armasec 3.0.0

Injectable FastAPI auth via OIDC

An Omnivector initiative

Armasec

Adding a security layer on top of your API can be difficult, especially when working with an OIDC platform. It's hard enough to get your OIDC provider configured correctly. Armasec aims to take the pain out of securing your APIs routes.

Armasec is an opinionated library that attempts to use the most obvious and commonly used workflows when working with OIDC and making configuration as simple as possible.

When using the Armasec helper class, you only need two configuration settings to get going:

1. Domain: the domain of your OIDC provider
2. Audience: An optional setting that restricts tokens to those intended for your API.

That's it! Once you have those settings dialed in, you can just worry about checking the permissions scopes of your endpoints

Documentation

Documentation is hosted hosted on github.io at the Armasec homepage.

Quickstart

1. Install armasec and uvicorn:

pip install armasec uvicorn

2. Save th Minimal Example (example.py) locally:

import os

from armasec import Armasec
from fastapi import FastAPI, Depends


app = FastAPI()
armasec = Armasec(
    domain=os.environ.get("ARMASEC_DOMAIN"),
    audience=os.environ.get("ARMASEC_AUDIENCE"),
)

@app.get("/stuff", dependencies=[Depends(armasec.lockdown("read:stuff"))])
async def check_access():
    return dict(message="Successfully authenticated!")

4. Set the Armasec environment variables:

• ARMASEC_DOMAIN
• ARMASEC_AUDIENCE

5. Run the app

uvicorn --host 0.0.0.0 example:app

License

Distributed under the MIT License. See LICENSE for more information.