An overview of Python Flask, DynamoDB and Auth0 integration

Introduction

The project requirements was to create a system where we had to integrate the web application (designed in Flask), with the dynamodb Database service of the AWS. The purpose of the application was to update the entries in the dynamo db via a web interface, so the person need not have access to AWS account, to do so.

Objective

The objective was to develop a web application, which allows any organization employee to login into it by authenticating via auth0 authentication. The employee is authenticated at two levels first via the Organization Name and next via the username and Password.

Components used 

We have used the following tools to create the alert system.

  1. Python programming language
  2. Flask
  3. DyanamoDB AWS service
  4. Auth0

Description of each component

Python

Python is a high level programming language used for daily problem solving purposes. Its design emphasizes the use of significant indentation in it’s codes. Its language constructs as well as its object-oriented approach aim to help programmers write clear, logical code for small and large-scale projects.

Flask

Flask is a micro web framework which uses Python as a base programming language. It is classified as a microframework because it does not require any particular tools or libraries. Flask also depends on the Werkzeug WSGI toolkit. Werkzeug is not a framework, it’s a library with utilities to create your own application and as such is very flexible.

DynamoDB AWS service

Amazon DynamoDB is a fully managed NoSQL database service that supports key–value pairs as a form of data structures and is offered by AWS as a reliable database service. No SQL means there is no defined structure in the form of rows columns. You feed the date into a NoSQL table by giving the key: value pair as the input.

Auth0

Auth0 in simple words is an authentication and authorization platform. It is used to add authentication services to your applications. It helps organizations avoid the cost, time, and risk that come with building your own solution to authenticate and authorize users. please refer to the following link for more details.

https://auth0.com/docs/

Pre-requisites before developing the application

  1. Make sure you have an AWS account with IAM access to it. Also make sure that your IAM user has permissions of DynamoDB read/write/update/delete access.
  2. Please note down your aws access credentials (ACCESS KEY and the SECRET ACCESS KEY). You need to configure this in your local host for accessing any of the resources of the AWS as the permissions permit to.
  3. Following python libraries required to be installed using the pip command
    • Flask --> (description above)
    • boto3 and botocore--> AWS SDK for python SDK is composed of two Python packages: Botocore i..e.the library providing the low-level functionality shared between the Python SDK and the AWS CLI; Boto3  is the package implementing the Python SDK itself.
    • dotenv --> This library is used when one wants to read a environment variables from another file to be used in the code. It reads key-value pairs from a .env file.
    • werkzeug --> Werkzeug is a WSGI web application library. WSGI is the Web Server Gateway Interface. It is a specification that describes how a web server communicates with web applications, and how web applications can be chained together to process one request.
    • OAuth --> It is a secured protocol for authorizing users accessing the application. It enables one service to access resources hosted on other services without having to share user credentials, like username and password.
  4. Auth0 Organisations
    • Auth0 platform that allows business-to-business customers to better manage their partners and customers, and to customize the ways that end-users access their applications. Refer to following link.

https://auth0.com/docs/organizations

    • We are creating an application to be used by various organizations. So for each organization a separate configuration will be created in the auth 0 platform, using the Auth0 organization feature. This ensures that organizations configured in the Auth0 account can only access the application.
    • Then under each organization that is configured, we will create the employees details who will access that application, so their employees from the organization could access the application
    • Following is a diagrammatic representation

Importing required Libraries

  1. For integrating any AWS service into python, the library boto 3 is being used. For instance, since I am making use of dynamo db service, so the syntax of the command would be
client = boto3.client('dynamodb', region_name='ap-northeast-1')

DB = boto3.resource('dynamodb', region_name='ap-northeast-1')

table = DB.Table(__TableName__)

by this command we have created a variable name DB which works as a handle for us to perform various dynamo db operations on a table.

  1. For integration of auth0, there were various methods used for eg- requires_auth method, register method etc. You can also get a reference of how to integrate auth0 with a python application on the following link. https://manage.auth0.com/
  2. Also I used the following libraries in the beginning of the application code.
from functools import wraps

import json

from os import environ as env

from werkzeug.exceptions import HTTPException

from dotenv import load_dotenv, find_dotenv

from flask import Flask

from flask import jsonify

from flask import redirect

from flask import render_template, request

from flask import session

from flask import url_for

from six.moves.urllib.parse import urlencode

from boto3.dynamodb.conditions import Key

 

For using Auth0, we need to import OAuth library, following statement would do it.

 

from authlib.integrations.flask_client import OAuth

 

Procedure followed

  1. My web application was a simple one containing following pages: (for each page, a separate html code was being written.
    1. Login page --> the page visible when you open the web app
    2. Home page --> the page visible after the user successfully login
    3. Display page--> for displaying the dynamo db table data on the webpage
    4. Fill data page --> it will open a form where the user can fill the entries for a new record to be created in the dynamo db table.
  1. Before running the program, make sure that the dynamo db table on which the operations are to be performed is already created in the AWS Dynamo Db console.
  2. The design I followed in Dynamo Db was that, there will be as single table where every organization entries will be inserted.
  3. Dynamo DB table require a partition key for it to be created. In my case, the partition key was “Organization_ID”. Every organization has a unique Organization ID. This ID is generated by the Auth0 platform when we configure the organization in it.
  4. So this partition key was used by me in the application code to reference a particular entry in the table pertaining to a particular organization. For instance, if an organization A has been configured in Auth0 ( as was discussed in the pre requisites section), and if a employee from A logins into the web app, then he may be able to create and read the entry of the table only on organization A, which is referenced by the partition key.

Application Flow

Below is a diagrammatic representation of the summarized workflow of the working of the application.

 

Conclusions and Learnings

It was a great learning experience for me as I had never tried before this, integrating python with an AWS service. Also an added learning for me was to get a brief on working of the auth0 as an authentication platform which can be used for any web based application, and the necessary aspects to be covered in my application code for auth0 to work with my application.