Closed wdesouza closed 7 years ago
Thanks @Welliton309 for putting together such a detailed set of instructions! Auth0 was in the process of testing the API based non-interactive clients features and I haven't tried them out.
The AUTH0_AUTHORIZED_EMAILS
are email addresses that you have authorized to access data in the server. You can set up Google OIDC, but you don't want any Google user to be able to log in, so you add only the authorized emails to that list.
It sounds a bit like that is what is going wrong, the callback code does looks well formed, but you're being redirected to the /login
with a code. If the request is authorized the callback session gets redirected to printing out the login code. https://github.com/ga4gh/server/blob/master/ga4gh/server/auth/__init__.py#L156
Are you trying to log in using an email in the authorized users list? The returned information about the email used to perform the login attempt has to match what is in the local configuration.
I have used the same email. I tested again and it worked! I don't known what happened. I got the API Token web page. The link to landing page worked very well 😄
The Apache access log:
192.168.0.6 - - [14/Feb/2017:04:05:43 -0800] "GET / HTTP/1.1" 200 409 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
192.168.0.6 - - [14/Feb/2017:04:05:53 -0800] "GET /login HTTP/1.1" 200 575 "http://192.168.0.8/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
192.168.0.6 - - [14/Feb/2017:04:06:05 -0800] "GET /callback?code=fK6iNjbADATr340s HTTP/1.1" 302 1528 "http://192.168.0.8/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
192.168.0.6 - - [14/Feb/2017:04:06:07 -0800] "GET /login?code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6IndlbGwzMDlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImlzcyI6Imh0dHBzOi8vd2VsbGl0b24uYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDU4OWRmMjVlMjQ0Y2NiNzRmODlmMmI4YiIsImF1ZCI6ImV3Y1RybHlQVlhPS2dWMmM2VE1WMWkwdmxOaXdUekJOIiwiZXhwIjoxNDg3MTA5OTY2LCJpYXQiOjE0ODcwNzM5NjZ9.xe9x6wB7HBZXCUByiLaGkU6tNrsep335lYmQNOs4_EE HTTP/1.1" 200 816 "http://192.168.0.8/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
It seems that the token size has been changed and the server redirected to /login
page with the token. I will try to reproduce all steps and update the tutorial.
Thanks, we would happily incorporate any of your tutorial into our docs!
@david4096 feel free to use this tutorial :)
I updated with more information and pictures. Now I am trying to retrieve data from server.
Great, I changed the title. We'll close this issue once we've updated our documentation using your screenshots. Thanks!
@david4096 I'd like you to wait until I can access the data. There may still be settings to make on the Auth0 page.
Unfortunately it is not working. It seems that the GA4GH server only accept connection to base URL. When trying to access another resource such as search for data sets the server raises the "Not authenticated. Use the key on the server index page." Basically I am running this:
from ga4gh.client import client
key = "<key from login page>"
c = client.HttpClient("http://192.168.0.8/", id_token=key)
c.search_datasets().next()
Anyone have any idea for tracking this problem?
Are there any more details of the error message?
In order to control for issues in the client, could you try it as a cURL request (replacing my key for yours)?
curl -X POST --data '{}' -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6ImRhdmlkY3NAdWNzYy5lZHUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6Ly9kYXZpZDQwOTYuYXV0aDAuY29tLyIsInN1YiI6Imdvb2dsZS1vYXV0aDJ8MTAxNDYyMDk4NDkxMDIwNzU4NDcxIiwiYXVkIjoiN1B5VDVlUVJSZGFTeGdNNGhFWXowNHd6bmNOaVhwcUgiLCJleHAiOjE0ODE4ODE5NjUsImlhdCI6MTQ4MTg0NTk2NX0.t0e-1Ij0gGrmP0CKv_ymKsy_wvdTWfLtr5-257jRQ7aA' http://localhost:8000/datasets/search
Let me know the details of the error returned please!
It seems like the flow with Auth0 of getting a token for your login works as expected. However, protected endpoints inspect the Authorization
header before accessing data and something is going wrong there.
rm -f /tmp/ga4gh
)I did the following steps:
/tmp/ga4gh
and Apache logs;config.py
file);http://192.168.0.8/?key=<same_token_from_login>
);curl
command line:curl -X POST --data '{}' -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6IndlbGwzMDlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJpc3MiOiJodHRwczovL3dlbGxpdG9uLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1OGFiMDYzMTgyYjBjYTA3NzQ2M2VhM2IiLCJhdWQiOiI1RkZMZWpud2hkeERWZHVEUHdONzFnc3FGWTNxbWlDUSIsImV4cCI6MTQ4Nzg1MTYwMywiaWF0IjoxNDg3ODE1NjAzfQ.XBymadpZydRp1-K2bcPYaj5ciNqR6wP8ns2TJnM5rls' http://192.168.0.8/datasets/search
It returned:
{"errorCode": 1430394319, "message": "Not authenticated. Use the key on the server index page."}
The access.log file:
192.168.0.8 - - [22/Feb/2017:18:06:31 -0800] "GET / HTTP/1.1" 200 409 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0"
192.168.0.8 - - [22/Feb/2017:18:06:35 -0800] "GET /login HTTP/1.1" 200 577 "http://192.168.0.8/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0"
192.168.0.8 - - [22/Feb/2017:18:06:41 -0800] "GET /callback?code=1hrHmDg2jNv1IMHl HTTP/1.1" 302 1533 "http://192.168.0.8/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0"
192.168.0.8 - - [22/Feb/2017:18:06:44 -0800] "GET /login?code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6IndlbGwzMDlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJpc3MiOiJodHRwczovL3dlbGxpdG9uLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1OGFiMDYzMTgyYjBjYTA3NzQ2M2VhM2IiLCJhdWQiOiI1RkZMZWpud2hkeERWZHVEUHdONzFnc3FGWTNxbWlDUSIsImV4cCI6MTQ4Nzg1MTYwMywiaWF0IjoxNDg3ODE1NjAzfQ.XBymadpZydRp1-K2bcPYaj5ciNqR6wP8ns2TJnM5rls HTTP/1.1" 200 815 "http://192.168.0.8/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0"
192.168.0.8 - - [22/Feb/2017:18:06:58 -0800] "GET /?key=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6IndlbGwzMDlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJpc3MiOiJodHRwczovL3dlbGxpdG9uLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1OGFiMDYzMTgyYjBjYTA3NzQ2M2VhM2IiLCJhdWQiOiI1RkZMZWpud2hkeERWZHVEUHdONzFnc3FGWTNxbWlDUSIsImV4cCI6MTQ4Nzg1MTYwMywiaWF0IjoxNDg3ODE1NjAzfQ.XBymadpZydRp1-K2bcPYaj5ciNqR6wP8ns2TJnM5rls HTTP/1.1" 200 1842 "http://192.168.0.8/login?code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6IndlbGwzMDlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJpc3MiOiJodHRwczovL3dlbGxpdG9uLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1OGFiMDYzMTgyYjBjYTA3NzQ2M2VhM2IiLCJhdWQiOiI1RkZMZWpud2hkeERWZHVEUHdONzFnc3FGWTNxbWlDUSIsImV4cCI6MTQ4Nzg1MTYwMywiaWF0IjoxNDg3ODE1NjAzfQ.XBymadpZydRp1-K2bcPYaj5ciNqR6wP8ns2TJnM5rls" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0"
192.168.0.8 - - [22/Feb/2017:18:06:59 -0800] "GET /static/favicon.ico HTTP/1.1" 200 1524 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0"
192.168.0.8 - - [22/Feb/2017:18:07:40 -0800] "POST /datasets/search HTTP/1.1" 401 246 "-" "curl/7.47.0"
The error.log file (server debug activated):
[Wed Feb 22 18:03:22.978982 2017] [wsgi:warn] [pid 3363:tid 139871544747904] mod_wsgi: Compiled for Python/2.7.11.
[Wed Feb 22 18:03:22.979026 2017] [wsgi:warn] [pid 3363:tid 139871544747904] mod_wsgi: Runtime using Python/2.7.12.
[Wed Feb 22 18:03:23.005393 2017] [mpm_event:notice] [pid 3363:tid 139871544747904] AH00489: Apache/2.4.18 (Ubuntu) mod_wsgi/4.3.0 Python/2.7.12 configured -- resuming normal operations
[Wed Feb 22 18:03:23.005471 2017] [core:notice] [pid 3363:tid 139871544747904] AH00094: Command line: '/usr/sbin/apache2'
[Wed Feb 22 18:06:32.746432 2017] [wsgi:error] [pid 3369:tid 139871440754432] INFO:rdflib:RDFLib Version: 4.2.1
[Wed Feb 22 18:06:32.989907 2017] [wsgi:error] [pid 3369:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:32.989928 2017] [wsgi:error] [pid 3369:tid 139871440754432] INFO in extension [/srv/ga4gh/ga4gh-server-env/lib/python2.7/site-packages/flask_cors/extension.py:81]:
[Wed Feb 22 18:06:32.989933 2017] [wsgi:error] [pid 3369:tid 139871440754432] Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:32.989936 2017] [wsgi:error] [pid 3369:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:32.989968 2017] [wsgi:error] [pid 3369:tid 139871440754432] INFO:ga4gh.server.frontend.cors:Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:33.056617 2017] [wsgi:error] [pid 3369:tid 139871440754432] None
[Wed Feb 22 18:06:36.080913 2017] [wsgi:error] [pid 3375:tid 139871440754432] INFO:rdflib:RDFLib Version: 4.2.1
[Wed Feb 22 18:06:36.277563 2017] [wsgi:error] [pid 3375:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:36.277604 2017] [wsgi:error] [pid 3375:tid 139871440754432] INFO in extension [/srv/ga4gh/ga4gh-server-env/lib/python2.7/site-packages/flask_cors/extension.py:81]:
[Wed Feb 22 18:06:36.277609 2017] [wsgi:error] [pid 3375:tid 139871440754432] Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:36.277613 2017] [wsgi:error] [pid 3375:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:36.277667 2017] [wsgi:error] [pid 3375:tid 139871440754432] INFO:ga4gh.server.frontend.cors:Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:42.182854 2017] [wsgi:error] [pid 3367:tid 139871440754432] INFO:rdflib:RDFLib Version: 4.2.1
[Wed Feb 22 18:06:42.409327 2017] [wsgi:error] [pid 3367:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:42.409350 2017] [wsgi:error] [pid 3367:tid 139871440754432] INFO in extension [/srv/ga4gh/ga4gh-server-env/lib/python2.7/site-packages/flask_cors/extension.py:81]:
[Wed Feb 22 18:06:42.409354 2017] [wsgi:error] [pid 3367:tid 139871440754432] Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:42.409367 2017] [wsgi:error] [pid 3367:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:42.409409 2017] [wsgi:error] [pid 3367:tid 139871440754432] INFO:ga4gh.server.frontend.cors:Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:42.459639 2017] [wsgi:error] [pid 3367:tid 139871440754432] INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): welliton.auth0.com
[Wed Feb 22 18:06:43.552441 2017] [wsgi:error] [pid 3367:tid 139871440754432] INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): welliton.auth0.com
[Wed Feb 22 18:06:45.827757 2017] [wsgi:error] [pid 3366:tid 139871440754432] INFO:rdflib:RDFLib Version: 4.2.1
[Wed Feb 22 18:06:46.105052 2017] [wsgi:error] [pid 3366:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:46.105077 2017] [wsgi:error] [pid 3366:tid 139871440754432] INFO in extension [/srv/ga4gh/ga4gh-server-env/lib/python2.7/site-packages/flask_cors/extension.py:81]:
[Wed Feb 22 18:06:46.105081 2017] [wsgi:error] [pid 3366:tid 139871440754432] Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:46.105084 2017] [wsgi:error] [pid 3366:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:46.105117 2017] [wsgi:error] [pid 3366:tid 139871440754432] INFO:ga4gh.server.frontend.cors:Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:59.031819 2017] [wsgi:error] [pid 3371:tid 139871440754432] INFO:rdflib:RDFLib Version: 4.2.1
[Wed Feb 22 18:06:59.263452 2017] [wsgi:error] [pid 3371:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:59.263477 2017] [wsgi:error] [pid 3371:tid 139871440754432] INFO in extension [/srv/ga4gh/ga4gh-server-env/lib/python2.7/site-packages/flask_cors/extension.py:81]:
[Wed Feb 22 18:06:59.263481 2017] [wsgi:error] [pid 3371:tid 139871440754432] Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:59.263483 2017] [wsgi:error] [pid 3371:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:06:59.263514 2017] [wsgi:error] [pid 3371:tid 139871440754432] INFO:ga4gh.server.frontend.cors:Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:06:59.338664 2017] [wsgi:error] [pid 3371:tid 139871440754432] eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6IndlbGwzMDlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJpc3MiOiJodHRwczovL3dlbGxpdG9uLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw1OGFiMDYzMTgyYjBjYTA3NzQ2M2VhM2IiLCJhdWQiOiI1RkZMZWpud2hkeERWZHVEUHdONzFnc3FGWTNxbWlDUSIsImV4cCI6MTQ4Nzg1MTYwMywiaWF0IjoxNDg3ODE1NjAzfQ.XBymadpZydRp1-K2bcPYaj5ciNqR6wP8ns2TJnM5rls
[Wed Feb 22 18:07:00.469668 2017] [wsgi:error] [pid 3372:tid 139871440754432] INFO:rdflib:RDFLib Version: 4.2.1
[Wed Feb 22 18:07:00.647614 2017] [wsgi:error] [pid 3372:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:07:00.647635 2017] [wsgi:error] [pid 3372:tid 139871440754432] INFO in extension [/srv/ga4gh/ga4gh-server-env/lib/python2.7/site-packages/flask_cors/extension.py:81]:
[Wed Feb 22 18:07:00.647638 2017] [wsgi:error] [pid 3372:tid 139871440754432] Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:07:00.647641 2017] [wsgi:error] [pid 3372:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:07:00.647669 2017] [wsgi:error] [pid 3372:tid 139871440754432] INFO:ga4gh.server.frontend.cors:Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:07:41.098633 2017] [wsgi:error] [pid 3370:tid 139871440754432] INFO:rdflib:RDFLib Version: 4.2.1
[Wed Feb 22 18:07:41.297001 2017] [wsgi:error] [pid 3370:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:07:41.297025 2017] [wsgi:error] [pid 3370:tid 139871440754432] INFO in extension [/srv/ga4gh/ga4gh-server-env/lib/python2.7/site-packages/flask_cors/extension.py:81]:
[Wed Feb 22 18:07:41.297033 2017] [wsgi:error] [pid 3370:tid 139871440754432] Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
[Wed Feb 22 18:07:41.297036 2017] [wsgi:error] [pid 3370:tid 139871440754432] --------------------------------------------------------------------------------
[Wed Feb 22 18:07:41.297071 2017] [wsgi:error] [pid 3370:tid 139871440754432] INFO:ga4gh.server.frontend.cors:Configuring CORS with resources: {'/*': {'automatic_options': True, 'allow_headers': [u'Content-Type'], 'send_wildcard': False, 'intercept_exceptions': True, 'origins': ['.*'], 'vary_header': True, 'supports_credentials': False, 'resources': '/*', 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT'}}
First log from Auth0 (successful login):
{
"date": "2017-02-23T02:06:41.169Z",
"type": "s",
"connection": "GA4GH-DB",
"connection_id": "con_DqcVqeGQ5HLiz2Z6",
"client_id": "5FFLejnwhdxDVduDPwN71gsqFY3qmiCQ",
"client_name": "GA4GH Client Dev",
"ip": "177.103.16.184",
"user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0",
"details": {
"prompts": [
{
"name": "authenticate",
"initiatedAt": 1487815600879,
"completedAt": 1487815601162,
"timers": {},
"performed_acr": [],
"performed_amr": [],
"elapsedTime": 283
}
],
"initiatedAt": 1487815600871,
"completedAt": 1487815601166,
"elapsedTime": 295,
"stats": {
"loginsCount": 31
}
},
"user_id": "auth0|58ab063182b0ca077463ea3b",
"user_name": "<authorized_email>",
"strategy": "auth0",
"strategy_type": "database",
"auth0_client": {
"name": "lock.js",
"version": "10.0.2",
"lib_version": "7.0.3"
}
}
Second log from Auth0 (successful exchange):
{
"date": "2017-02-23T02:06:43.488Z",
"type": "seacft",
"description": "",
"connection_id": "",
"client_id": "5FFLejnwhdxDVduDPwN71gsqFY3qmiCQ",
"client_name": "GA4GH Client Dev",
"ip": "177.103.16.184",
"user_agent": "python-requests/2.7.0 CPython/2.7.12 Linux/4.4.0-63-generic",
"user_id": "",
"user_name": ""
}
Let me know if there are any other log files that might help.
Thanks that's very helpful!
Given that the exchange with Auth0 is working and I believe some id_token is in the cache, my guess is something is going wrong here. The authorization token is decoded using the client_id and secret in order to authenticate the request. Perhaps it is suggesting the token is not present in the header in the expected way.
The other possibility is here. Do you have the OIDC configured as well? It should leave that function if the OIDCClient is None, which it will be as long as the configuration setting OIDC_PROVIDER isn't set.
I didn't set an OIDC_PROVIDER
. In Auth0 API configuration I added the "openid" and "email" scopes. Then I authorized the Client to use these two scopes (as showed in the "Creating API" section of the tutorial). My config.py
file:
DATA_SOURCE = "/srv/ga4gh/ga4gh-example-data/registry.db"
AUTH0_ENABLED = True
SECRET_KEY = "super_secret"
AUTH0_SCOPES = "openid email"
AUTH0_CALLBACK_URL = "http://192.168.0.8/callback"
AUTH0_HOST = "welliton.auth0.com"
AUTH0_CLIENT_ID = "5FFLejnwhdxDVduDPwN71gsqFY3qmiCQ"
AUTH0_CLIENT_SECRET = "igm8Pz_8T7moT0V_8jBOp_PeFe9rqqKBu9KYD2jfrF1kJBFu1tTAxpl-KzJ1oJEU"
AUTH0_AUTHORIZED_EMAILS = "<authorized_email>"
DEBUG = True
@Welliton309 I just tried this with my credentials, which I include for testing and was able to get it to work.
Then I tried creating a new app and it seems like they have changed the formatting of the keys.
If you'd like to start up a server with these credentials (over some non-protected data!), it would help me to be certain this is the problem. This application was created before their changes and is apparently grandfathered into the old style.
AUTH0_ENABLED = True
SECRET_KEY = "super_secret"
AUTH0_SCOPES = "openid email"
AUTH0_CALLBACK_URL = "http://localhost:8000/callback"
AUTH0_HOST = "david4096.auth0.com"
AUTH0_CLIENT_ID = "7PyT5eQRRdaSxgM4hEYz04wzncNiXpqH"
AUTH0_CLIENT_SECRET = \
"2OkzpU7LMYMllXf7cd027WFcbBpb4b_p3iNRaUfsYOQgxiYM_puwRxCddCRy_RtV"
AUTH0_AUTHORIZED_EMAILS = "davidcs@ucsc.edu,your@email.com"
I believe all new created apps at Auth0 will have the new formatting. Related https://auth0.com/forum/t/client-secret-stored-without-base64-encoding/4338
The fix is quite simple, remove the b64decode of the client secret. I'll issue a PR for this. Such are the woes of supporting a third party service!
I am trying to figure out how to configure a working example of GA4GH server with Auth0 authentication service. I am using the latest release version (0.3.5). Because Auth0 service should be configured via web browser, I created a step-by-step tutorial with my progress. I think the following pictures and text may help others. The problem I found is at the end of this text.
Follow the Deployment on Apache instructions to install the reference implementation server.
At Apache configuration, you should use the root path instead of
/ga4gh
because the server is using absolute path when redirecting web address.Configuring Auth0 service
First login or sign up in Auth0 website: https://auth0.com/
Creating Client
On tab
Client
click inCreate Client
. Give a name for your Client and choose theNon Interactive Clients
client type. ClickCreate
.In
Settings
tab copy theDomain
,Client ID
andClient Secret
data.These data will be used to set the following server configuration values (reference):
AUTH0_HOST
withDomain
;AUTH0_CLIENT_ID
withClient ID
;AUTH0_CLIENT_SECRET
withClient Secret
.Fill
Allowed Callback URLs
,Allowed Logout URLs
andAllowed Origins (CORS)
with the web address of server endpoint plus the related path.Creating API
Go to
APIs
tab and click inCreate API
. TheIdentifier
should be the URL of server endpoint (the landing page). For this example I am using root path and TCP port 80.On
Scopes
tab, create two scopes:openid
andemail
.On
Non Interactive Clients
tab, authorize the previous created Client. Select both scopesopenid
andemail
. ClickUpdate
thenContinue
.Creating Database Connections
Go to
Connections-Database
tab and clickCreate DB Connection
. I disabled sign ups because I want to have control over user creation allowing only certain people/software to have access on server.In
Clients
tab, activate the connection between the Client and the Database.Creating Users
Go to
Users
tab and clickCreate User
. Fill the fields.Connection
should be same one previously created. An email will be send requesting to verify. I recommend creating your own user for testing purposes.Setting up GA4GH server with authentication
Append the following server configuration values to
config.py
file (reference). Remember to update the fields correctly. Create a SECRET_KEY. I didn’t understand the fieldAUTH0_AUTHORIZED_EMAILS
. I just used the same email I used to login into Auth0 website.Restart the server.
Testing
Finally access server landing page. It will show an error and a link to login. At login page, use the same email and password used to create a user. Note that it does not have an option to create a user (it can be changed).
After login you will see the token page.
Issues
It seems that Auth0 returned access token to
/callback
but it redirected to/login
again. It happens sometimes requiring to restart Apache server.Using
ga4gh_client
tool:Using
--key
argument does not work.Using Python library (reference):
Error: