DEV Community

Robertino
Robertino

Posted on • Edited on • Originally published at auth0.com

Securing a Python CLI application with Auth0

Original post written by Juan Cruz Martinez for Auth0 blog.

Build Python CLI applications secured by using the device authorization flow with Auth0.


As a developer, you likely interact with CLIs daily to install libraries, run applications, check out your code, and much more. So you realize the potential of CLIs for automation and how simple it is to perform some tasks. But that's not the only use case for CLI applications, there are situations in which we may not even have access to a visual environment, where the terminal is our only choice, and there CLI applications are a must.

When building a CLI, perhaps you need to interact with private APIs, or you may want to validate the user accessing the application. In either case, you require to add authentication to your application. But the question then is, what would be the best way to do it?

That is the focus of this article today. We will explore authentication methods for CLI applications and their use cases and build our own hello to me CLI with Python and Auth0.

The Authorization Flow

When choosing the best authentication flow for our CLI application, we must consider its use case first.

There are available three options when it comes to CLIs, and today, we will be focusing on the device authorization flow which is the most secure way, and thanks to Auth0 it is also easy to integrate with the full power of Universal Login, which we will see in action later on this post.

How device flow works

With device flow, rather than directly authenticating users, the Application provides instructions to the user to access a website and authorize the device (in our case, the CLI) there.

This flow has grown in popularity in recent years with the introduction of smart TVs and other IoT devices, where for example, your TV would ask you to go to your YouTube app on your phone and confirm a code to access your user profile.

If you want to learn the flow details, I recommend reading the device flow guide.

The Sample Application

As we mentioned, we will build a hello to me CLI application using Python. The CLI will authenticate a user using device flow and, upon completing the authentication process, will extract information about the user and display it on the screen.

Let's get started by creating our project's directory.

mkdir awesome-cli
cd awesome-cli
Enter fullscreen mode Exit fullscreen mode

Next, we create and activate the virtual environment, I'll be using Python's integrated VENV, but you can use pipenv, conda, or any other.

python3 -m venv venv
source venv/bin/activate
Enter fullscreen mode Exit fullscreen mode

Next, we need to install some dependencies. Here is the list and the command to set them up:

  • typer: Typer is a library for building CLI applications.
  • auth0-python: Auth0's Python SDK, which we will use to validate our tokens.
  • requests: To make HTTP calls.
pip install auth0-python requests typer
Enter fullscreen mode Exit fullscreen mode

Finally, let's build the app's skeleton and run it.

touch main.py
Enter fullscreen mode Exit fullscreen mode

Next, open the file main.py and paste the following code:

import time

from auth0.v3.authentication.token_verifier import TokenVerifier, AsymmetricSignatureVerifier
import jwt
import requests
import typer

app = typer.Typer()

@app.command()
def say_hi():
    print(f"Hello world!")

if __name__ == "__main__":
    app()
Enter fullscreen mode Exit fullscreen mode

Finally, to run it:

python main.py
Enter fullscreen mode Exit fullscreen mode

You should see the message Hello world! on your terminal if all is well.

Because we added only one command, we can run the file, and Typer will automatically execute it. If you have more than one command, you must provide the wanted command to run it by doing something like python main.py say-hi.

Read more...

Top comments (0)