OAuth client plugins for Belgie

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12
Report project as malware

Project description

belgie-oauth: Google and Microsoft OAuth Plugins for Belgie

[!WARNING] This package is part of Belgie's beta API surface. Names and integration details may still change before v1.0.

belgie-oauth provides the Google and Microsoft OAuth client plugins used by Belgie apps. It handles OAuth state storage, authorization URL generation, token exchange, user info lookup, and the callback route that creates the Belgie session.

The package exposes:

  • GoogleOAuth for configuration
  • GoogleOAuthPlugin for Belgie integration
  • GoogleOAuthClient for building sign-in URLs from route dependencies
  • GoogleUserInfo for the Google user profile payload
  • MicrosoftOAuth for configuration
  • MicrosoftOAuthPlugin for Belgie integration
  • MicrosoftOAuthClient for building sign-in URLs from route dependencies
  • MicrosoftUserInfo for the Microsoft user profile payload

Installation

uv add belgie-oauth

[!NOTE] Configure BELGIE_SECRET, BELGIE_BASE_URL, and either the Google or Microsoft OAuth environment variables in your environment, or pass the same values in Python code.

What It Does

  • Builds Google sign-in URLs with a short-lived OAuth state token.
  • Preserves safe return_to redirects for same-origin URLs and relative paths.
  • Exchanges the authorization code for tokens.
  • Fetches Google user info and creates or updates the Belgie account.
  • Exposes the callback route at GET /auth/provider/google/callback.
  • Microsoft follows the same flow with the Microsoft Graph OIDC userinfo endpoint and GET /auth/provider/microsoft/callback.

Quick Start

Here is the smallest useful setup:

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import GoogleOAuth, GoogleOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

google_oauth_plugin = auth.add_plugin(
    GoogleOAuth(
        client_id="your-google-client-id",
        client_secret="your-google-client-secret",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/google")
async def login_google(
    google: Annotated[GoogleOAuthClient, Depends(google_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await google.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Google Cloud is:

http://localhost:8000/auth/provider/google/callback

Microsoft OAuth

Microsoft uses the same plugin pattern.

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import MicrosoftOAuth, MicrosoftOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

microsoft_oauth_plugin = auth.add_plugin(
    MicrosoftOAuth(
        client_id="your-microsoft-client-id",
        client_secret="your-microsoft-client-secret",
        tenant="common",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/microsoft")
async def login_microsoft(
    microsoft: Annotated[MicrosoftOAuthClient, Depends(microsoft_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await microsoft.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Microsoft Entra ID is:

http://localhost:8000/auth/provider/microsoft/callback

Examples

Details

  • GoogleOAuth.scopes defaults to ["openid", "email", "profile"].
  • GoogleOAuth.access_type defaults to offline.
  • GoogleOAuth.prompt defaults to consent.
  • GoogleOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • GoogleOAuthClient.signin_url() stores OAuth state before returning the Google authorization URL.
  • The callback route redirects to the stored return_to value or Belgie's default sign-in redirect.
  • MicrosoftOAuth.tenant defaults to common.
  • MicrosoftOAuth.scopes defaults to ["openid", "profile", "email", "offline_access", "User.Read"].
  • MicrosoftOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • MicrosoftOAuthClient.signin_url() stores OAuth state before returning the Microsoft authorization URL.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12

Release history Release notifications | RSS feed

0.19.3

0.19.2

0.19.1

0.19.0

0.18.0

0.17.2

0.17.1

This version

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.3

0.14.2

0.14.1

0.14.0

0.13.0

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.6

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.1

0.9.0

0.8.0

0.7.0

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.4.0

0.3.1

0.3.0

0.2.0

0.1.0

0.1.0a4 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

belgie_oauth-0.17.0.tar.gz (6.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

belgie_oauth-0.17.0-py3-none-any.whl (10.3 kB view details)

Uploaded Python 3

File details

Details for the file belgie_oauth-0.17.0.tar.gz.

File metadata

  • Download URL: belgie_oauth-0.17.0.tar.gz
  • Upload date:
  • Size: 6.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.17.0.tar.gz
Algorithm Hash digest
SHA256 fec698f1e8087c261f9829f91cc35de0ea10ac11526644e1bc5b7d58d045e808
MD5 0fc231611a264227988d6fc3ca5ba6c9
BLAKE2b-256 e8597300896ecbd52ab0204db7a9e3f63c5e83cdfb325e04e76b08159da43d17

See more details on using hashes here.

File details

Details for the file belgie_oauth-0.17.0-py3-none-any.whl.

File metadata

  • Download URL: belgie_oauth-0.17.0-py3-none-any.whl
  • Upload date:
  • Size: 10.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.17.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fd010dc8cd8a6a0ffc2a2d3977a37fc5e677a20e0b387baf2e32d4a8eadf7bf7
MD5 8d3236113205a45d004f25572582f77c
BLAKE2b-256 ea3f153983fb14c3304e781d621e261aecf1ce1665fbf5dc78c361c614956a4e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page