I’m trying to integrate a login with a Bokeh (i.e. Tornado, Python) server.
As a starting point, I was trying to get this running:
But we’re using PKCE and I can’t find a Python example of that situation.
In case it isn’t obvious, Python is not my strong point.
Thanks.
Greg
Hi Greg, almost a year later! I’m doing the same thing. Did you ever get yours working?
Not so much that I got it working, but we brought on a Python developer who took care of it.
This is, more or less, the auth.py file we’re currently using.
import requests
import datetime
import tornado
from tornado.web import RequestHandler
EXPIRE_HOURS = 3 # session expired hours
auth_url = "https://{your_id}.okta.com/api/v1/authn"
users = {}
# could define get_user_async instead
def get_user(request_handler):
token = request_handler.get_cookie("token").strip('"')
if not token:
return None
if token in users:
expireAt = users[token]
if expireAt < datetime.datetime.utcnow():
del users[token]
return None
return token
return None
# could also define get_login_url function (but must give up LoginHandler)
login_url = "/login"
# optional login page for login_url
class LoginHandler(RequestHandler):
def get(self):
try:
errormessage = self.get_argument("error")
except Exception:
errormessage = ""
self.render("templates/login.html", errormessage=errormessage)
def check_permission(self, username, password):
body = {
"username": username,
"password": password,
"options": {
"multiOptionalFactorEnroll": False,
"warnBeforePasswordExpired": False
}
}
headers = {
"Accept": "application/json",
"Content-Type": "application/json"
}
res = requests.post(auth_url, json = body, headers = headers)
if res.json().get('status') == 'SUCCESS':
return True, res.json()['sessionToken']
return False, res.json()['errorSummary']
def post(self):
username = self.get_argument("username", "")
password = self.get_argument("password", "")
auth, token = self.check_permission(username, password)
if auth:
self.set_current_user(token)
self.redirect(self.get_argument("next", "/"))
else:
error_msg = "?error=" + tornado.escape.url_escape(token)
self.redirect(login_url + error_msg)
def set_current_user(self, token):
if token:
self.set_cookie("token", tornado.escape.json_encode(token))
users[token] = datetime.datetime.utcnow() + datetime.timedelta(hours=EXPIRE_HOURS)
print("set user :::::::::: ", users)
else:
self.clear_cookie("token")
# optional logout_url, available as curdoc().session_context.logout_url
logout_url = "/logout"
# optional logout handler for logout_url
class LogoutHandler(RequestHandler):
def get(self):
self.clear_cookie("token")
self.redirect(self.get_argument("next", "/"))
Amazing. Thanks for being so quick and helpful, Greg! I think you shaved a whole lot of trial-and-error off my project. 
Hi Greg, hope you can help me. I am having a TypeError: unhashable type: ‘dict’ when posting an application to a user with orgid.
body = {
{
“profile”: {
“orgId”: “johndoe@aaaaa.com”
}
}
}
responsePostApp = requests.post(f’{okta_url}/api/v1/apps/{appid}/users/{userid}', headers=headers, body=body, verify=False)
Im using python for the script and im having trouble with the unhashable error. Hope you can help me.
Sorry Christine, wish I could be more help here. We’re no longer using our Bokeh server, and our python developer who figured it out in the first place has move on.
Best of luck to you!
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.