Skip to main content
Prerequisites: Before you begin, ensure you have the following installed:
  • Python 3.9 or newer
  • pip 20.0 or newer
  • jq - Required for Auth0 CLI setup
Flask Version Compatibility: This quickstart uses Flask 2.0+ with the [async] extra for async support.

Get Started

This quickstart demonstrates how to add Auth0 authentication to a Flask application. You’ll build a secure web application with login functionality, protected routes, and user profile access using the Auth0 WebApp Python SDK.
1

Set up your environment

Create a new directory for your Flask project:
Create a virtual environment:
2

Install dependencies

Create requirements.txt to track your dependencies:
requirements.txt
The requirements.txt file tracks all project dependencies. To install them, run:
3

Setup your Auth0 App

Next up, you need to create a new app on your Auth0 tenant and add the environment variables to your project.You can choose to set up your Auth0 app automatically by running a CLI command, or do it manually via the Dashboard:
Run the following shell command on your project’s root directory to create an Auth0 application and generate a .env file:
This command will:
  1. Check if you’re authenticated (and prompt for login if needed)
  2. Create an Auth0 Regular Web Application configured for http://localhost:5000
  3. Generate a .env file with AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, AUTH0_SECRET, and AUTH0_REDIRECT_URI
4

Create Auth Configuration, Routes, and Templates

Create files
And add the following code snippets:
Development Only: This example uses simple in-memory storage classes (MemoryStateStore and MemoryTransactionStore) for demonstration purposes. These stores will lose all session data when your application restarts and won’t work in multi-instance deployments.For production applications, you must implement persistent storage. The SDK is framework-agnostic and requires you to provide custom StateStore and TransactionStore implementations. See the official SDK storage examples for detailed guidance on implementing Redis, PostgreSQL, or other persistent storage backends.
5

Run your app

Start the Flask development server:
Your app will be available at http://localhost:5000. The Auth0 SDK handles authentication routes automatically.
CheckpointYou should now have a fully functional Auth0 login page running on your localhost

Advanced Usage

If you need to call a protected API, retrieve an access token:
To use this feature, you must:
  1. Set AUTH0_AUDIENCE in your .env file
  2. Include offline_access in your scopes (for refresh tokens)
  3. Update authorization_params in auth.py:
By default, the SDK uses cookie-based storage. For production environments with specific needs (horizontal scaling, session sharing across services), you can configure custom storage backends like Redis or PostgreSQL.When to use custom storage:
  • You need to share sessions across multiple servers
  • You have large session data exceeding cookie size limits
  • You need centralized session management for backchannel logout
Redis Example:
auth.py
For most applications, the default cookie-based storage is sufficient. Custom storage requires implementing the StateStore interface. See the SDK examples for detailed implementations.

Common Issues

Problem: You see “MissingRequiredArgumentError: secret” when starting the appCause: The AUTH0_SECRET environment variable is missing or not loaded properly.Solution:
  1. Verify your .env file exists in the project root
  2. Ensure python-dotenv is installed: pip install python-dotenv
  3. Generate a new secret if needed: openssl rand -hex 64
  4. Add it to .env: AUTH0_SECRET=your_generated_secret
  5. Restart your Flask application
Problem: You see “Callback URL mismatch” or “invalid_request” error during loginCause: The redirect URI in your code doesn’t match what’s registered in Auth0 Dashboard.Solution:
  1. Check your .env file: AUTH0_REDIRECT_URI=http://localhost:5000/callback
  2. Go to Auth0 Dashboard → Applications → Your App → Settings
  3. Add http://localhost:5000/callback to Allowed Callback URLs
  4. Click Save Changes
  5. Restart your Flask application
Problem: You see “RuntimeError: This event loop is already running” or similar async errorsCause: Flask 2.0+ async support may have issues with certain configurations.Solution:Install Flask with async support:
Then restart your Flask application.
Problem: You see “ModuleNotFoundError: No module named ‘auth0_server_python’” or similarCause: The SDK is not installed or the virtual environment is not activated.Solution:
  1. Ensure your virtual environment is activated:
  2. Install the SDK:
  3. Verify installation:
Problem: You see “ClaimDecodingFailed” or “Failed to decode claims” error during authenticationCause: The ID token or access token received from Auth0 couldn’t be properly decoded, often due to:
  • Invalid JWT format
  • Corrupted session data
  • Mismatched signing algorithms
  • Clock skew between your server and Auth0
Solution:
  1. Ensure your AUTH0_CLIENT_SECRET is correct in the .env file
  2. Check your system time is synchronized (NTP):
  3. Clear browser cookies and restart authentication
  4. Verify the AUTH0_DOMAIN doesn’t include https:// prefix
  5. Check Auth0 Dashboard → Applications → Your App → Settings → Advanced → OAuth → JsonWebToken Signature Algorithm matches your SDK configuration
Problem: You see “Token has expired” or “invalid_token” errorsCause: The access token or ID token has exceeded its lifetime, or the session has expired.Solution:
  1. The SDK automatically handles token refresh if you include offline_access scope:
  2. For APIs, ensure you’re requesting fresh tokens:
  3. Adjust token lifetimes in Auth0 Dashboard → Applications → Your App → Settings → Advanced → OAuth
  4. Implement proper error handling to redirect users to login when tokens expire
Problem: You see CORS errors or “Blocked by CORS policy” in browser consoleCause: Your application’s origin isn’t properly configured in Auth0.Solution:
  1. Add your origin to Auth0 Dashboard → Applications → Your App → Settings:
    • Allowed Web Origins: http://localhost:5000
    • Allowed Callback URLs: http://localhost:5000/callback
    • Allowed Logout URLs: http://localhost:5000
  2. For production, add your production URLs:
  3. Ensure your Flask app has proper CORS configuration if calling Auth0 APIs from frontend JavaScript:
Problem: You see “Too many requests” or “Rate limit exceeded” errorsCause: Your application has exceeded Auth0’s rate limits for authentication requests.Solution:
  1. Check Auth0 Dashboard → Monitoring → Logs for rate limit details
  2. Implement exponential backoff for retries:
  3. Review your Auth0 subscription plan limits
  4. Optimize authentication flow to reduce unnecessary token requests
  5. Cache tokens appropriately instead of requesting new ones frequently