>> return next >>> >>> >>> auth.settings.login_form=OktaAccount() >>> >>> On Wed, Mar 11, 2020 at 4:01 PM António Ramos <[email protected]> >>> wrote: >>> >>>> Thank you Kevin , please share... >>>> >>>> >>>> Em qua., 11 de mar. de 2020 às 14:53, Kevin Keller <[email protected]> >>>> escreveu: >>>> >>>>> Looks nice enough, though it is missing an easy way to configure >>>>> scopes and claims. >>>>> >>>>> It dont see it anywhere in their free account actually. >>>>> >>>>> I would probably rather advice to go with Auth0 or Okta. >>>>> >>>>> I work for Okta so that is why I have integrated web2py with Okta in a >>>>> sample app. >>>>> I can send you the configuration and they have a free edition too for >>>>> 1000 users per month just like >>>>> DID and you can easily configure claims and scopes. >>>>> >>>>> If you do not trust me on this go with Auth0, they can also help with >>>>> claims and scopes and I think >>>>> its free for 1000 users too, but Auth0 requires to do some scripting >>>>> to configure your scopes on the Auth0 web client. >>>>> >>>>> So I think Okta is easier, but its just my 2 cents of course. >>>>> >>>>> >>>>> >>>>> >>>>> On Wed, Mar 11, 2020 at 2:02 PM António Ramos <[email protected]> >>>>> wrote: >>>>> >>>>>> DID <https://did.app/> is an Identity Provider, that authenticates >>>>>> users by verifying access to either an email address or securely stored >>>>>> private key. >>>>>> >>>>>> This gives users the ability to sign in with a single click without >>>>>> being tracked by the social login providers. >>>>>> >>>>>> It gives developers the ability to offer a modern authentication >>>>>> without having to handle validating signatures, recovering accounts from >>>>>> lost devices or verifying user email addresses. >>>>>> >>>>>> >>>>>> >>>>>> https://did.app/ >>>>>> >>>>>> >>>>>> regards >>>>>> >>>>>> -- >>>>>> Resources: >>>>>> - http://web2py.com >>>>>> - http://web2py.com/book (Documentation) >>>>>> - http://github.com/web2py/web2py (Source code) >>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "web2py-users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/web2py/CAEM0BxO8Gv%2BcJY-o_WXFEkEBMEFRA-WiPknUASOR7gXGzrKvAw%40mail.gmail.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/web2py/CAEM0BxO8Gv%2BcJY-o_WXFEkEBMEFRA-WiPknUASOR7gXGzrKvAw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>>> Resources: >>>>> - http://web2py.com >>>>> - http://web2py.com/book (Documentation) >>>>> - http://github.com/web2py/web2py (Source code) >>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "web2py-users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/web2py/CADHCKLSOTzGdYe8UV7J%3DC4Pq_BU7ia61Z%2BHbJH2ryj%2BWTxS6ig%40mail.gmail.com >>>>> >>>>> <https://groups.google.com/d/msgid/web2py/CADHCKLSOTzGdYe8UV7J%3DC4Pq_BU7ia61Z%2BHbJH2ryj%2BWTxS6ig%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/web2py/CAEM0BxNOiKMR1W3F21v-2AWNB0RYDm%2B%2BQNGD1dn%2BTXXbhMMr9Q%40mail.gmail.com >>>> >>>> <https://groups.google.com/d/msgid/web2py/CAEM0BxNOiKMR1W3F21v-2AWNB0RYDm%2B%2BQNGD1dn%2BTXXbhMMr9Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/6f76562d-f893-4c3a-8082-707dd13d86c0%40googlegroups.com.
