OAuth client plugins for Belgie

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12
Report project as malware

Project description

belgie-oauth: Google and Microsoft OAuth Plugins for Belgie

[!WARNING] This package is part of Belgie's beta API surface. Names and integration details may still change before v1.0.

belgie-oauth provides the Google and Microsoft OAuth client plugins used by Belgie apps. It handles OAuth state storage, authorization URL generation, token exchange, user info lookup, and the callback route that creates the Belgie session.

The package exposes:

  • GoogleOAuth for configuration
  • GoogleOAuthPlugin for Belgie integration
  • GoogleOAuthClient for building sign-in URLs from route dependencies
  • GoogleUserInfo for the Google user profile payload
  • MicrosoftOAuth for configuration
  • MicrosoftOAuthPlugin for Belgie integration
  • MicrosoftOAuthClient for building sign-in URLs from route dependencies
  • MicrosoftUserInfo for the Microsoft user profile payload

Installation

uv add belgie-oauth

[!NOTE] Configure BELGIE_SECRET, BELGIE_BASE_URL, and either the Google or Microsoft OAuth environment variables in your environment, or pass the same values in Python code.

What It Does

  • Builds Google sign-in URLs with a short-lived OAuth state token.
  • Preserves safe return_to redirects for same-origin URLs and relative paths.
  • Exchanges the authorization code for tokens.
  • Fetches Google user info and creates or updates the Belgie account.
  • Exposes the callback route at GET /auth/provider/google/callback.
  • Microsoft follows the same flow with the Microsoft Graph OIDC userinfo endpoint and GET /auth/provider/microsoft/callback.

Quick Start

Here is the smallest useful setup:

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import GoogleOAuth, GoogleOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

google_oauth_plugin = auth.add_plugin(
    GoogleOAuth(
        client_id="your-google-client-id",
        client_secret="your-google-client-secret",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/google")
async def login_google(
    google: Annotated[GoogleOAuthClient, Depends(google_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await google.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Google Cloud is:

http://localhost:8000/auth/provider/google/callback

Microsoft OAuth

Microsoft uses the same plugin pattern.

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import MicrosoftOAuth, MicrosoftOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

microsoft_oauth_plugin = auth.add_plugin(
    MicrosoftOAuth(
        client_id="your-microsoft-client-id",
        client_secret="your-microsoft-client-secret",
        tenant="common",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/microsoft")
async def login_microsoft(
    microsoft: Annotated[MicrosoftOAuthClient, Depends(microsoft_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await microsoft.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Microsoft Entra ID is:

http://localhost:8000/auth/provider/microsoft/callback

Examples

Details

  • GoogleOAuth.scopes defaults to ["openid", "email", "profile"].
  • GoogleOAuth.access_type defaults to offline.
  • GoogleOAuth.prompt defaults to consent.
  • GoogleOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • GoogleOAuthClient.signin_url() stores OAuth state before returning the Google authorization URL.
  • The callback route redirects to the stored return_to value or Belgie's default sign-in redirect.
  • MicrosoftOAuth.tenant defaults to common.
  • MicrosoftOAuth.scopes defaults to ["openid", "profile", "email", "offline_access", "User.Read"].
  • MicrosoftOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • MicrosoftOAuthClient.signin_url() stores OAuth state before returning the Microsoft authorization URL.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12

Release history Release notifications | RSS feed

0.19.3

0.19.2

0.19.1

0.19.0

0.18.0

0.17.2

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.3

0.14.2

0.14.1

This version

0.14.0

0.13.0

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.6

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.1

0.9.0

0.8.0

0.7.0

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.4.0

0.3.1

0.3.0

0.2.0

0.1.0

0.1.0a4 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

belgie_oauth-0.14.0.tar.gz (6.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

belgie_oauth-0.14.0-py3-none-any.whl (10.3 kB view details)

Uploaded Python 3

File details

Details for the file belgie_oauth-0.14.0.tar.gz.

File metadata

  • Download URL: belgie_oauth-0.14.0.tar.gz
  • Upload date:
  • Size: 6.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.6 {"installer":{"name":"uv","version":"0.11.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.14.0.tar.gz
Algorithm Hash digest
SHA256 640cb57b8728526634157bb17d012ccccf11a09ae90bb55e27dbad1631488b08
MD5 068cf1607ecfac97caf120b3d9cfded0
BLAKE2b-256 f1040fb827ae11a3414098d140fcd8ea08fb03d906b27d5237e8e759adf5f0f3

See more details on using hashes here.

File details

Details for the file belgie_oauth-0.14.0-py3-none-any.whl.

File metadata

  • Download URL: belgie_oauth-0.14.0-py3-none-any.whl
  • Upload date:
  • Size: 10.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.6 {"installer":{"name":"uv","version":"0.11.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.14.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8d1d1742dce6f4cd5e9f0bf3bc0b146e5cdbaefa6b28c8a333f78bf5d4958637
MD5 e8db27ae9fa3519ae89aa02fe899ddd5
BLAKE2b-256 42eda1b2ddfa1b701556be08c7a36f9e66fe2f0bec22c49c48c893ff195303e5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page