I want to implement authorization mechanism to my python flask application. I want o manipulate authorization of groups, users and etc... in my application.
After reading through these pages about how to setup authorization through extension
1-https://auth0.com/docs/api-auth/grant/authorization-code
2-https://auth0.com/docs/quickstart/backend/python#add-api-authorization
I added this decorator which is shown in the second link above (interesting thing is that I realized 2nd links decorator has the same decorator names with the 00-Starter-Seed app. So 2nd links decorator does authorization and authentication at the same time ?
def requires_auth(f):
...
..
.
But when I tried to work that decorator, I am getting this error
{
"code": "Error decoding token headers.",
"description": "Invalid header. Use an RS256 signed JWT Access Token"
}
I doubted from maybe I understand the concept of implementing authorization in Auht0 wrong. So, what I understand from it is
1 - check needs to be made to determine whether the incoming request contains valid authorization information (jwt)
2- get access_token and use it in decorator
3-call the api to manipulate groups, users, etc, ... (things I want to do through api) OR use it as function decorator to make use that function only be called by admin
what is the point I am not seeing or understanding wrong ?
Thanks
I made it work. The outline that I followed are
created authorization extension
configured authorization extension API
grand access to auth0-authz(non-interactive client)
in our web app ask created another token for auth0-authz(non-interactive client) to consume API
verified token over urllib.urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
then made a successful API call with new token