You need to change your okta tenant URLs  and the client Id and Secret.

I still points to my tenant :)




On Thu, Mar 12, 2020 at 3:05 PM Kevin Keller <keller...@gmail.com> wrote:

> This goes into your db.py and you also need to install okta_jwt via pip.
>
> I still haven figured it out how to terminate the session in Okta and
> Web2py at the same time
>
> The redirect in the logout terminates the okta session but not the web2py
> one.
> For that you need session.forget and session.renew but this commands being
> in the model dont work, they only work in the controller.
> So need to find a way to destroy the sessions in the models through some
> sort of global variable or store the sessions in the DB retrieve them in
> the model and detroy them there.
>
>
>
> On Thu, Mar 12, 2020 at 3:02 PM Kevin Keller <keller...@gmail.com> wrote:
>
>> Okta_CLIENT_ID='0xxxxx'
>> Okta_CLIENT_SECRET="xxxxx"
>>
>> ## import required modules
>> try:
>> import json
>> except ImportError:
>> from gluon.contrib import simplejson as json
>> from gluon.contrib.login_methods.oauth20_account import OAuthAccount
>>
>>
>> ## extend the OAUthAccount class
>> class OktaAccount(OAuthAccount):
>> # """OAuth impl for FaceBook"""
>> AUTH_URL="https://keller.okta.com/oauth2/default/v1/authorize";
>> TOKEN_URL="https://keller.okta.com/oauth2/default/v1/token";
>>
>> def __init__(self):
>> OAuthAccount.__init__(self, None, Okta_CLIENT_ID, Okta_CLIENT_SECRET,
>> self.AUTH_URL, self.TOKEN_URL,
>> scope='openid profile email',
>> state="okta",
>> display='popup')
>>
>>
>> def get_user(self):
>> if not self.accessToken():
>> return None
>> #global token
>> token= None
>> token=self.accessToken()
>> print (token)
>> from okta_jwt.jwt import validate_token
>> issuer="https://keller.okta.com/oauth2/default";
>> audience="api://default"
>> if token != None:
>> profile=validate_token(token, issuer, audience, Okta_CLIENT_ID)
>> #print (profile)
>> if profile['sub']:
>>
>> username = profile['sub']
>>
>>
>> email = profile['sub']
>> else:
>> self.session.token = None
>>
>> if profile['sub']:
>> return dict(first_name = profile['firstname'],
>> last_name = profile['lastname'],
>> username = username,
>> email = '%s' %(email))
>>
>>
>> def logout_new(self, next="/"):
>> #self.session.token = None
>> redirect('https://keller.okta.com/oauth2/default/v1/logout?id_token_hint=
>> '+token+'&post_logout_redirect_uri='+'
>> http://130.61.243.125:8000/OktaWF/default/index')
>> session.renew(clear_session=True)
>> session.forget(response)
>> return next
>>
>>
>> auth.settings.login_form=OktaAccount()
>>
>> On Wed, Mar 11, 2020 at 4:01 PM António Ramos <ramstei...@gmail.com>
>> wrote:
>>
>>> Thank you Kevin , please share...
>>>
>>>
>>> Em qua., 11 de mar. de 2020 às 14:53, Kevin Keller <keller...@gmail.com>
>>> escreveu:
>>>
>>>> Looks nice enough, though it is missing an easy way to configure scopes
>>>> and claims.
>>>>
>>>> It dont see it anywhere in their free account actually.
>>>>
>>>> I would probably rather advice to go with Auth0 or Okta.
>>>>
>>>> I work for Okta so that is why I have integrated web2py with Okta in a
>>>> sample app.
>>>> I can send you the configuration and they have a free edition too for
>>>> 1000 users per month just like
>>>> DID and you can easily configure claims and scopes.
>>>>
>>>> If you do not trust me on this go with Auth0, they can also help with
>>>> claims and scopes and I think
>>>> its free for 1000 users too, but Auth0 requires to do some scripting to
>>>> configure your scopes on the Auth0 web client.
>>>>
>>>> So I think Okta is easier, but its just my 2 cents of course.
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Mar 11, 2020 at 2:02 PM António Ramos <ramstei...@gmail.com>
>>>> wrote:
>>>>
>>>>> DID <https://did.app/> is an Identity Provider, that authenticates
>>>>> users by verifying access to either an email address or securely stored
>>>>> private key.
>>>>>
>>>>> This gives users the ability to sign in with a single click without
>>>>> being tracked by the social login providers.
>>>>>
>>>>> It gives developers the ability to offer a modern authentication
>>>>> without having to handle validating signatures, recovering accounts from
>>>>> lost devices or verifying user email addresses.
>>>>>
>>>>>
>>>>>
>>>>> https://did.app/
>>>>>
>>>>>
>>>>> regards
>>>>>
>>>>> --
>>>>> Resources:
>>>>> - http://web2py.com
>>>>> - http://web2py.com/book (Documentation)
>>>>> - http://github.com/web2py/web2py (Source code)
>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>>>> ---
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "web2py-users" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to web2py+unsubscr...@googlegroups.com.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/web2py/CAEM0BxO8Gv%2BcJY-o_WXFEkEBMEFRA-WiPknUASOR7gXGzrKvAw%40mail.gmail.com
>>>>> <https://groups.google.com/d/msgid/web2py/CAEM0BxO8Gv%2BcJY-o_WXFEkEBMEFRA-WiPknUASOR7gXGzrKvAw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>> --
>>>> Resources:
>>>> - http://web2py.com
>>>> - http://web2py.com/book (Documentation)
>>>> - http://github.com/web2py/web2py (Source code)
>>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "web2py-users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to web2py+unsubscr...@googlegroups.com.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/web2py/CADHCKLSOTzGdYe8UV7J%3DC4Pq_BU7ia61Z%2BHbJH2ryj%2BWTxS6ig%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/web2py/CADHCKLSOTzGdYe8UV7J%3DC4Pq_BU7ia61Z%2BHbJH2ryj%2BWTxS6ig%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to web2py+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/web2py/CAEM0BxNOiKMR1W3F21v-2AWNB0RYDm%2B%2BQNGD1dn%2BTXXbhMMr9Q%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/web2py/CAEM0BxNOiKMR1W3F21v-2AWNB0RYDm%2B%2BQNGD1dn%2BTXXbhMMr9Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/web2py/CADHCKLT0CMYmQFvzAtFvYWHUMAc-sZgOeEz5Zau0U3QiH-8DZQ%40mail.gmail.com.

Reply via email to