Auth0 LOGIN URL 404 Not found

0
votes

Reposting from https://community.auth0.com/t/login-url-404-not-found/52181

Ive setup an auth0 app. I am trying to setup an auth webapp flow and code authorization flow as well;

I am following this article: https://auth0.com/docs/quickstart/webapp/django to implement Auth0 web app flow.

To implement backend code authorization flow im following: https://auth0.com/docs/quickstart/backend/django

Implementations are in this file: apps/auth_zero/auth0backend.py to write both the standard web app flow and the code authorization flow. which subroutes /login/auth0 as auth0/login/auth0; check the main app urls.

But I get 404 not found when i Press Login: Ive setup an auth0 app. I am trying to setup an auth webapp flow and code authorization flow as well;

I am following this article: https://auth0.com/docs/quickstart/webapp/django to implement Auth0 web app flow.

To implement backend code authorization flow im following: https://auth0.com/docs/quickstart/backend/django

Implementations are in this file: apps/auth_zero/auth0backend.py to write both the standard web app flow and the code authorization flow. which subroutes /login/auth0 as auth0/login/auth0; check the main app urls.

But I get 404 not found when i Press Login: enter image description here

I suspect something must be wrong in my settings;

The repo for ref is: https://github.com/Xcov19/covidX/tree/1777fe574c640c31db587e361c32758bc0c175d2/covidX

this is my middleware:

MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    # Map username from the Access Token payload to
    # Django authentication system
    "django.contrib.auth.middleware.RemoteUserMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
]

These are my backend and auth0 jwt configs:

# SOCIAL AUTH AUTH0 BACKEND CONFIG
SOCIAL_AUTH_TRAILING_SLASH = os.getenv("SOCIAL_AUTH_TRAILING_SLASH")
SOCIAL_AUTH_AUTH0_KEY = os.environ.get("SOCIAL_AUTH_AUTH0_KEY")
SOCIAL_AUTH_AUTH0_SECRET = os.environ.get("SOCIAL_AUTH_AUTH0_SECRET")
SOCIAL_AUTH_AUTH0_SCOPE = ["openid", "profile", "email"]
SOCIAL_AUTH_AUTH0_DOMAIN = os.environ.get("SOCIAL_AUTH_AUTH0_DOMAIN")
SOCIAL_AUTH_ACCESS_TOKEN_METHOD = os.getenv("ACCESS_TOKEN_METHOD")
JWT_AUDIENCE = os.getenv("JWT_AUDIENCE")

if AUDIENCE := (
    os.getenv("AUTH0_AUDIENCE") or f"https://{SOCIAL_AUTH_AUTH0_DOMAIN}/userinfo"
):
    SOCIAL_AUTH_AUTH0_AUTH_EXTRA_ARGUMENTS = {"audience": AUDIENCE}

# Set JWT_AUDIENCE to API identifier and the JWT_ISSUER to Auth0 domain
JWT_AUTH = {
    "JWT_PAYLOAD_GET_USERNAME_HANDLER": (
        "apps.auth_zero.auth0backend." "jwt_get_username_from_payload_handler"
    ),
    "JWT_DECODE_HANDLER": "apps.auth_zero.auth0backend.jwt_decode_token",
    "JWT_ALGORITHM": "RS256",
    "JWT_AUDIENCE": JWT_AUDIENCE,
    "JWT_ISSUER": "https://dev-mavl72j2.eu.auth0.com/",
    "JWT_AUTH_HEADER_PREFIX": "Bearer",
}

AUTHENTICATION_BACKENDS = {
    "apps.auth_zero.auth0backend.Auth0",
    "django.contrib.auth.backends.ModelBackend",
    "django.contrib.auth.backends.RemoteUserBackend",
    "guardian.backends.ObjectPermissionBackend",
}


LOGIN_URL = "/auth0/login/auth0"
LOGIN_REDIRECT_URL = "/"
AUTH_REDIRECT_URI = "/auth0/complete/auth0"

Im using drf, its settings are:

REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
    "DEFAULT_PERMISSION_CLASSES": [
        "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly",
        "rest_framework.permissions.AllowAny",
    ],
    "DEFAULT_AUTHENTICATION_CLASSES": (
        "rest_framework_jwt.authentication.JSONWebTokenAuthentication",
        "rest_framework.authentication.SessionAuthentication",
        "rest_framework.authentication.BasicAuthentication",
    ),
    "DEFAULT_RENDERER_CLASSES": [
        "rest_framework.renderers.BrowsableAPIRenderer",
        "rest_framework.renderers.JSONOpenAPIRenderer",
    ],
}
1
python-3.xdjangoauth0
I'm not sure why you're going through all the trouble to eliminate trailing slashes. Can't help but wonder if that's related to your problem. If you take all that stuff out and change your re_path to path('auth0/', ...), does it change anything? - Melvyn
@Melvyn either of the absolute path tried w/ or w/o shud work. previously it did. ive added drf authorization code and settings. I suspected that to be the issue. The OpenApi spec needs no trailiing slashes, thats why the re - user2290820
The OpenApi spec doesn't care about slashes, maybe the autogenerator you're using, but the spec itself does not. Note that it's just a documentation generator - if it makes things more complex (as it obviously does), then find another or fix it's broken behavior. Your urls will now match path segments that are missing a separator. For example: /auth0completeauth0 will route to the same as /auth0/complete/auth0 and any variation. But we're off-topic. - Melvyn
im gona give it a try @Melvyn and revert to u tomorrow - user2290820
@Melvyn the re path is to allow open api yaml path that i include in the openapi yaml file being submitted to google service proxy to accept the route path - user2290820

1 Answers

1
votes

Your problem is that you have an end-of-line marker in your re_path, so it won't match and delegate to the auth0 urls:

re_path(r"^auth0/?$", include("apps.auth_zero.urls")),

Does not match /auth0/something, only /auth0/ or /auth0. Loose the end of line marker.