authentication package¶
authentication.authorize_client module¶
- class auth0.v3.authentication.authorize_client.AuthorizeClient(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
Authorize Client
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
authentication.base module¶
- class auth0.v3.authentication.base.AuthenticationBase(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
object
Base authentication object providing simple REST methods.
- Args:
- telemetry (bool, optional): Enable or disable Telemetry
(defaults to True)
- timeout (float or tuple, optional): Change the requests
connect and read timeout. Pass a tuple to specify both values separately or a float to set both to it. (defaults to 5.0 for both)
authentication.database module¶
- class auth0.v3.authentication.database.Database(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
Database & Active Directory / LDAP Authentication.
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
- change_password(client_id, email, connection, password=None)[source]¶
Asks to change a password for a given user.
client_id (str): ID of the application to use.
email (str): The user’s email address.
connection (str): The name of the database connection where this user should be created.
- login(client_id, username, password, connection, id_token=None, grant_type='password', device=None, scope='openid')[source]¶
Login using username and password
Given the user credentials and the connection specified, it will do the authentication on the provider and return a dict with the access_token and id_token. This endpoint only works for database connections, passwordless connections, Active Directory/LDAP, Windows Azure AD and ADFS.
- signup(client_id, email, password, connection, username=None, user_metadata=None, given_name=None, family_name=None, name=None, nickname=None, picture=None)[source]¶
Signup using email and password.
- Args:
client_id (str): ID of the application to use.
email (str): The user’s email address.
password (str): The user’s desired password.
connection (str): The name of the database connection where this user should be created.
username (str, optional): The user’s username, if required by the database connection.
- user_metadata (dict, optional): Additional key-value information to store for the user.
Some limitations apply, see: https://auth0.com/docs/metadata#metadata-restrictions
given_name (str, optional): The user’s given name(s).
family_name (str, optional): The user’s family name(s).
name (str, optional): The user’s full name.
nickname (str, optional): The user’s nickname.
picture (str, optional): A URI pointing to the user’s picture.
authentication.delegated module¶
- class auth0.v3.authentication.delegated.Delegated(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
Delegated authentication endpoints.
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
authentication.enterprise module¶
- class auth0.v3.authentication.enterprise.Enterprise(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
Enterprise endpoints.
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
authentication.get_token module¶
- class auth0.v3.authentication.get_token.GetToken(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
/oauth/token related endpoints
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
- authorization_code(client_id, client_secret, code, redirect_uri, grant_type='authorization_code')[source]¶
Authorization code grant
This is the OAuth 2.0 grant that regular web apps utilize in order to access an API. Use this endpoint to exchange an Authorization Code for a Token.
- Args:
grant_type (str): Denotes the flow you’re using. For authorization code use authorization_code
client_id (str): your application’s client Id
client_secret (str): your application’s client Secret
code (str): The Authorization Code received from the /authorize Calls
redirect_uri (str, optional): This is required only if it was set at the GET /authorize endpoint. The values must match
- Returns:
access_token, id_token
- authorization_code_pkce(client_id, code_verifier, code, redirect_uri, grant_type='authorization_code')[source]¶
Authorization code pkce grant
This is the OAuth 2.0 grant that mobile apps utilize in order to access an API. Use this endpoint to exchange an Authorization Code for a Token.
- Args:
grant_type (str): Denotes the flow you’re using. For authorization code pkce use authorization_code
client_id (str): your application’s client Id
code_verifier (str): Cryptographically random key that was used to generate the code_challenge passed to /authorize.
code (str): The Authorization Code received from the /authorize Calls
redirect_uri (str, optional): This is required only if it was set at the GET /authorize endpoint. The values must match
- Returns:
access_token, id_token
- client_credentials(client_id, client_secret, audience, grant_type='client_credentials')[source]¶
Client credentials grant
This is the OAuth 2.0 grant that server processes utilize in order to access an API. Use this endpoint to directly request an access_token by using the Application Credentials (a Client Id and a Client Secret).
- Args:
grant_type (str): Denotes the flow you’re using. For client credentials use client_credentials
client_id (str): your application’s client Id
client_secret (str): your application’s client Secret
audience (str): The unique identifier of the target API you want to access.
- Returns:
access_token
- login(client_id, client_secret, username, password, scope, realm, audience, grant_type='http://auth0.com/oauth/grant-type/password-realm')[source]¶
Calls /oauth/token endpoint with password-realm grant type
This is the OAuth 2.0 grant that highly trusted apps utilize in order to access an API. In this flow the end-user is asked to fill in credentials (username/password) typically using an interactive form in the user-agent (browser). This information is later on sent to the client and Auth0. It is therefore imperative that the client is absolutely trusted with this information.
- Args:
grant_type (str): Denotes the flow you’re using. For password realm use http://auth0.com/oauth/grant-type/password-realm
client_id (str): your application’s client Id
client_secret (str): your application’s client Secret
audience (str): The unique identifier of the target API you want to access.
username (str): Resource owner’s identifier
password (str): resource owner’s Secret
scope(str): String value of the different scopes the client is asking for. Multiple scopes are separated with whitespace.
realm (str): String value of the realm the user belongs. Set this if you want to add realm support at this grant.
- Returns:
access_token, id_token
- passwordless_login(client_id, client_secret, username, otp, realm, scope, audience)[source]¶
Calls /oauth/token endpoint with http://auth0.com/oauth/grant-type/passwordless/otp grant type
Once the verification code was received, login the user using this endpoint with their phone number/email and verification code.
- Args:
client_id (str): your application’s client Id
client_secret (str): your application’s client Secret. Only required for Regular Web Apps.
username (str): The user’s phone number or email address.
otp (str): the user’s verification code.
realm (str): use ‘sms’ or ‘email’. Should be the same as the one used to start the passwordless flow.
scope(str): String value of the different scopes the client is asking for. Multiple scopes are separated with whitespace.
audience (str): The unique identifier of the target API you want to access.
- Returns:
access_token, id_token
- refresh_token(client_id, client_secret, refresh_token, grant_type='refresh_token', scope='')[source]¶
Calls /oauth/token endpoint with refresh token grant type
Use this endpoint to refresh an access token, using the refresh token you got during authorization.
- Args:
grant_type (str): Denotes the flow you’re using. For refresh token use refresh_token
client_id (str): your application’s client Id
client_secret (str): your application’s client Secret
refresh_token (str): The refresh token returned from the initial token request.
scope (str): String value of the different scopes the client is asking for. Multiple scopes are separated with whitespace.
- Returns:
access_token, id_token
authentication.logout module¶
- class auth0.v3.authentication.logout.Logout(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
Logout Endpoint
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
- logout(client_id, return_to, federated=False)[source]¶
Logout
Use this endpoint to logout a user. If you want to navigate the user to a specific URL after the logout, set that URL at the returnTo parameter. The URL should be included in any the appropriate Allowed Logout URLs list:
- Args:
client_id (str): The client_id of your application.
returnTo (str): URL to redirect the user after the logout.
federated (bool): Querystring parameter to log the user out of the IdP
authentication.passwordless module¶
- class auth0.v3.authentication.passwordless.Passwordless(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
Passwordless connections endpoints.
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
- email(client_id, email, send='link', auth_params=None, client_secret=None)[source]¶
Start flow sending an email.
Given the user email address, it will send an email with:
A link (default, send:”link”). You can then authenticate with this user opening the link and he will be automatically logged in to the application. Optionally, you can append/override parameters to the link (like scope, redirect_uri, protocol, response_type, etc.) using auth_params dict.
A verification code (send:”code”). You can then authenticate with this user using email as username and code as password.
Complete the authentication using the get_token.passwordless_login method.
- Args:
client_id (str): Client Id of the application.
email (str): Email address.
send (str, optional): Can be: ‘link’ or ‘code’. Defaults to ‘link’.
auth_params (dict, optional): Parameters to append or override.
client_secret (str): Client Secret of the application.
- sms(client_id, phone_number, client_secret=None)[source]¶
Start flow sending an SMS message.
Given the user phone number, it will send an SMS with a verification code. You can then authenticate with this user using phone number as username and code as password.
Complete the authentication using the get_token.passwordless_login method.
- Args:
client_id (str): Client Id of the application.
client_secret (str): Client Secret of the application.
phone_number (str): Phone number.
authentication.revoke_token module¶
- class auth0.v3.authentication.revoke_token.RevokeToken(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
Revoke Refresh Token endpoint
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
- revoke_refresh_token(client_id, token, client_secret=None)[source]¶
Revokes a Refresh Token if it has been compromised
Each revocation request invalidates not only the specific token, but all other tokens based on the same authorization grant. This means that all Refresh Tokens that have been issued for the same user, application, and audience will be revoked.
- Args:
client_id (str): The Client ID for your Application
token (str): The Refresh Token you want to revoke
- client_secret (str, optional): The Client Secret for your Application.
Required for confidential applications. See: https://auth0.com/docs/applications/application-types#confidential-applications
See: https://auth0.com/docs/api/authentication#refresh-token
authentication.social module¶
- class auth0.v3.authentication.social.Social(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
Social provider’s endpoints.
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
- login(client_id, access_token, connection, scope='openid')[source]¶
Login using a social provider’s access token
Given the social provider’s access_token and the connection specified, it will do the authentication on the provider and return a dict with the access_token and id_token. Currently, this endpoint only works for Facebook, Google, Twitter and Weibo.
- Args:
client_id (str): application’s client id.
access_token (str): social provider’s access_token.
connection (str): connection type (e.g: ‘facebook’)
- Returns:
A dict with ‘access_token’ and ‘id_token’ keys.
authentication.token_verifier module¶
authentication.users module¶
- class auth0.v3.authentication.users.Users(domain, telemetry=True, timeout=5.0, protocol='https')[source]¶
Bases:
auth0.v3.authentication.base.AuthenticationBase
Userinfo related endpoints.
- Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)