Skip to content

Simple library for using a third party authentication service like Keycloak or Auth0 with FastAPI

License

Notifications You must be signed in to change notification settings

jokurz/fastapi-third-party-auth

 
 

Repository files navigation

FastAPI Third Party Auth

Test Documentation Status Package version


Documentation: https://fastapi-third-party-auth.readthedocs.io/

Source Code: https://github.com/aiwizo/fastapi-third-party-auth


Simple library for using a third party authentication service with FastAPI. Verifies and decrypts 3rd party OpenID Connect tokens to protect your endpoints.

Easily used with authentication services such as:

FastAPI's generated interactive documentation supports the grant flows:

GrantType.AUTHORIZATION_CODE
GrantType.IMPLICIT
GrantType.PASSWORD
GrantType.CLIENT_CREDENTIALS

example documentation

Installation

poetry add fastapi-third-party-auth

Or, for the old-timers:

pip install fastapi-third-party-auth

Usage

See this example for how to use docker-compose to set up authentication with fastapi-third-party-auth + Keycloak.

Standard usage

from fastapi import Depends
from fastapi import FastAPI
from fastapi import Security
from fastapi import status

from fastapi_third_party_auth import Auth
from fastapi_third_party_auth import GrantType
from fastapi_third_party_auth import KeycloakIDToken

auth = Auth(
    openid_connect_url="http://localhost:8080/auth/realms/my-realm/.well-known/openid-configuration",
    issuer="http://localhost:8080/auth/realms/my-realm",  # optional, verification only
    client_id="my-client",  # optional, verification only
    scopes=["email"],  # optional, verification only
    grant_types=[GrantType.IMPLICIT],  # optional, docs only
    idtoken_model=KeycloakIDToken,  # optional, verification only
)

app = FastAPI(
    title="Example",
    version="dev",
    dependencies=[Depends(auth)],
)

@app.get("/protected")
def protected(id_token: KeycloakIDToken = Security(auth.required)):
    return dict(message=f"You are {id_token.email}")

Optional: Custom token validation

The IDToken class will accept any number of extra fields but you can also validate fields in the token like this:

class MyAuthenticatedUser(IDToken):
    custom_field: str
    custom_default: float = 3.14

auth = Auth(
    ...,
    idtoken_model=MyAuthenticatedUser,
)

About

Simple library for using a third party authentication service like Keycloak or Auth0 with FastAPI

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 99.9%
  • Shell 0.1%