Identity & Access Management

Integrate login to your Python-Flask applications using Asgardeo

Using WSO2 IS Python Auth SDK

As final-year undergraduates, we did research on how we can use human affect and behaviors to anticipate threats posed by humans. We built a simple website to demonstrate the capabilities of the model we designed. But going forward, it has become necessary to integrate login to keep track of the users, the service they could consume from the system, provide capabilities based on the roles, control usage and monetize as one of the FYP members (ok I am naming him as Atman) is planning to go with a startup. So, he reached out to develop a login module for the flask app.

But it is always hard to develop a highly secure login module or IAM from scratch and it is costly. Being aware of Asagrdeo, which provides Identity as a service, built on the reputable Identity Server, I planned to integrate login to the flask app using Asgardeo. Since it is in the initial stage, I planned to first try out Asgardeo with the early adoption and python-sdk and then move forward.

Before getting started, Let’s signup for the Asgardeo, register the organization, and create a web application in Asgardeo.

1. You should create an organization in Asgardeo : (prodvivek)
2. Login to Asgardeo Console.
3. Go to Develop > Applications.
4. Click New Application.

Fig. 1. Develop > Applications.

5. Chose the standard-based applications (OAuth2.0+ OpenID Connect)

Fig.2. Choose Standard Based => OAuth2.0+ OpenID Connect

6. Provide a name (Eg:FlaskApp)& proceed to register.

7. Let’s update the authorized_redirect_url and add localhost:5000 to the allowed_origins

Fig.3. Update Authorized redirect URLs & Add Allowed origins

Try out the Sample.

1. Fork and clone python-sdk repo.
2. To test the authentication, can simply use the existing sample found in the repo.

app.py — sample application that supports login and logout functionality.
conf.py — Configurations of the application.
templates — html templates i.e. index.html, layout.html
requirements.txt — Package dependancies that should be set up in prior. 
wso2.cert — WSO2 IS Certificate (or rather Asgardeo certifcate in this context) to avoid SSLCertVerificationError

3. Go to Applications => Your Application => Protocol & copy the client ID and client secret.

Fig.4. Copy the client ID, secret

4. update theconf.py file. Sample configuration for the application created registered under the organization prodvivek is as below. Let’s keep the login, log out-callback URLs as it is. Let us replace the client_id, client_secret. tenant means the organization (prodvivek).

auth_config = {
"login_callback_url": "https://localhost:5000/login",
"logout_callback_url": "https://localhost:5000/signin",
"client_host": "https://localhost:5000",
"client_id": "Q4NgSKOpPmiLFa3X6E6yRHjwHgca",
"client_secret": "6zWpYmVnlUTW8eP5yklJH5fi8bIa",
"server_origin": "https://api.asgardeo.io",
"tenant_path": "/t/prodvivek",
"tenant": "prodvivek",
"certificate_path": "/home/vivek/Documents/Repos/asgardeo-auth-python-sdk-main/samples/flask/cert/wso2.crt"
}

5. Obtain an SSL certificate for https://console.asgardeo.io/ and replace the content of wso2.crt with the obtained one. You might encounter python certifcate verify failed:unable to get local issuer certificate issue and it should be resolved by obtaining chains of certificates.

6. Run pip3 install -r requirements.txt

7. Run the web application built with the Flask framework.

Create Customer User

Proceed to Asgardeo console and create a customer user ( A user who is supposed to consume the services)

Fig.5. Create a customer user

Test Authentication

1. Go to https://localhost:5000 URL. The sample application page would look as in Fig. 6.

Fig.6. Sample Application

2. Click Login, and you will be redirected to the Asgardeo login page. Enter the credentials there and proceed with Sign In.

Fig.7. Sign In page rendered

3. After providing the consent, you will be redirected back to the https://localhost:5000 home page.

Fig.8. Home Page of Sample Application

4. I have successfully logged in to the sample application. The logout option is available and can proceed to logout.

We have successfully integrated the login module (or rather IAM solution to a simple application) without much of a hustle. We can integrate google sign-in, MFA, adaptive authentication to this application which is super cool and a modern-day need in the world of digitized enterprises. I would easily agree upon that Asgardeo is going to be fruitful for SME and startup landscape as the business could focus on their solution and Asgardeo will take care of Identity and Access Management.

Note: Can refer this blog to get more ideas about the Python-SDK. Thanks to Balakrishnan Sathiyakugan! I hope python apps will be on-boarded sooner into Asgardeo. Please reach out to the Asgardeo community for sharing your Asgardeo experiences and drop a mail to asgardeo-help@wso2.com at any time if you have any concerns as well.