This repository has been archived by the owner on Apr 28, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth0.py
111 lines (78 loc) · 3.52 KB
/
auth0.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
"""
Custom Authenticator to use Auth0 OAuth with JupyterHub
Derived using the Github and Google OAuthenticator implementations as examples.
The following environment variables may be used for configuration:
AUTH0_SUBDOMAIN - The subdomain for your Auth0 account
OAUTH_CLIENT_ID - Your client id
OAUTH_CLIENT_SECRET - Your client secret
OAUTH_CALLBACK_URL - Your callback handler URL
Additionally, if you are concerned about your secrets being exposed by
an env dump(I know I am!) you can set the client_secret, client_id and
oauth_callback_url directly on the config for Auth0OAuthenticator.
One instance of this could be adding the following to your jupyterhub_config.py :
c.Auth0OAuthenticator.client_id = 'YOUR_CLIENT_ID'
c.Auth0OAuthenticator.client_secret = 'YOUR_CLIENT_SECRET'
c.Auth0OAuthenticator.oauth_callback_url = 'YOUR_CALLBACK_URL'
If you are using the environment variable config, all you should need to
do is define them in the environment then add the following line to
jupyterhub_config.py :
c.JupyterHub.authenticator_class = 'oauthenticator.auth0.Auth0OAuthenticator'
"""
import json
import os
from tornado.auth import OAuth2Mixin
from tornado import gen, web
from tornado.httpclient import HTTPRequest, AsyncHTTPClient
from jupyterhub.auth import LocalAuthenticator
from .oauth2 import OAuthLoginHandler, OAuthenticator
AUTH0_SUBDOMAIN = os.getenv('AUTH0_SUBDOMAIN')
class Auth0Mixin(OAuth2Mixin):
_OAUTH_AUTHORIZE_URL = "https://%s.auth0.com/authorize" % AUTH0_SUBDOMAIN
_OAUTH_ACCESS_TOKEN_URL = "https://%s.auth0.com/oauth/token" % AUTH0_SUBDOMAIN
class Auth0LoginHandler(OAuthLoginHandler, Auth0Mixin):
pass
class Auth0OAuthenticator(OAuthenticator):
login_service = "Auth0"
login_handler = Auth0LoginHandler
@gen.coroutine
def authenticate(self, handler, data=None):
code = handler.get_argument("code")
# TODO: Configure the curl_httpclient for tornado
http_client = AsyncHTTPClient()
params = {
'grant_type': 'authorization_code',
'client_id': self.client_id,
'client_secret': self.client_secret,
'code':code,
'redirect_uri': self.get_callback_url(handler)
}
url = "https://%s.auth0.com/oauth/token" % AUTH0_SUBDOMAIN
req = HTTPRequest(url,
method="POST",
headers={"Content-Type": "application/json"},
body=json.dumps(params)
)
resp = yield http_client.fetch(req)
resp_json = json.loads(resp.body.decode('utf8', 'replace'))
access_token = resp_json['access_token']
# Determine who the logged in user is
headers={"Accept": "application/json",
"User-Agent": "JupyterHub",
"Authorization": "Bearer {}".format(access_token)
}
req = HTTPRequest("https://%s.auth0.com/userinfo" % AUTH0_SUBDOMAIN,
method="GET",
headers=headers
)
resp = yield http_client.fetch(req)
resp_json = json.loads(resp.body.decode('utf8', 'replace'))
return {
'name': resp_json["email"],
'auth_state': {
'access_token': access_token,
'auth0_user': resp_json,
}
}
class LocalAuth0OAuthenticator(LocalAuthenticator, Auth0OAuthenticator):
"""A version that mixes in local system user creation"""
pass