This goes into your db.py and you also need to install okta_jwt via pip. I still haven figured it out how to terminate the session in Okta and Web2py at the same time
The redirect in the logout terminates the okta session but not the web2py one. For that you need session.forget and session.renew but this commands being in the model dont work, they only work in the controller. So need to find a way to destroy the sessions in the models through some sort of global variable or store the sessions in the DB retrieve them in the model and detroy them there. On Thu, Mar 12, 2020 at 3:02 PM Kevin Keller <keller...@gmail.com> wrote: > Okta_CLIENT_ID='0xxxxx' > Okta_CLIENT_SECRET="xxxxx" > > ## import required modules > try: > import json > except ImportError: > from gluon.contrib import simplejson as json > from gluon.contrib.login_methods.oauth20_account import OAuthAccount > > > ## extend the OAUthAccount class > class OktaAccount(OAuthAccount): > # """OAuth impl for FaceBook""" > AUTH_URL="https://keller.okta.com/oauth2/default/v1/authorize"; > TOKEN_URL="https://keller.okta.com/oauth2/default/v1/token"; > > def __init__(self): > OAuthAccount.__init__(self, None, Okta_CLIENT_ID, Okta_CLIENT_SECRET, > self.AUTH_URL, self.TOKEN_URL, > scope='openid profile email', > state="okta", > display='popup') > > > def get_user(self): > if not self.accessToken(): > return None > #global token > token= None > token=self.accessToken() > print (token) > from okta_jwt.jwt import validate_token > issuer="https://keller.okta.com/oauth2/default"; > audience="api://default" > if token != None: > profile=validate_token(token, issuer, audience, Okta_CLIENT_ID) > #print (profile) > if profile['sub']: > > username = profile['sub'] > > > email = profile['sub'] > else: > self.session.token = None > > if profile['sub']: > return dict(first_name = profile['firstname'], > last_name = profile['lastname'], > username = username, > email = '%s' %(email)) > > > def logout_new(self, next="/"): > #self.session.token = None > redirect('https://keller.okta.com/oauth2/default/v1/logout?id_token_hint=' > +token+'&post_logout_redirect_uri='+' > http://130.61.243.125:8000/OktaWF/default/index') > session.renew(clear_session=True) > session.forget(response) > return next > > > auth.settings.login_form=OktaAccount() > > On Wed, Mar 11, 2020 at 4:01 PM António Ramos <ramstei...@gmail.com> > wrote: > >> Thank you Kevin , please share... >> >> >> Em qua., 11 de mar. de 2020 às 14:53, Kevin Keller <keller...@gmail.com> >> escreveu: >> >>> Looks nice enough, though it is missing an easy way to configure scopes >>> and claims. >>> >>> It dont see it anywhere in their free account actually. >>> >>> I would probably rather advice to go with Auth0 or Okta. >>> >>> I work for Okta so that is why I have integrated web2py with Okta in a >>> sample app. >>> I can send you the configuration and they have a free edition too for >>> 1000 users per month just like >>> DID and you can easily configure claims and scopes. >>> >>> If you do not trust me on this go with Auth0, they can also help with >>> claims and scopes and I think >>> its free for 1000 users too, but Auth0 requires to do some scripting to >>> configure your scopes on the Auth0 web client. >>> >>> So I think Okta is easier, but its just my 2 cents of course. >>> >>> >>> >>> >>> On Wed, Mar 11, 2020 at 2:02 PM António Ramos <ramstei...@gmail.com> >>> wrote: >>> >>>> DID <https://did.app/> is an Identity Provider, that authenticates >>>> users by verifying access to either an email address or securely stored >>>> private key. >>>> >>>> This gives users the ability to sign in with a single click without >>>> being tracked by the social login providers. >>>> >>>> It gives developers the ability to offer a modern authentication >>>> without having to handle validating signatures, recovering accounts from >>>> lost devices or verifying user email addresses. >>>> >>>> >>>> >>>> https://did.app/ >>>> >>>> >>>> regards >>>> >>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to web2py+unsubscr...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/web2py/CAEM0BxO8Gv%2BcJY-o_WXFEkEBMEFRA-WiPknUASOR7gXGzrKvAw%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/web2py/CAEM0BxO8Gv%2BcJY-o_WXFEkEBMEFRA-WiPknUASOR7gXGzrKvAw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to web2py+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/web2py/CADHCKLSOTzGdYe8UV7J%3DC4Pq_BU7ia61Z%2BHbJH2ryj%2BWTxS6ig%40mail.gmail.com >>> <https://groups.google.com/d/msgid/web2py/CADHCKLSOTzGdYe8UV7J%3DC4Pq_BU7ia61Z%2BHbJH2ryj%2BWTxS6ig%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/web2py/CAEM0BxNOiKMR1W3F21v-2AWNB0RYDm%2B%2BQNGD1dn%2BTXXbhMMr9Q%40mail.gmail.com >> <https://groups.google.com/d/msgid/web2py/CAEM0BxNOiKMR1W3F21v-2AWNB0RYDm%2B%2BQNGD1dn%2BTXXbhMMr9Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CADHCKLQoWOJMPgoBvpB1c8f2VRkGg4MwyvFuOJy6cFfdctL0nQ%40mail.gmail.com.
