Skip to main content

Contains the AuthChecker class for apps using the Auth Service

Project description

Auth Checker

A library that provides both authentication and authorization functionalities.

Installation

  pip install auth-checker

Authentication

Currently, there is only a single authentication method available, which is token based via Google Authentication. But the library is designed to be extensible, by extending the Authenticator class and implementing the authenticate method.

The library provides two FastAPI routes that provide initial authentication and token refresh functionalities.

  • /token/
  • /token/refresh/

You can bring them into your FastAPI app by using the auth_checker.authn.routes.router.

from auth_checker.authn.routes import router as auth_router
from fastapi import FastAPI
app = FastAPI()

...

app.include_router(auth_router, prefix="/auth")

Authorization

The library provides a plugin system for authorization. You can create your own authorization plugins by inheriting from the BaseAuthorizer class and implementing the required methods.

At this time this library provides a primary authorization plugin (casbin_pl) that is based on the Casbin Authorization Library.

There is a satauth_pl plugin that is provided, but it is primarily meant as a demo port of the original Authorization Service. It can be used as a reference for creating your own plugins.

Routes

The library provides two fastapi routes for authorization:

  • /casbin The root route provides casbin enforcer authorization route.
  • /roles The roles route provides roles route for the user. This endpoint is not casbin specific.

Usage

from auth_checker.authz.authorizer import Authorizer

authz = Authorizer()

# Check if a user is authorized to perform an action
if authz.authorize("user@company.com", "my_app", "read"):
    print("User is authorized")
else:
    print("User is not authorized")

Environment Variables / Settings

In projects that use this library the following environment variables should be set: The AUTHORIZER tells the system which of the installed plugins to use. In this case, use the casbin_authorizer.

export AUTHORIZER=casbin_authorizer

After that refer to the plugins themselves for the required environment variables.

Casbin Authorization Plugin

Environment Variables
  • CASBIN_AUTHORIZER_POLICY_ADAPTER

The CASBIN_AUTHORIZER_POLICY_ADAPTER tells the plugin which policy store to use. There are three initial options:

  • file - This stores the policy in a file.
  • mongo - This stores the policy in a MongoDB database.
  • redis - This stores the policy in a Redis database.

The file Policy Adapter requires the following environment variables:

  • CASBIN_POLICY_FILE

The mongo Policy Adapter requires the following environment variables:

  • CASBIN_AUTH_URI
  • CASBIN_AUTH_DB

The redis Policy Adapter requires the following environment variables:

  • CASBIN_REDIS_HOST
  • CASBIN_REDIS_PORT (optional) - Default is 6379
  • CASBIN_REDIS_PASSWORD (optional) - Default is None
  • CASBIN_REDIS_DB (optional) - Default is 0
Adding Policies

Right now there is no frontend for adding policies. You can add policies by using the Casbin library directly. The functions required to manage the policy store can be found here: Casbin Policy Management

from auth_checker.authz.authorizer import Authorizer

authz = Authorizer()

# First lets create a staff role for an application called `my_app`
authz.enforcer.add_policy("staff", "my_app", "read")
authz.enforcer.add_policy("staff", "my_app", "write")

# Now let's add a user to the staff role
authz.enforcer.add_role_for_user("user@company.com", "staff")

There are more examples of how to organize the policy structure in notebooks/setup_casbin_policy_store.ipynb.

To use the notebook, you will need to make sure the required environment variables are set. Then bring up jupyter lab and open the notebook.

$> make lab

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

auth_checker-2.1.0.tar.gz (25.6 kB view details)

Uploaded Source

Built Distribution

auth_checker-2.1.0-py3-none-any.whl (18.0 kB view details)

Uploaded Python 3

File details

Details for the file auth_checker-2.1.0.tar.gz.

File metadata

  • Download URL: auth_checker-2.1.0.tar.gz
  • Upload date:
  • Size: 25.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: python-requests/2.31.0

File hashes

Hashes for auth_checker-2.1.0.tar.gz
Algorithm Hash digest
SHA256 be2ecd085a2b6dc00afa24482fe4b434abc9ceaa0bfedcdb311a827294588720
MD5 cf4fea5059b68ff28b3500a8640b4711
BLAKE2b-256 5d6805803be76f8961861b580b4983ef26bacfc47016603c790d5c0236953310

See more details on using hashes here.

File details

Details for the file auth_checker-2.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for auth_checker-2.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5f8f4b87fd628a00d9455fd26d589b2e633a64386d3c44cb113c880236050950
MD5 9179334d6f6d69f42cdffc2e21d59197
BLAKE2b-256 6a667c004a894bc369cb05d50fe1d9a541baf9bb57dfa0a455086db9bc09af88

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page