Python flask - cannot validate acess token

loop12 · February 4, 2022, 4:18pm

Hi,

I am trying to implement OKTA auth for my python flask web app.
I based my work upon the following code https://github.com/okta/samples-python-flask/tree/master/okta-hosted-login

For the moment, all the flow is good until the callback.
The callback fails because the access token is invalid. It seems the token can’t be validated…

Any idea ? Any resources ?

I see that Okta org as authorization server requires something different but I was not able to find any outstanding documentation.

Thanks for the help

mraible · February 4, 2022, 4:31pm

I believe you need API access management enabled on your org for this to work.

loop12 · February 4, 2022, 4:41pm

Hi @mraible

Thank you very much for you quick reply!
I need to tell a third party to configure the okta part.
Where is this setting located ?
Security > API > ?

For the moment I was only provided with the basic information needed here

github.com

okta/samples-python-flask/blob/master/okta-hosted-login/client_secrets.json.dist

{
  "auth_uri": "https://{{OKTA_DOMAIN}}/oauth2/default/v1/authorize",
  "client_id": "{{CLIENT_ID}}",
  "client_secret": "{{CLIENT_SECRET}}",
  "redirect_uri": "http://localhost:8080/authorization-code/callback",
  "issuer": "https://{{OKTA_DOMAIN}}/oauth2/default",
  "token_uri": "https://{{OKTA_DOMAIN}}/oauth2/default/v1/token",
  "userinfo_uri": "https://{{OKTA_DOMAIN}}/oauth2/default/v1/userinfo"
}

Thanks again!

mraible · February 4, 2022, 4:55pm

Do you have a “default” authorization server listed at Security > API? If so, things should work.

If you don’t, sign up for a developer account at developer.okta.com/signup and you’ll get one for free.

loop12 · February 4, 2022, 5:17pm

I am integrating into an already existing Okta setup, so I don’t manage the config.
I have a dev account for test, I’ll try that again.

loop12 · February 4, 2022, 5:37pm

So I tried again with my dev account.
I get the same error “Access Token is invalid”…

I have the default authorization server.

I have an app declared in “Applications”.
One thing @mraible , do I need specific permission granted to the token ?

loop12 · February 4, 2022, 6:10pm

Logs show successful auth, but application fails to process the access token for some reason…

    if not is_access_token_valid(access_token, config["issuer"]):
        return "Access token is invalid", 403

def is_access_token_valid(token, issuer):
    jwt_verifier = AccessTokenVerifier(issuer=issuer, audience='api://default')
    try:
        loop.run_until_complete(jwt_verifier.verify(token))
        return True
    except Exception:
        return False

mraible · February 4, 2022, 6:41pm

We created a new sample this week that’s a little easier to get started with. Fastest way to get started with it:

Install the Okta CLI
Run okta login to associate your org, then okta start flask

You can also download the repo and configure it manually:

git clone https://github.com/okta-samples/okta-flask-sample.git

Put your settings in okta-flask-sample/.okta.dev. If you use the CLI, it’ll do this for you.

loop12 · February 4, 2022, 9:35pm

Thank you for prompt support @mraible !
It is working now, the code is validated and it is more straightforward.

Thanks for pointing me towards this new repo.

system · February 5, 2022, 9:36pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
How to validate api call with okta service in flask api which is acting as backend OAuth/OIDC	6	4533	February 13, 2024
Python Generate a Token with a Code Questions	3	7115	January 24, 2024
Flask Support Update Questions	2	2998	April 15, 2021
Ouath 2 /token endpoint return invalid_credentials OAuth/OIDC	2	1266	February 2, 2024
The access token is invalid Questions	5	6995	April 16, 2020

Python flask - cannot validate acess token

Related Topics