DId.app auth is good for web2py apps ?

158 views
Skip to first unread message

António Ramos

unread,
Mar 11, 2020, 9:02:15 AM3/11/20
to web...@googlegroups.com

DID is an Identity Provider, that authenticates users by verifying access to either an email address or securely stored private key.

This gives users the ability to sign in with a single click without being tracked by the social login providers.

It gives developers the ability to offer a modern authentication without having to handle validating signatures, recovering accounts from lost devices or verifying user email addresses.



https://did.app/ 


regards 

Kevin Keller

unread,
Mar 11, 2020, 10:53:38 AM3/11/20
to web2py-users
Looks nice enough, though it is missing an easy way to configure scopes and claims. 

It dont see it anywhere in their free account actually. 

I would probably rather advice to go with Auth0 or Okta. 

I work for Okta so that is why I have integrated web2py with Okta in a sample app. 
I can send you the configuration and they have a free edition too for 1000 users per month just like 
DID and you can easily configure claims and scopes. 

If you do not trust me on this go with Auth0, they can also help with claims and scopes and I think 
its free for 1000 users too, but Auth0 requires to do some scripting to configure your scopes on the Auth0 web client. 

So I think Okta is easier, but its just my 2 cents of course. 




--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAEM0BxO8Gv%2BcJY-o_WXFEkEBMEFRA-WiPknUASOR7gXGzrKvAw%40mail.gmail.com.

António Ramos

unread,
Mar 11, 2020, 11:01:20 AM3/11/20
to web...@googlegroups.com
Thank you Kevin , please share...


To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CADHCKLSOTzGdYe8UV7J%3DC4Pq_BU7ia61Z%2BHbJH2ryj%2BWTxS6ig%40mail.gmail.com.

Kevin Keller

unread,
Mar 12, 2020, 10:03:11 AM3/12/20
to web2py-users
Okta_CLIENT_ID='0xxxxx'
Okta_CLIENT_SECRET="xxxxx"

## import required modules
try:
import json
except ImportError:
from gluon.contrib import simplejson as json
from gluon.contrib.login_methods.oauth20_account import OAuthAccount


## extend the OAUthAccount class
class OktaAccount(OAuthAccount):
# """OAuth impl for FaceBook"""

def __init__(self):
OAuthAccount.__init__(self, None, Okta_CLIENT_ID, Okta_CLIENT_SECRET,
self.AUTH_URL, self.TOKEN_URL,
scope='openid profile email',
state="okta",
display='popup')


def get_user(self):
if not self.accessToken():
return None
#global token
token= None
token=self.accessToken()
print (token)
from okta_jwt.jwt import validate_token
audience="api://default"
if token != None:
profile=validate_token(token, issuer, audience, Okta_CLIENT_ID)
#print (profile)
if profile['sub']:

username = profile['sub']


email = profile['sub']
else:
self.session.token = None

if profile['sub']:
return dict(first_name = profile['firstname'],
last_name = profile['lastname'],
username = username,
email = '%s' %(email))


def logout_new(self, next="/"):
#self.session.token = None
session.renew(clear_session=True)
session.forget(response)
return next


auth.settings.login_form=OktaAccount()

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAEM0BxNOiKMR1W3F21v-2AWNB0RYDm%2B%2BQNGD1dn%2BTXXbhMMr9Q%40mail.gmail.com.

Kevin Keller

unread,
Mar 12, 2020, 10:05:50 AM3/12/20
to web2py-users
This goes into your db.py and you also need to install okta_jwt via pip. 

I still haven figured it out how to terminate the session in Okta and Web2py at the same time

The redirect in the logout terminates the okta session but not the web2py one.
For that you need session.forget and session.renew but this commands being in the model dont work, they only work in the controller. 
So need to find a way to destroy the sessions in the models through some sort of global variable or store the sessions in the DB retrieve them in the model and detroy them there. 


Kevin Keller

unread,
Mar 13, 2020, 9:00:40 AM3/13/20
to web2py-users
You need to change your okta tenant URLs  and the client Id and Secret. 

I still points to my tenant :) 



Massimo Di Pierro

unread,
Mar 21, 2020, 3:00:02 AM3/21/20
to web2py-users
Did you get this to work. This is very valuable. I can help fix it during the week-end. Not going anywhere. ;-)
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages