fixes #589

Author: jph00

fasthtml/_modidx.py

@@ -131,7 +131,14 @@
                                   'fasthtml.jupyter.wait_port_free': ('api/jupyter.html#wait_port_free', 'fasthtml/jupyter.py'),
                                   'fasthtml.jupyter.ws_client': ('api/jupyter.html#ws_client', 'fasthtml/jupyter.py')},
             'fasthtml.live_reload': {},
-            'fasthtml.oauth': { 'fasthtml.oauth.DiscordAppClient': ('api/oauth.html#discordappclient', 'fasthtml/oauth.py'),
+            'fasthtml.oauth': { 'fasthtml.oauth.Auth0AppClient': ('api/oauth.html#auth0appclient', 'fasthtml/oauth.py'),
+                                'fasthtml.oauth.Auth0AppClient.__init__': ('api/oauth.html#auth0appclient.__init__', 'fasthtml/oauth.py'),
+                                'fasthtml.oauth.Auth0AppClient._fetch_openid_config': ( 'api/oauth.html#auth0appclient._fetch_openid_config',
+                                                                                        'fasthtml/oauth.py'),
+                                'fasthtml.oauth.Auth0AppClient.login_link': ( 'api/oauth.html#auth0appclient.login_link',
+                                                                              'fasthtml/oauth.py'),
+                                'fasthtml.oauth.Auth0AppClient.redir_url': ('api/oauth.html#auth0appclient.redir_url', 'fasthtml/oauth.py'),
+                                'fasthtml.oauth.DiscordAppClient': ('api/oauth.html#discordappclient', 'fasthtml/oauth.py'),
                                 'fasthtml.oauth.DiscordAppClient.__init__': ( 'api/oauth.html#discordappclient.__init__',
                                                                               'fasthtml/oauth.py'),
                                 'fasthtml.oauth.DiscordAppClient.login_link': ( 'api/oauth.html#discordappclient.login_link',

fasthtml/oauth.py

@@ -3,8 +3,8 @@
 # AUTOGENERATED! DO NOT EDIT! File to edit: ../nbs/api/08_oauth.ipynb.
 
 # %% auto 0
-__all__ = ['http_patterns', 'GoogleAppClient', 'GitHubAppClient', 'HuggingFaceClient', 'DiscordAppClient', 'redir_url',
-           'url_match', 'OAuth']
+__all__ = ['http_patterns', 'GoogleAppClient', 'GitHubAppClient', 'HuggingFaceClient', 'DiscordAppClient', 'Auth0AppClient',
+           'redir_url', 'url_match', 'OAuth']
 
 # %% ../nbs/api/08_oauth.ipynb
 from .common import *
@@ -14,6 +14,7 @@
 
 # %% ../nbs/api/08_oauth.ipynb
 class _AppClient(WebApplicationClient):
+    id_key = 'sub'
     def __init__(self, client_id, client_secret, code=None, scope=None, **kwargs):
         super().__init__(client_id, code=code, scope=scope, **kwargs)
         self.client_secret = client_secret
@@ -22,9 +23,8 @@ def __init__(self, client_id, client_secret, code=None, scope=None, **kwargs):
 class GoogleAppClient(_AppClient):
     "A `WebApplicationClient` for Google oauth2"
     base_url = "https://accounts.google.com/o/oauth2/v2/auth"
-    token_url = "https://www.googleapis.com/oauth2/v4/token"
-    info_url = "https://www.googleapis.com/oauth2/v3/userinfo"
-    id_key = 'sub'
+    token_url = "https://oauth2.googleapis.com/token"
+    info_url = "https://openidconnect.googleapis.com/v1/userinfo"
 
     def __init__(self, client_id, client_secret, code=None, scope=None, **kwargs):
         scope_pre = "https://www.googleapis.com/auth/userinfo"
@@ -39,8 +39,9 @@ def from_file(cls, fname, code=None, scope=None, **kwargs):
 # %% ../nbs/api/08_oauth.ipynb
 class GitHubAppClient(_AppClient):
     "A `WebApplicationClient` for GitHub oauth2"
-    base_url = "https://github.com/login/oauth/authorize"
-    token_url = "https://github.com/login/oauth/access_token"
+    prefix = "https://github.com/login/oauth/"
+    base_url = f"{prefix}authorize"
+    token_url = f"{prefix}access_token"
     info_url = "https://api.github.com/user"
     id_key = 'id'
 
@@ -50,11 +51,10 @@ def __init__(self, client_id, client_secret, code=None, scope=None, **kwargs):
 # %% ../nbs/api/08_oauth.ipynb
 class HuggingFaceClient(_AppClient):
     "A `WebApplicationClient` for HuggingFace oauth2"
-
-    base_url = "https://huggingface.co/oauth/authorize"
-    token_url = "https://huggingface.co/oauth/token"
-    info_url = "https://huggingface.co/oauth/userinfo"
-    id_key = 'sub'
+    prefix = "https://huggingface.co/oauth/"
+    base_url = f"{prefix}authorize"
+    token_url = f"{prefix}token"
+    info_url = f"{prefix}userinfo"
 
     def __init__(self, client_id, client_secret, code=None, scope=None, state=None, **kwargs):
         if not scope: scope=["openid","profile"]
@@ -87,6 +87,26 @@ def parse_response(self, code):
         r.raise_for_status()
         self.parse_request_body_response(r.text)
 
+# %% ../nbs/api/08_oauth.ipynb
+class Auth0AppClient(_AppClient):
+    "A `WebApplicationClient` for Auth0 OAuth2"
+    def __init__(self, domain, client_id, client_secret, code=None, scope=None, https=True, redirect_uri="", **kwargs):
+        self.redirect_uri,self.https,self.domain = redirect_uri,https,domain
+        config = self._fetch_openid_config()
+        self.base_url,self.token_url,self.info_url = config["authorization_endpoint"],config["token_endpoint"],config["userinfo_endpoint"]
+        super().__init__(client_id, client_secret, code=code, scope=scope, https=https, redirect_uri=redirect_uri, **kwargs)
+
+    def _fetch_openid_config(self):
+        r = httpx.get(f"https://{self.domain}/.well-known/openid-configuration")
+        r.raise_for_status()
+        return r.json()
+
+    def redir_url(self, req): return redir_url(req, self.redirect_uri, "https" if self.https else "http")
+
+    def login_link(self, req):
+        d = dict(response_type="code", client_id=self.client_id, scope=self.scope, redirect_uri=self.redir_url(req))
+        return f"{self.base_url}?{urlencode(d)}"
+
 # %% ../nbs/api/08_oauth.ipynb
 @patch
 def login_link(self:WebApplicationClient, redirect_uri, scope=None, state=None):
@@ -96,8 +116,9 @@ def login_link(self:WebApplicationClient, redirect_uri, scope=None, state=None):
     return self.prepare_request_uri(self.base_url, redirect_uri, scope, state=state)
 
 # %% ../nbs/api/08_oauth.ipynb
-def redir_url(request, redir_path, scheme='https'):
+def redir_url(request, redir_path, scheme=None):
     "Get the redir url for the host in `request`"
+    scheme = 'http' if request.url.hostname == 'localhost' else 'https'
     return f"{scheme}://{request.url.netloc}{redir_path}"
 
 # %% ../nbs/api/08_oauth.ipynb

nbs/api/08_oauth.ipynb

@@ -27,7 +27,7 @@
    "id": "507cd009",
    "metadata": {},
    "source": [
-    "This is not yet thoroughly tested. See the [docs page](https://docs.fastht.ml/explains/oauth.html) for an explanation of how to use this."
+    "See the [docs page](https://docs.fastht.ml/explains/oauth.html) for an explanation of how to use this."
    ]
   },
   {
@@ -63,6 +63,7 @@
    "source": [
     "#| export\n",
     "class _AppClient(WebApplicationClient):\n",
+    "    id_key = 'sub'\n",
     "    def __init__(self, client_id, client_secret, code=None, scope=None, **kwargs):\n",
     "        super().__init__(client_id, code=code, scope=scope, **kwargs)\n",
     "        self.client_secret = client_secret"
@@ -79,9 +80,8 @@
     "class GoogleAppClient(_AppClient):\n",
     "    \"A `WebApplicationClient` for Google oauth2\"\n",
     "    base_url = \"https://accounts.google.com/o/oauth2/v2/auth\"\n",
-    "    token_url = \"https://www.googleapis.com/oauth2/v4/token\"\n",
-    "    info_url = \"https://www.googleapis.com/oauth2/v3/userinfo\"\n",
-    "    id_key = 'sub'\n",
+    "    token_url = \"https://oauth2.googleapis.com/token\"\n",
+    "    info_url = \"https://openidconnect.googleapis.com/v1/userinfo\"\n",
     "    \n",
     "    def __init__(self, client_id, client_secret, code=None, scope=None, **kwargs):\n",
     "        scope_pre = \"https://www.googleapis.com/auth/userinfo\"\n",
@@ -104,8 +104,9 @@
     "#| export\n",
     "class GitHubAppClient(_AppClient):\n",
     "    \"A `WebApplicationClient` for GitHub oauth2\"\n",
-    "    base_url = \"https://github.com/login/oauth/authorize\"\n",
-    "    token_url = \"https://github.com/login/oauth/access_token\"\n",
+    "    prefix = \"https://github.com/login/oauth/\"\n",
+    "    base_url = f\"{prefix}authorize\"\n",
+    "    token_url = f\"{prefix}access_token\"\n",
     "    info_url = \"https://api.github.com/user\"\n",
     "    id_key = 'id'\n",
     "\n",
@@ -123,11 +124,10 @@
     "#| export\n",
     "class HuggingFaceClient(_AppClient):\n",
     "    \"A `WebApplicationClient` for HuggingFace oauth2\"\n",
-    "\n",
-    "    base_url = \"https://huggingface.co/oauth/authorize\"\n",
-    "    token_url = \"https://huggingface.co/oauth/token\"\n",
-    "    info_url = \"https://huggingface.co/oauth/userinfo\"\n",
-    "    id_key = 'sub'\n",
+    "    prefix = \"https://huggingface.co/oauth/\"\n",
+    "    base_url = f\"{prefix}authorize\"\n",
+    "    token_url = f\"{prefix}token\"\n",
+    "    info_url = f\"{prefix}userinfo\"\n",
     "    \n",
     "    def __init__(self, client_id, client_secret, code=None, scope=None, state=None, **kwargs):\n",
     "        if not scope: scope=[\"openid\",\"profile\"]\n",
@@ -169,14 +169,42 @@
     "        self.parse_request_body_response(r.text)"
    ]
   },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "29521d68",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "#| export\n",
+    "class Auth0AppClient(_AppClient):\n",
+    "    \"A `WebApplicationClient` for Auth0 OAuth2\"\n",
+    "    def __init__(self, domain, client_id, client_secret, code=None, scope=None, https=True, redirect_uri=\"\", **kwargs):\n",
+    "        self.redirect_uri,self.https,self.domain = redirect_uri,https,domain\n",
+    "        config = self._fetch_openid_config()\n",
+    "        self.base_url,self.token_url,self.info_url = config[\"authorization_endpoint\"],config[\"token_endpoint\"],config[\"userinfo_endpoint\"]\n",
+    "        super().__init__(client_id, client_secret, code=code, scope=scope, https=https, redirect_uri=redirect_uri, **kwargs)\n",
+    "\n",
+    "    def _fetch_openid_config(self):\n",
+    "        r = httpx.get(f\"https://{self.domain}/.well-known/openid-configuration\")\n",
+    "        r.raise_for_status()\n",
+    "        return r.json()\n",
+    "\n",
+    "    def redir_url(self, req): return redir_url(req, self.redirect_uri, \"https\" if self.https else \"http\")\n",
+    "\n",
+    "    def login_link(self, req):\n",
+    "        d = dict(response_type=\"code\", client_id=self.client_id, scope=self.scope, redirect_uri=self.redir_url(req))\n",
+    "        return f\"{self.base_url}?{urlencode(d)}\""
+   ]
+  },
   {
    "cell_type": "code",
    "execution_count": null,
    "id": "109bc501",
    "metadata": {},
    "outputs": [],
    "source": [
-    "cli = GoogleAppClient.from_file('/Users/jhoward/git/_nbs/oauth-test/client_secret.json')"
+    "cli = GoogleAppClient.from_file('/Users/jhoward/subs_aai/_nbs/oauth-test/client_secret.json')"
    ]
   },
   {
@@ -267,8 +295,9 @@
    "outputs": [],
    "source": [
     "#| export\n",
-    "def redir_url(request, redir_path, scheme='https'):\n",
+    "def redir_url(request, redir_path, scheme=None):\n",
     "    \"Get the redir url for the host in `request`\"\n",
+    "    scheme = 'http' if request.url.hostname == 'localhost' else 'https'\n",
     "    return f\"{scheme}://{request.url.netloc}{redir_path}\""
    ]
   },