You need to change your okta tenant URLs and the client Id and Secret. I still points to my tenant :)
On Thu, Mar 12, 2020 at 3:05 PM Kevin Keller <keller...@gmail.com> wrote: > This goes into your db.py and you also need to install okta_jwt via pip. > > I still haven figured it out how to terminate the session in Okta and > Web2py at the same time > > The redirect in the logout terminates the okta session but not the web2py > one. > For that you need session.forget and session.renew but this commands being > in the model dont work, they only work in the controller. > So need to find a way to destroy the sessions in the models through some > sort of global variable or store the sessions in the DB retrieve them in > the model and detroy them there. > > > > On Thu, Mar 12, 2020 at 3:02 PM Kevin Keller <keller...@gmail.com> wrote: > >> Okta_CLIENT_ID='0xxxxx' >> Okta_CLIENT_SECRET="xxxxx" >> >> ## import required modules >> try: >> import json >> except ImportError: >> from gluon.contrib import simplejson as json >> from gluon.contrib.login_methods.oauth20_account import OAuthAccount >> >> >> ## extend the OAUthAccount class >> class OktaAccount(OAuthAccount): >> # """OAuth impl for FaceBook""" >> AUTH_URL="https://keller.okta.com/oauth2/default/v1/authorize" >> TOKEN_URL="https://keller.okta.com/oauth2/default/v1/token" >> >> def __init__(self): >> OAuthAccount.__init__(self, None, Okta_CLIENT_ID, Okta_CLIENT_SECRET, >> self.AUTH_URL, self.TOKEN_URL, >> scope='openid profile email', >> state="okta", >> display='popup') >> >> >> def get_user(self): >> if not self.accessToken(): >> return None >> #global token >> token= None >> token=self.accessToken() >> print (token) >> from okta_jwt.jwt import validate_token >> issuer="https://keller.okta.com/oauth2/default" >> audience="api://default" >> if token != None: >> profile=validate_token(token, issuer, audience, Okta_CLIENT_ID) >> #print (profile) >> if profile['sub']: >> >> username = profile['sub'] >> >> >> email = profile['sub'] >> else: >> self.session.token = None >> >> if profile['sub']: >> return dict(first_name = profile['firstname'], >> last_name = profile['lastname'], >> username = username, >> email = '%s' %(email)) >> >> >> def logout_new(self, next="/"): >> #self.session.token = None >> redirect('https://keller.okta.com/oauth2/default/v1/logout?id_token_hint= >> '+token+'&post_logout_redirect_uri='+' >> http://130.61.243.125:8000/OktaWF/default/index') >> session.renew(clear_session=True) >> session.forget(response) >> return next >> >> >> auth.settings.login_form=OktaAccount() >> >> On Wed, Mar 11, 2020 at 4:01 PM António Ramos <ramstei...@gmail.com> >> wrote: >> >>> Thank you Kevin , please share... >>> >>> >>> Em qua., 11 de mar. de 2020 às 14:53, Kevin Keller <keller...@gmail.com> >>> escreveu: >>> >>>> Looks nice enough, though it is missing an easy way to configure scopes >>>> and claims. >>>> >>>> It dont see it anywhere in their free account actually. >>>> >>>> I would probably rather advice to go with Auth0 or Okta. >>>> >>>> I work for Okta so that is why I have integrated web2py with Okta in a >>>> sample app. >>>> I can send you the configuration and they have a free edition too for >>>> 1000 users per month just like >>>> DID and you can easily configure claims and scopes. >>>> >>>> If you do not trust me on this go with Auth0, they can also help with >>>> claims and scopes and I think >>>> its free for 1000 users too, but Auth0 requires to do some scripting to >>>> configure your scopes on the Auth0 web client. >>>> >>>> So I think Okta is easier, but its just my 2 cents of course. >>>> >>>> >>>> >>>> >>>> On Wed, Mar 11, 2020 at 2:02 PM António Ramos <ramstei...@gmail.com> >>>> wrote: >>>> >>>>> DID <https://did.app/> is an Identity Provider, that authenticates >>>>> users by verifying access to either an email address or securely stored >>>>> private key. >>>>> >>>>> This gives users the ability to sign in with a single click without >>>>> being tracked by the social login providers. >>>>> >>>>> It gives developers the ability to offer a modern authentication >>>>> without having to handle validating signatures, recovering accounts from >>>>> lost devices or verifying user email addresses. >>>>> >>>>> >>>>> >>>>> https://did.app/ >>>>> >>>>> >>>>> regards >>>>> >>>>> -- >>>>> Resources: >>>>> - http://web2py.com >>>>> - http://web2py.com/book (Documentation) >>>>> - http://github.com/web2py/web2py (Source code) >>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "web2py-users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to web2py+unsubscr...@googlegroups.com. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/web2py/CAEM0BxO8Gv%2BcJY-o_WXFEkEBMEFRA-WiPknUASOR7gXGzrKvAw%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/web2py/CAEM0BxO8Gv%2BcJY-o_WXFEkEBMEFRA-WiPknUASOR7gXGzrKvAw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to web2py+unsubscr...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/web2py/CADHCKLSOTzGdYe8UV7J%3DC4Pq_BU7ia61Z%2BHbJH2ryj%2BWTxS6ig%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/web2py/CADHCKLSOTzGdYe8UV7J%3DC4Pq_BU7ia61Z%2BHbJH2ryj%2BWTxS6ig%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to web2py+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/web2py/CAEM0BxNOiKMR1W3F21v-2AWNB0RYDm%2B%2BQNGD1dn%2BTXXbhMMr9Q%40mail.gmail.com >>> <https://groups.google.com/d/msgid/web2py/CAEM0BxNOiKMR1W3F21v-2AWNB0RYDm%2B%2BQNGD1dn%2BTXXbhMMr9Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CADHCKLT0CMYmQFvzAtFvYWHUMAc-sZgOeEz5Zau0U3QiH-8DZQ%40mail.gmail.com.