Async Auth Middleware for FastAPI/Starlette
Project description
auth-middleware
Async Auth Middleware for FastAPI/Starlette.
Installation
Using pip:
pip install auth-middleware
Using poetry
poetry auth-middleware
How to use it
Auth Middleware follows the middleware protocol and, therefore, should be added as a middleware to your FastApi or Starlette application.
The steps, using FastAPI:
from fastapi import FastAPI, Depends
from starlette.requests import Request
from starlette.responses import Response
# Step 1: import the functions to control authentication
from auth_middleware.functions import require_groups, require_user
# Step 2: import the Middleware to use
from auth_middleware.jwt_auth_middleware import JwtAuthMiddleware
# Step 3: import the auth provider
from auth_middleware.providers.cognito import CognitoProvider
app: FastAPI = FastAPI()
# Step 4: Add Middleware with a Cognito auth Provider
app.add_middleware(JwtAuthMiddleware, auth_provider=CognitoProvider())
@app.get("/",
dependencies=[
# Step 5: add the authorization dependencies you want: require_user or requiere_groups
# Depends(require_groups(["customer", "administrator"])),
Depends(require_user()),
],)
async def root(request: Request):
# Step 6: user information will be available in the request.state.current_user object
return {"message": f"Hello {request.state.current_user.name}"}
Then set the environment variables (or your .env file)
AWS_COGNITO_USER_POOL_ID=your_cognito_user_pool_id
AWS_COGNITO_USER_POOL_REGION=your_cognito_user_pool_region
Call the method sending the id_token provided by Cognito:
curl -X GET http://localhost:8000/ -H "Authorization: Bearer MY_ID_TOKEN"
Middleware configuration
The middleware configuration is done by environment variables (or using and .env file if your project uses python-dotenv).
The main variables are shwon in the table below:
Name | Description | Values | Default |
---|---|---|---|
AUTH_MIDDLEWARE_LOG_LEVEL | Log level for the application | DEBUG, INFO, WARNING, ERROR, CRITICAL | INFO |
AUTH_MIDDLEWARE_LOG_FORMAT | Log format | See python logger documentation | %(log_color)s%(levelname)-9s%(reset)s %(asctime)s %(name)s %(message)s |
AUTH_MIDDLEWARE_LOGGER_NAME | Auth middleware logger name | A string | auth_middleware |
AUTH_MIDDLEWARE_DISABLED | Auth middleware enabled/disabled | false, true | false |
AUTH_MIDDLEWARE_JWKS_CACHE_INTERVAL_MINUTES | JWKS keys file refreshing interval | An integer value | 20 |
AUTH_MIDDLEWARE_JWKS_CACHE_USAGES | JWKS keys refreshing interval (counter) | An integer value | 1000 |
The User property
After authentication the Request object contains ifnormation about the current user in the state.current_user variable.
The table below shows the properties of the user object.
Property | Description |
---|---|
id | Id of the user in the identity provider |
name | User name (or id if not defined) |
User email (if any) | |
groups | Array of user groups as sent by the identity provider |
Control authentication and authorization
There are two utility functions to control the authentication and authorization. These functions return an HttpException if the auth/authn fails.
The functions can be invoked directly or can be used as a dependency in frameworks as FastAPI.
To check if a user is logged in use require_user:
require_user()
To check if a user has assigned a group or groups use require_groups:
require_groups(["group1", "group2"])
Authentication providers
Amazon Cognito
TODO
Azure Entra ID
TODO
Google Idp
TODO
Custom auth provider
TODO
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for auth_middleware-0.1.18-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5f3864dcdbef94cc01b15b32ad91c06ffbaf7e5068326a4469e98452f21bc9a4 |
|
MD5 | cec026532e249617d936773350747ffd |
|
BLAKE2b-256 | 7040a018c8dd84ed819a981e1b806b046d02f0a35a3d089dd716e700579b33c5 |