OAuth client plugins for Belgie

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12
Report project as malware

Project description

belgie-oauth: Google and Microsoft OAuth Plugins for Belgie

[!WARNING] This package is part of Belgie's beta API surface. Names and integration details may still change before v1.0.

belgie-oauth provides the Google and Microsoft OAuth client plugins used by Belgie apps. It handles OAuth state storage, authorization URL generation, token exchange, user info lookup, and the callback route that creates the Belgie session.

The package exposes:

  • GoogleOAuth for configuration
  • GoogleOAuthPlugin for Belgie integration
  • GoogleOAuthClient for building sign-in URLs from route dependencies
  • GoogleUserInfo for the Google user profile payload
  • MicrosoftOAuth for configuration
  • MicrosoftOAuthPlugin for Belgie integration
  • MicrosoftOAuthClient for building sign-in URLs from route dependencies
  • MicrosoftUserInfo for the Microsoft user profile payload

Installation

uv add belgie-oauth

[!NOTE] Configure BELGIE_SECRET, BELGIE_BASE_URL, and either the Google or Microsoft OAuth environment variables in your environment, or pass the same values in Python code.

What It Does

  • Builds Google sign-in URLs with a short-lived OAuth state token.
  • Preserves safe return_to redirects for same-origin URLs and relative paths.
  • Exchanges the authorization code for tokens.
  • Fetches Google user info and creates or updates the Belgie account.
  • Exposes the callback route at GET /auth/provider/google/callback.
  • Microsoft follows the same flow with the Microsoft Graph OIDC userinfo endpoint and GET /auth/provider/microsoft/callback.

Quick Start

Here is the smallest useful setup:

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import GoogleOAuth, GoogleOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

google_oauth_plugin = auth.add_plugin(
    GoogleOAuth(
        client_id="your-google-client-id",
        client_secret="your-google-client-secret",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/google")
async def login_google(
    google: Annotated[GoogleOAuthClient, Depends(google_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await google.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Google Cloud is:

http://localhost:8000/auth/provider/google/callback

Microsoft OAuth

Microsoft uses the same plugin pattern.

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import MicrosoftOAuth, MicrosoftOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

microsoft_oauth_plugin = auth.add_plugin(
    MicrosoftOAuth(
        client_id="your-microsoft-client-id",
        client_secret="your-microsoft-client-secret",
        tenant="common",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/microsoft")
async def login_microsoft(
    microsoft: Annotated[MicrosoftOAuthClient, Depends(microsoft_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await microsoft.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Microsoft Entra ID is:

http://localhost:8000/auth/provider/microsoft/callback

Examples

Details

  • GoogleOAuth.scopes defaults to ["openid", "email", "profile"].
  • GoogleOAuth.access_type defaults to offline.
  • GoogleOAuth.prompt defaults to consent.
  • GoogleOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • GoogleOAuthClient.signin_url() stores OAuth state before returning the Google authorization URL.
  • The callback route redirects to the stored return_to value or Belgie's default sign-in redirect.
  • MicrosoftOAuth.tenant defaults to common.
  • MicrosoftOAuth.scopes defaults to ["openid", "profile", "email", "offline_access", "User.Read"].
  • MicrosoftOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • MicrosoftOAuthClient.signin_url() stores OAuth state before returning the Microsoft authorization URL.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12

Release history Release notifications | RSS feed

0.19.3

0.19.2

0.19.1

0.19.0

0.18.0

0.17.2

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.3

0.14.2

0.14.1

0.14.0

0.13.0

0.12.3

This version

0.12.2

0.12.1

0.12.0

0.11.0

0.10.6

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.1

0.9.0

0.8.0

0.7.0

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.4.0

0.3.1

0.3.0

0.2.0

0.1.0

0.1.0a4 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

belgie_oauth-0.12.2.tar.gz (6.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

belgie_oauth-0.12.2-py3-none-any.whl (10.2 kB view details)

Uploaded Python 3

File details

Details for the file belgie_oauth-0.12.2.tar.gz.

File metadata

  • Download URL: belgie_oauth-0.12.2.tar.gz
  • Upload date:
  • Size: 6.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.12.2.tar.gz
Algorithm Hash digest
SHA256 823bc451952122d29c6c01cef7ecad608258d9590def462b07a91d46a5295bd3
MD5 78da7dbf7a99563b63f861fd10adfcd1
BLAKE2b-256 94810d8e2255a29ec6bbb7dac48fb6211713b5e3f4ee91e50de1af46bf4ceeb1

See more details on using hashes here.

File details

Details for the file belgie_oauth-0.12.2-py3-none-any.whl.

File metadata

  • Download URL: belgie_oauth-0.12.2-py3-none-any.whl
  • Upload date:
  • Size: 10.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.12.2-py3-none-any.whl
Algorithm Hash digest
SHA256 c42e2d47e2735aad3d86518c30f12b1bcd7179984a7660c22932e8a4ca9b435e
MD5 9bc538ef55c0430abc2d3a543148b885
BLAKE2b-256 5d01ef5cd40914c34e7d870faa3a49d57842f59fa04283fe87322eda176bec7d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page