Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 19 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ pip install auth0-server-python
If you’re using Poetry:

```shell
poetry install auth0-server-python
poetry add auth0-server-python
```

### 2. Create the Auth0 SDK client
Expand All @@ -39,8 +39,8 @@ auth0 = ServerClient(
client_id='<AUTH0_CLIENT_ID>',
client_secret='<AUTH0_CLIENT_SECRET>',
secret='<AUTH0_SECRET>',
authorization_params= {
redirect_uri: '<AUTH0_REDIRECT_URI>',
authorization_params={
"redirect_uri": '<AUTH0_REDIRECT_URI>',
}
)
```
Expand Down Expand Up @@ -82,8 +82,10 @@ app = FastAPI()


@app.get("/auth/login")
async def login(request: Request):
authorization_url = await auth0.start_interactive_login()
async def login(request: Request, response: Response):
authorization_url = await auth0.start_interactive_login(
store_options={"request": request, "response": response}
)
return RedirectResponse(url=authorization_url)
```

Expand All @@ -98,8 +100,11 @@ Here is an example of what this would look like in FastAPI, with `redirect_uri`

```python
@app.get("/auth/callback")
async def callback(request: Request):
result = await auth0.complete_interactive_login(str(request.url))
async def callback(request: Request, response: Response):
result = await auth0.complete_interactive_login(
str(request.url),
store_options={"request": request, "response": response}
)
# Store session or set cookies as needed
return RedirectResponse(url="/")
```
Expand Down Expand Up @@ -216,3 +221,10 @@ Please do not report security vulnerabilities on the public GitHub issue tracker
<p align="center">
This project is licensed under the MIT license. See the <a href="https://github.com/auth0/auth0-server-python/blob/main/LICENSE"> LICENSE</a> file for more info.
</p>

<!-- TODO: add usage example for logout -->
<!-- TODO: add usage example for get_token_by_refresh_token -->
<!-- TODO: add usage example for get_token_for_connection -->
<!-- TODO: add usage example for backchannel_authentication -->
<!-- TODO: add usage example for initiate_backchannel_authentication -->
<!-- TODO: add usage example for backchannel_authentication_grant -->
13 changes: 9 additions & 4 deletions examples/ConfigureStore.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,12 @@ When you **start** or **complete** an Auth0 flow, you can pass a `store_options`

```python
store_options = {"request": request, "response": response}
await auth_client.start_login(app_state={"return_to": "/profile"}, store_options=store_options)
from auth0_server_python.auth_types import StartInteractiveLoginOptions

await server_client.start_interactive_login(
StartInteractiveLoginOptions(app_state={"return_to": "/profile"}),
store_options=store_options
)
```
## 2.Stateless Store (All Data in Cookies)
### When to Use It
Expand Down Expand Up @@ -84,7 +89,7 @@ When users log in:
@app.get("/auth/login")
async def login(request: Request, response: Response):
store_options = {"request": request, "response": response}
redirect_url = await request.app.state.auth_client.start_login(
redirect_url = await request.app.state.auth_client.start_interactive_login(
store_options=store_options
)
return RedirectResponse(url=redirect_url)
Expand Down Expand Up @@ -395,7 +400,7 @@ Often you need `request` and `response` objects to set or clear cookies. In your
@app.get("/auth/login")
async def login(request: Request, response: Response):
store_options = {"request": request, "response": response}
auth_url = await auth_client.start_login(
auth_url = await auth_client.start_interactive_login(
store_options=store_options
)
return RedirectResponse(auth_url)
Expand All @@ -405,7 +410,7 @@ Likewise for logout or completing the login callback:
@app.get("/auth/callback")
async def callback(request: Request, response: Response):
store_options = {"request": request, "response": response}
session_data = await auth_client.complete_login(
session_data = await auth_client.complete_interactive_login(
str(request.url),
store_options=store_options
)
Expand Down
63 changes: 36 additions & 27 deletions examples/InteractiveLogin.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ This guide covers how to customize the authorization parameters, pass custom app
Interactive login begins by configuring a redirect_uri—the URL Auth0 will use to send the user back after authentication. For example, when instantiating your core `ServerClient`:

```python
from auth_server.server_client import ServerClient
from auth0_server_python.auth_server.server_client import ServerClient

server_client = ServerClient(
domain="YOUR_AUTH0_DOMAIN",
Expand Down Expand Up @@ -50,13 +50,17 @@ server_client = ServerClient(
### Dynamic Configuration Per Call
You can also override or add parameters when calling `start_interactive_login()`:
```python
authorization_url = await server_client.start_interactive_login({
"authorization_params": {
"scope": "openid profile email",
"audience": "urn:custom:api",
"foo": "bar" # arbitrary custom parameter
}
})
from auth0_server_python.auth_types import StartInteractiveLoginOptions

authorization_url = await server_client.start_interactive_login(
StartInteractiveLoginOptions(
authorization_params={
"scope": "openid profile email",
"audience": "urn:custom:api",
"foo": "bar" # arbitrary custom parameter
}
)
)
```
> [!NOTE]
> Any parameter specified here will override the corresponding global configuration.
Expand All @@ -67,9 +71,11 @@ The `app_state` parameter allows you to pass custom state (for example, a return

```python
# Start interactive login with custom app state:
authorize_url = await server_client.start_interactive_login({
"app_state": {"returnTo": "http://localhost:3000/dashboard"}
})
from auth0_server_python.auth_types import StartInteractiveLoginOptions

authorize_url = await server_client.start_interactive_login(
StartInteractiveLoginOptions(app_state={"returnTo": "http://localhost:3000/dashboard"})
)

# Later, after completing login:
result = await server_client.complete_interactive_login(callback_url)
Expand All @@ -84,9 +90,11 @@ print(result.get("app_state").get("returnTo")) # Should output: http://localhos
To enable PAR, simply set the flag in your interactive login options. When enabled, the SDK will send an HTTP POST request with the authorization parameters to the PAR endpoint (retrieved from OIDC metadata) and use the returned `request_uri` to build the final authorization URL.
```python
# Enable PAR dynamically for a login call:
authorization_url = await server_client.start_interactive_login({
"pushed_authorization_requests": True
})
from auth0_server_python.auth_types import StartInteractiveLoginOptions

authorization_url = await server_client.start_interactive_login(
StartInteractiveLoginOptions(pushed_authorization_requests=True)
)
```
>[!IMPORTANT]
> Using PAR requires that your Auth0 tenant is configured to support it. Refer to Auth0's documentation for details.
Expand All @@ -97,21 +105,22 @@ When using PAR, you can also supply Rich Authorization Request details by includ
```python
import json

authorization_url = await server_client.start_interactive_login({
"pushed_authorization_requests": True,
"authorization_params": {
"authorization_details": json.dumps([{
"type": "your_type",
"additional_field": "value"
}])
}
})
from auth0_server_python.auth_types import StartInteractiveLoginOptions

authorization_url = await server_client.start_interactive_login(
StartInteractiveLoginOptions(
pushed_authorization_requests=True,
authorization_params={
"authorization_details": json.dumps([{
"type": "your_type",
"additional_field": "value"
}])
}
)
)
```
After completing the interactive login, the SDK will expose the `authorization_details` in the result:
```python
import json

authorization_url = await server_client.start_interactive_login({
result = await server_client.complete_interactive_login(callback_url)
print(result.get("authorization_details"))
```
Expand All @@ -122,7 +131,7 @@ print(result.get("authorization_details"))
Most methods in the SDK accept a second argument called `store_options`. This dictionary should include the HTTP Request and Response objects (or equivalent) that the store uses to manage cookies and session data.
```python
store_options = {"request": request, "response": response}
authorization_url = await server_client.start_interactive_login({}, store_options=store_options)
authorization_url = await server_client.start_interactive_login(store_options=store_options)
```
This enables the SDK to correctly read and set cookies for session management.

Expand Down
6 changes: 3 additions & 3 deletions examples/RetrievingData.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
The SDK's `get_user()` can be used to retrieve the current logged-in user:

```python
user = await serverClient.get_user();
user = await server_client.get_user()
```

### Passing Store Options
Expand All @@ -27,7 +27,7 @@ Read more above in [Configuring the Store](./ConfigureStore.md).
The SDK's `get_session()` can be used to retrieve the current session data:

```python
session = await serverClient.get_session();
session = await server_client.get_session()
```

### Passing Store Options
Expand Down Expand Up @@ -244,7 +244,7 @@ access_token_for_google = await server_client.get_access_token_for_connection(co
```

- `connection`: The connection for which an access token should be retrieved, e.g. `google-oauth2` for Google.
- `loginHint`: Optional login hint to inform which connection account to use, can be useful when multiple accounts for the connection exist for the same user.
- `login_hint`: Optional login hint to inform which connection account to use, can be useful when multiple accounts for the connection exist for the same user.

The SDK will cache the token internally, and return it from the cache when not expired. When no token is found in the cache, or the token is expired, calling `get_access_token_for_connection()` will call Auth0 to retrieve a new token and update the cache.

Expand Down
Loading