Add user information, logout and session managment

Author: alexisluque

.gitignore

@@ -1 +1,5 @@
-.DS_Store
+.DS_Store
+*.iml
+.idea
+.env
+__pycache__

01-Login/.dockerignore

@@ -1,3 +1,4 @@
+.env
 .env.example
 .gitignore
 .git

01-Login/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3-alpine
+FROM python:3
 
 WORKDIR /home/app
 

01-Login/README.md

@@ -6,30 +6,41 @@ This sample demonstrates how to add authentication to a Python web app using Aut
 
 To run the sample, make sure you have `python`, `pip` installed.
 
-Rename `.env.example` to `.env` and populate it with the client ID, domain, secret, callback URL and audience for your Auth0 app. If you are not implementing any API you can use `https://YOUR_DOMAIN.auth0.com/userinfo` as the audience. Also, add the callback URL to the settings section of your Auth0 client.
+Rename `.env.example` to `.env` and populate it with the client ID, domain, secret, callback URL and audience for your
+Auth0 app. If you are not implementing any API you can use `https://YOUR_DOMAIN.auth0.com/userinfo` as the audience. 
+Also, add the callback URL to the settings section of your Auth0 client.
 
-Register `http://localhost:3000/callback` as `Allowed Callback URLs` and `http://localhost:3000` as `Allowed Logout URLs` in your app settings.
+Register `http://localhost:3000/callback` as `Allowed Callback URLs` and `http://localhost:3000` 
+as `Allowed Logout URLs` in your app settings.
 
-Run `pip install -r requirements.txt` to install the dependencies and run `python server.py`. The app will be served at [http://localhost:3000/](http://localhost:3000/).
+Run `pip install -r requirements.txt` to install the dependencies and run `python server.py`. 
+The app will be served at [http://localhost:3000/](http://localhost:3000/).
 
 # Running the App with Docker
 
 To run the sample, make sure you have `docker` installed.
 
-Rename `.env.example` to `.env` and populate it with the client ID, domain, secret, callback URL and audience for your Auth0 app. If you are not implementing any API you can use `https://YOUR_DOMAIN.auth0.com/userinfo` as the audience. Also, add the callback URL to the settings section of your Auth0 client.
+Rename `.env.example` to `.env` and populate it with the client ID, domain, secret, callback URL and audience for your
+Auth0 app. If you are not implementing any API you can use `https://YOUR_DOMAIN.auth0.com/userinfo` as the audience. 
+Also, add the callback URL to the settings section of your Auth0 client.
 
-Register `http://localhost:3000/callback` as `Allowed Callback URLs` and `http://localhost:3000` as `Allowed Logout URLs` in your app settings.
+Register `http://localhost:3000/callback` as `Allowed Callback URLs` and `http://localhost:3000` 
+as `Allowed Logout URLs` in your app settings.
 
-Run `sh exec.sh` to build and run the docker image in Linux or run `.\exec.ps1` to build and run the docker image on Windows.
+Run `sh exec.sh` to build and run the docker image in Linux or run `.\exec.ps1` to build 
+and run the docker image on Windows.
 
 ## What is Auth0?
 
 Auth0 helps you to:
 
-* Add authentication with [multiple authentication sources](https://docs.auth0.com/identityproviders), either social like **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, among others**, or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider**.
+* Add authentication with [multiple authentication sources](https://docs.auth0.com/identityproviders),
+either social like **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, among others**,or 
+enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider**.
 * Add authentication through more traditional **[username/password databases](https://docs.auth0.com/mysql-connection-tutorial)**.
 * Add support for **[linking different user accounts](https://docs.auth0.com/link-accounts)** with the same user.
-* Support for generating signed [JSON Web Tokens](https://docs.auth0.com/jwt) to call your APIs and **flow the user identity** securely.
+* Support for generating signed [JSON Web Tokens](https://docs.auth0.com/jwt) to call your APIs and
+**flow the user identity** securely.
 * Analytics of how, when and where users are logging in.
 * Pull data from other sources and add it to the user profile, through [JavaScript rules](https://docs.auth0.com/rules).
 
@@ -40,12 +51,14 @@ Auth0 helps you to:
 
 ## Issue Reporting
 
-If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+If you have found a bug or if you have a feature request, please report them at this repository issues section.
+Please do not report security vulnerabilities on the public GitHub issue tracker. 
+The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
 
 ## Author
 
 [Auth0](https://auth0.com)
 
 ## License
 
-This project is licensed under the MIT license. See the [LICENSE](https://opensource.org/licenses/MIT) file for more info.
+This project is licensed under the MIT license. See the [LICENSE](LICENCE) file for more info.

01-Login/constants.py

@@ -17,4 +17,5 @@
 PROFILE_KEY = 'profile'
 REDIRECT_URI_KEY = 'redirect_uri'
 SECRET_KEY = 'ThisIsTheSecretKey'
+JWT_PAYLOAD = 'jwt_payload'
 

01-Login/public/app.css

@@ -4,6 +4,9 @@ body {
   font-size: 300%;
   font-weight: 100;
 }
+pre {
+  text-align: left;
+}
 input[type=checkbox],
 input[type=radio] {
   position: absolute;

01-Login/requirements.txt

@@ -1,4 +1,5 @@
 flask
 python-dotenv
 requests
-flask-oauthlib
+flask-oauthlib
+python-jose

01-Login/server.py

@@ -1,19 +1,30 @@
 """Python Flask WebApp Auth0 integration example
 """
 from os import environ as env
+from jose import jwt
 from dotenv import load_dotenv, find_dotenv
+from six.moves.urllib.request import urlopen
 from flask import Flask
 from flask import render_template
 from flask import request
+from flask import session
+from flask import redirect
 from flask_oauthlib.client import OAuth
+from functools import wraps
+from six.moves.urllib.parse import urlencode
+from flask import url_for
+import json
 
 import constants
 
-load_dotenv(find_dotenv())
-AUTH0_CALLBACK_URL = env[constants.AUTH0_CALLBACK_URL]
-AUTH0_CLIENT_ID = env[constants.AUTH0_CLIENT_ID]
-AUTH0_CLIENT_SECRET = env[constants.AUTH0_CLIENT_SECRET]
-AUTH0_DOMAIN = env[constants.AUTH0_DOMAIN]
+ENV_FILE = find_dotenv()
+if ENV_FILE:
+    load_dotenv(ENV_FILE)
+
+AUTH0_CALLBACK_URL = env.get(constants.AUTH0_CALLBACK_URL)
+AUTH0_CLIENT_ID = env.get(constants.AUTH0_CLIENT_ID)
+AUTH0_CLIENT_SECRET = env.get(constants.AUTH0_CLIENT_SECRET)
+AUTH0_DOMAIN = env.get(constants.AUTH0_DOMAIN)
 AUTH0_AUDIENCE = env.get(constants.AUTH0_AUDIENCE)
 
 APP = Flask(__name__, static_url_path='/public', static_folder='./public')
@@ -37,6 +48,15 @@
 )
 
 
+def requires_auth(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        if constants.PROFILE_KEY not in session:
+            return redirect('/login')
+        return f(*args, **kwargs)
+    return decorated
+
+
 # Controllers API
 @APP.route('/')
 def home():
@@ -52,13 +72,42 @@ def callback_handling():
             request.args['error_description']
         ))
 
-    return render_template('dashboard.html')
+    # Obtain JWT and the keys to validate the signature
+    idToken = resp['id_token']
+    jwks = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
+
+    payload = jwt.decode(idToken, jwks.read(), algorithms=['RS256'], audience=AUTH0_CLIENT_ID, issuer="https://"+AUTH0_DOMAIN+"/")
+
+    session[constants.JWT_PAYLOAD] = payload
+
+    session[constants.PROFILE_KEY] = {
+        'user_id': payload['user_id'],
+        'email': payload['email'],
+        'picture': payload['picture']
+    }
+
+    return redirect('/dashboard')
 
 
 @APP.route('/login')
 def login():
     return auth0.authorize(callback=AUTH0_CALLBACK_URL)
 
 
+@APP.route('/logout')
+def logout():
+    session.clear()
+    params = {'returnTo': url_for('home', _external=True), 'client_id': AUTH0_CLIENT_ID}
+    return redirect(auth0.base_url + '/v2/logout?' + urlencode(params))
+
+
+@APP.route('/dashboard')
+@requires_auth
+def dashboard():
+    return render_template('dashboard.html',
+                           userinfo=session[constants.PROFILE_KEY],
+                           userinfo_pretty=json.dumps(session[constants.JWT_PAYLOAD], indent=4))
+
+
 if __name__ == "__main__":
     APP.run(host='0.0.0.0', port=env.get('PORT', 3000))

01-Login/templates/dashboard.html

@@ -10,10 +10,13 @@
     <body class="home">
         <div class="container">
             <div class="login-page clearfix">
-              <div class="logged-in-box auth0-box logged-in">
-                <h1 id="logo"><img src="//cdn.auth0.com/samples/auth0_logo_final_blue_RGB.png" /></h1>
-                <h2>Welcome, you are logged!</h2>
-              </div>
+                <div class="logged-in-box auth0-box logged-in">
+                    <h1 id="logo"><img src="//cdn.auth0.com/samples/auth0_logo_final_blue_RGB.png" /></h1>
+                    <img class="avatar" src="{{userinfo['picture']}}"/>
+                    <h2>Welcome {{userinfo['email']}}</h2>
+                    <pre>{{userinfo_pretty}}</pre>
+                    <a class="btn btn-primary btn-lg btn-logout btn-block" href="/logout">Logout</a>
+                </div>
             </div>
         </div>
     </body>