Original post written by Juan Cruz Martinez for Auth0 blog.
Build Python CLI applications secured by using the device authorization flow with Auth0.
As a developer, you likely interact with CLIs daily to install libraries, run applications, check out your code, and much more. So you realize the potential of CLIs for automation and how simple it is to perform some tasks. But that's not the only use case for CLI applications, there are situations in which we may not even have access to a visual environment, where the terminal is our only choice, and there CLI applications are a must.
When building a CLI, perhaps you need to interact with private APIs, or you may want to validate the user accessing the application. In either case, you require to add authentication to your application. But the question then is, what would be the best way to do it?
That is the focus of this article today. We will explore authentication methods for CLI applications and their use cases and build our own hello to me CLI with Python and Auth0.
The Authorization Flow
When choosing the best authentication flow for our CLI application, we must consider its use case first.
There are available three options when it comes to CLIs, and today, we will be focusing on the device authorization flow which is the most secure way, and thanks to Auth0 it is also easy to integrate with the full power of Universal Login, which we will see in action later on this post.
How device flow works
With device flow, rather than directly authenticating users, the Application provides instructions to the user to access a website and authorize the device (in our case, the CLI) there.
This flow has grown in popularity in recent years with the introduction of smart TVs and other IoT devices, where for example, your TV would ask you to go to your YouTube app on your phone and confirm a code to access your user profile.
If you want to learn the flow details, I recommend reading the device flow guide.
The Sample Application
As we mentioned, we will build a hello to me CLI application using Python. The CLI will authenticate a user using device flow and, upon completing the authentication process, will extract information about the user and display it on the screen.
Let's get started by creating our project's directory.
mkdir awesome-cli
cd awesome-cli
Next, we create and activate the virtual environment, I'll be using Python's integrated VENV, but you can use pipenv, conda, or any other.
python3 -m venv venv
source venv/bin/activate
Next, we need to install some dependencies. Here is the list and the command to set them up:
- typer: Typer is a library for building CLI applications.
- auth0-python: Auth0's Python SDK, which we will use to validate our tokens.
- requests: To make HTTP calls.
pip install auth0-python requests typer
Finally, let's build the app's skeleton and run it.
touch main.py
Next, open the file main.py and paste the following code:
import time
from auth0.v3.authentication.token_verifier import TokenVerifier, AsymmetricSignatureVerifier
import jwt
import requests
import typer
app = typer.Typer()
@app.command()
def say_hi():
print(f"Hello world!")
if __name__ == "__main__":
app()
Finally, to run it:
python main.py
You should see the message Hello world! on your terminal if all is well.
Because we added only one command, we can run the file, and
Typerwill automatically execute it. If you have more than one command, you must provide the wanted command to run it by doing something likepython main.py say-hi.
Top comments (0)