A python utility library to verify an Azure Active Directory OAuth token
Project description
aad-token-verify
A python utility library to verify an Azure Active Directory OAuth token. Meant for resource servers serving secured API endpoints (eg FastAPI)
Install
python3 -m pip install aad-token-verify
Usage
To use stand alone, simply import the verify payload function and call.
from aad_token_verify import get_verified_payload
token_verifier = AzureADTokenVerifier(tenant_id="YOUR_TENANT_ID", audience_uris=["AUDIENCE_URI"])
To use with FastAPI, there's some setup to get the Swagger docs to work
from fastapi import Depends, FastAPI
from fastapi.openapi.models import OAuthFlowImplicit, OAuthFlows
from fastapi.middleware.cors import CORSMiddleware
from fastapi.security import OAuth2
from aad_token_verify import get_verified_payload
# TODO Update these with your Tenant ID, Audience URI, and Client ID
_TENANT_ID = "ISSUER_TENANT_ID"
_AUDIENCE_URI = "https://YOUR_AUDIENCE_URI"
_AAD_CLIENT_ID = "CLIENT_ID"
oauth2_scheme = OAuth2(
flows=OAuthFlows(
implicit=OAuthFlowImplicit(
authorizationUrl=f"https://login.microsoftonline.com/{_TENANT_ID}/oauth2/v2.0/authorize",
scopes={
f"{_AUDIENCE_URI}/.default": "Custom Audience URI scope",
"openid": "OpenID scope",
"profile": "Profile scope",
"email": "email scope",
},
)
)
)
async def get_current_user(
auth_header: str = Depends(oauth2_scheme), # noqa: B008
):
scheme, _, token = auth_header.partition(" ")
return get_verified_payload(
token,
tenantId=_TENANT_ID,
audience_uris=[_AUDIENCE_URI],
)
app = FastAPI()
app.add_middleware(
CORSMiddleware,
allow_origins=["*"],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
app.swagger_ui_init_oauth = {
"usePkceWithAuthorizationCodeGrant": True,
"clientId": _AAD_CLIENT_ID,
"scopes": [f"{_AUDIENCE_URI}.default"],
}
@app.get("/")
async def secured_endpoint(user=Depends(get_current_user)):
return user
Contributing
Feel free to submit issues and pull requests!
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aad-token-verify-0.1.1.tar.gz.
File metadata
- Download URL: aad-token-verify-0.1.1.tar.gz
- Upload date:
- Size: 4.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.5.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5e218f551f817c95dedd78e5295c03109a1afc0296d5d8a23231bb4b78eca59c
|
|
| MD5 |
00cafbf0b6db9e5a18c00740a9e1a840
|
|
| BLAKE2b-256 |
47e4d4d5f47bea7791cc58d147caaf5238e58f793fb3d9ac96ea1f890b96e2e6
|
File details
Details for the file aad_token_verify-0.1.1-py3-none-any.whl.
File metadata
- Download URL: aad_token_verify-0.1.1-py3-none-any.whl
- Upload date:
- Size: 5.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.5.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
69535cbbc6baf41d1a9c5b2cd2c61768d52b14979f73291e8b2d74b6ee3e7da5
|
|
| MD5 |
90ec845f2d7afe5bf924be96f0c67bf3
|
|
| BLAKE2b-256 |
ea1331c75cb80f72fda0a76fc1763ef1198ddd553cb37f9d5fc65ad1bbacd9ec
|
