OAuth client plugins for Belgie

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12
Report project as malware

Project description

belgie-oauth: Google and Microsoft OAuth Plugins for Belgie

[!WARNING] This package is part of Belgie's beta API surface. Names and integration details may still change before v1.0.

belgie-oauth provides the Google and Microsoft OAuth client plugins used by Belgie apps. It handles OAuth state storage, authorization URL generation, token exchange, user info lookup, and the callback route that creates the Belgie session.

The package exposes:

  • GoogleOAuth for configuration
  • GoogleOAuthPlugin for Belgie integration
  • GoogleOAuthClient for building sign-in URLs from route dependencies
  • GoogleUserInfo for the Google user profile payload
  • MicrosoftOAuth for configuration
  • MicrosoftOAuthPlugin for Belgie integration
  • MicrosoftOAuthClient for building sign-in URLs from route dependencies
  • MicrosoftUserInfo for the Microsoft user profile payload

Installation

uv add belgie-oauth

[!NOTE] Configure BELGIE_SECRET, BELGIE_BASE_URL, and either the Google or Microsoft OAuth environment variables in your environment, or pass the same values in Python code.

What It Does

  • Builds Google sign-in URLs with a short-lived OAuth state token.
  • Preserves safe return_to redirects for same-origin URLs and relative paths.
  • Exchanges the authorization code for tokens.
  • Fetches Google user info and creates or updates the Belgie account.
  • Exposes the callback route at GET /auth/provider/google/callback.
  • Microsoft follows the same flow with the Microsoft Graph OIDC userinfo endpoint and GET /auth/provider/microsoft/callback.

Quick Start

Here is the smallest useful setup:

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import GoogleOAuth, GoogleOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

google_oauth_plugin = auth.add_plugin(
    GoogleOAuth(
        client_id="your-google-client-id",
        client_secret="your-google-client-secret",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/google")
async def login_google(
    google: Annotated[GoogleOAuthClient, Depends(google_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await google.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Google Cloud is:

http://localhost:8000/auth/provider/google/callback

Microsoft OAuth

Microsoft uses the same plugin pattern.

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import MicrosoftOAuth, MicrosoftOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

microsoft_oauth_plugin = auth.add_plugin(
    MicrosoftOAuth(
        client_id="your-microsoft-client-id",
        client_secret="your-microsoft-client-secret",
        tenant="common",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/microsoft")
async def login_microsoft(
    microsoft: Annotated[MicrosoftOAuthClient, Depends(microsoft_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await microsoft.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Microsoft Entra ID is:

http://localhost:8000/auth/provider/microsoft/callback

Examples

Details

  • GoogleOAuth.scopes defaults to ["openid", "email", "profile"].
  • GoogleOAuth.access_type defaults to offline.
  • GoogleOAuth.prompt defaults to consent.
  • GoogleOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • GoogleOAuthClient.signin_url() stores OAuth state before returning the Google authorization URL.
  • The callback route redirects to the stored return_to value or Belgie's default sign-in redirect.
  • MicrosoftOAuth.tenant defaults to common.
  • MicrosoftOAuth.scopes defaults to ["openid", "profile", "email", "offline_access", "User.Read"].
  • MicrosoftOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • MicrosoftOAuthClient.signin_url() stores OAuth state before returning the Microsoft authorization URL.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12

Release history Release notifications | RSS feed

0.19.3

0.19.2

0.19.1

0.19.0

0.18.0

0.17.2

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.3

0.14.2

0.14.1

0.14.0

This version

0.13.0

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.6

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.1

0.9.0

0.8.0

0.7.0

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.4.0

0.3.1

0.3.0

0.2.0

0.1.0

0.1.0a4 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

belgie_oauth-0.13.0.tar.gz (6.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

belgie_oauth-0.13.0-py3-none-any.whl (10.3 kB view details)

Uploaded Python 3

File details

Details for the file belgie_oauth-0.13.0.tar.gz.

File metadata

  • Download URL: belgie_oauth-0.13.0.tar.gz
  • Upload date:
  • Size: 6.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.2 {"installer":{"name":"uv","version":"0.11.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.13.0.tar.gz
Algorithm Hash digest
SHA256 0f05f10dd4d99b5155bab5f8c813a53c8e9454b051c47aa25fa7ddef4930fba9
MD5 581e584c5421b9a9f57505632b5488b4
BLAKE2b-256 2c96fecc4a100b133a4432c34ef4e3297d5e255acbd9f9fda2c6e5fd616bf7e3

See more details on using hashes here.

File details

Details for the file belgie_oauth-0.13.0-py3-none-any.whl.

File metadata

  • Download URL: belgie_oauth-0.13.0-py3-none-any.whl
  • Upload date:
  • Size: 10.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.2 {"installer":{"name":"uv","version":"0.11.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.13.0-py3-none-any.whl
Algorithm Hash digest
SHA256 4531cf8d8435ad46f98034ec11a06e917c5ac59ff4abd6398b2dd114c932cf52
MD5 5c1c59cb363add2eaeeac9e62a201682
BLAKE2b-256 d48cbcac07245b8ad3fb99cee974a2ce2fe1954377a5b61af7129dd32774eca0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page