Skip to content

mozilla-iam/auth0-callback-validator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.vscode
.vscode
 
 
test
test
 
 
validator
validator
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

OIDC/SAML Callback URL Validator

Introduction

This proposal outlines the development of a Python-based software tool designed to validate a list of OpenID Connect (OIDC) or Security Assertion Markup Language (SAML) callback URLs. The primary objective of this tool is to ensure that the provided URLs are accessible and respond with specific HTTP status codes indicating their validity which will be used to audit the callback list settings for each client application within Auth0. This document describes the functionality, components, and specifications required for the tool's implementation.

Objectives

  • Primary Objective: To create a Python tool that takes a client_id, retrieves the client applications callback list, validates each callback URL against specified criteria, and returns their validity status.
  • Usability Goal: To provide a straightforward and efficient mechanism for validating multiple OIDC or SAML callback URLs at once, ensuring they meet the necessary criteria for successful interactions.

Techstack

Python 3.12.3 Auth0 Python SDK

Auth0 environment variables

To make use of this application three Auth0 variables have to be set up

  • AUTH0_DOMAIN
  • AUTH0_CLIENT_ID
  • AUTH0_CLIENT_SECRET

These variables can be set as a part of your shell environment variables or in a file name .env Without these variables you will not be able to run the code. these credentials are used to generate a token that interacts with the Auth0 Management API.

The client should have the one following scopes set in Auth0:

  • read:client
  • read:client_keys
  • read:client_credentials
  • read:client_summary

See Auth0 Get Clients and Auth- Get Clients By Id for further documentation on required scopes.

Running Tests

Run the command:

python3 -m unittest

Running Code

Run the command:

python3 validator/validator.py

Examples

  • show help message: python3 validator/validator.py -h

  • retrieve callback urls for all clients: python3 validator/validator.py -a

  • retrieve callback urls for one client: python3 validator/validator.py client_id

Building an executable

Run the commands:

cd validator pyinstaller --onefile validator.py

Running the executable

pyinstaller will create the final executable in the dist directory and will be named validator. You can run the executable by typing the command validator with the appropriate flags or values

Examples

  • show help message: ./validator -h

  • retrieve callback urls for all clients: ./validator -a

  • retrieve callback urls for one client: ./validator client_id

About

No description, website, or topics provided.

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages