
Security News
pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
fastapi-oauth-client
Advanced tools
This repository provides a package that facilitates token-based authentication and authorization within your FastAPI application.
It builds on top of Authlib and provides a simple interface for protecting your own FastAPI endpoints with token-based authentication using OAuth.
It is the result of a client project of Schroeck IT Consulting. The goal was a simple FastAPI integration with Keycloak without much manual interference needed. Hence, the code is very much focused on Keycloak.
However, it should work for most other OAuth IdP's. If you require RBAC (Role-based access), make sure to name the claim containing the roles, roles
.
This library was originally published by Schroeck IT-Consulting.
Email: hello@schroeck-consulting.de
Simply pull the package from Pypi:
bash pip install fastapi_oauth_client
This package enhances your FastAPI application by incorporating token-based authentication and authorization mechanisms.
Key Features:
Addition of two endpoints, /login
and /callback
, implementing the standard OAuth / OpenID connect flow via a web browser.
Users authenticate through the /login
endpoint, which redirects them to the Identity Provider (IdP), such as Keycloak, for login.
Upon successful login, users are returned to the FastAPI app with an access token obtained from the IdP.
With the obtained access token, your FastAPI app gains the ability to access protected endpoints. This token remains valid for machine-to-machine communication until its expiration.
To integrate this package into your FastAPI app, follow these steps:
Configure OAuth settings by setting the necessary environment variables. Refer to the example.env file. For testing purposes, update settings in that, and run FastAPI using the command: sh ./run.sh
.
Incorporate the login endpoints into your code:
from fastapi_oauth_client import auth_router, verify_token
from starlette.middleware.sessions import SessionMiddleware
from fastapi import FastAPI
import secrets
app = FastAPI(
title="Your App Name",
version="1.0.0",
description="Description of your app.",
openapi_tags={},
)
# Integrate the login endpoints
app.add_middleware(SessionMiddleware, secret_key=secrets.token_urlsafe(16))
app.include_router(auth_router)
from fastapi_oauth_client import auth_router, verify_token
from fastapi import Depends, FastAPI
import secrets
from starlette.middleware.sessions import SessionMiddleware
app = FastAPI(
title="Your App Name",
version="1.0.0",
description="Description of your app.",
openapi_tags={},
)
# Integrate the login endpoints
app.add_middleware(SessionMiddleware, secret_key=secrets.token_urlsafe(16))
app.include_router(auth_router)
@app.get("/protected_endpoint")
def doSomething(profile=Depends(verify_token(roles=["admin"]))):
"""
Docstring...
"""
return "OK"
Note: It's crucial to declare the 'SessionMiddleware'. This declaration enables FastAPI app to extract the Bearer token from the incoming request.
Before proceeding, ensure you've configured a client in Keycloak. Assuming this is done, follow these steps to extend token lifetime:
To access protected endpoints, include the Authorization
header in your
requests. Provide the Bearer token obtained after login:
GET /protected_endpoint HTTP/1.1
Host: your-api-host
Authorization: Bearer ey...
This package uses Loguru for logging. To adjust its loglevel, use the environment variable LOG_LEVEL
.
FAQs
FastAPI Authorization Framework
We found that fastapi-oauth-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
Security News
Amaro 1.0 lays the groundwork for stable TypeScript support in Node.js, bringing official .ts loading closer to reality.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.