OAuth client plugins for Belgie

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12
Report project as malware

Project description

belgie-oauth: Google and Microsoft OAuth Plugins for Belgie

[!WARNING] This package is part of Belgie's beta API surface. Names and integration details may still change before v1.0.

belgie-oauth provides the Google and Microsoft OAuth client plugins used by Belgie apps. It handles OAuth state storage, authorization URL generation, token exchange, user info lookup, and the callback route that creates the Belgie session.

The package exposes:

  • GoogleOAuth for configuration
  • GoogleOAuthPlugin for Belgie integration
  • GoogleOAuthClient for building sign-in URLs from route dependencies
  • GoogleUserInfo for the Google user profile payload
  • MicrosoftOAuth for configuration
  • MicrosoftOAuthPlugin for Belgie integration
  • MicrosoftOAuthClient for building sign-in URLs from route dependencies
  • MicrosoftUserInfo for the Microsoft user profile payload

Installation

uv add belgie-oauth

[!NOTE] Configure BELGIE_SECRET, BELGIE_BASE_URL, and either the Google or Microsoft OAuth environment variables in your environment, or pass the same values in Python code.

What It Does

  • Builds Google sign-in URLs with a short-lived OAuth state token.
  • Preserves safe return_to redirects for same-origin URLs and relative paths.
  • Exchanges the authorization code for tokens.
  • Fetches Google user info and creates or updates the Belgie account.
  • Exposes the callback route at GET /auth/provider/google/callback.
  • Microsoft follows the same flow with the Microsoft Graph OIDC userinfo endpoint and GET /auth/provider/microsoft/callback.

Quick Start

Here is the smallest useful setup:

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import GoogleOAuth, GoogleOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

google_oauth_plugin = auth.add_plugin(
    GoogleOAuth(
        client_id="your-google-client-id",
        client_secret="your-google-client-secret",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/google")
async def login_google(
    google: Annotated[GoogleOAuthClient, Depends(google_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await google.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Google Cloud is:

http://localhost:8000/auth/provider/google/callback

Microsoft OAuth

Microsoft uses the same plugin pattern.

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.responses import RedirectResponse

from belgie_core import Belgie, BelgieSettings
from belgie_oauth import MicrosoftOAuth, MicrosoftOAuthClient

settings = BelgieSettings(
    secret="your-secret-key",
    base_url="http://localhost:8000",
)

auth = Belgie(
    settings=settings,
    adapter=adapter,
    database=get_db,
)

microsoft_oauth_plugin = auth.add_plugin(
    MicrosoftOAuth(
        client_id="your-microsoft-client-id",
        client_secret="your-microsoft-client-secret",
        tenant="common",
    ),
)

app = FastAPI()
app.include_router(auth.router)


@app.get("/login/microsoft")
async def login_microsoft(
    microsoft: Annotated[MicrosoftOAuthClient, Depends(microsoft_oauth_plugin)],
    return_to: str | None = None,
):
    auth_url = await microsoft.signin_url(return_to=return_to)
    return RedirectResponse(url=auth_url, status_code=302)

The callback URI you must register in Microsoft Entra ID is:

http://localhost:8000/auth/provider/microsoft/callback

Examples

Details

  • GoogleOAuth.scopes defaults to ["openid", "email", "profile"].
  • GoogleOAuth.access_type defaults to offline.
  • GoogleOAuth.prompt defaults to consent.
  • GoogleOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • GoogleOAuthClient.signin_url() stores OAuth state before returning the Google authorization URL.
  • The callback route redirects to the stored return_to value or Belgie's default sign-in redirect.
  • MicrosoftOAuth.tenant defaults to common.
  • MicrosoftOAuth.scopes defaults to ["openid", "profile", "email", "offline_access", "User.Read"].
  • MicrosoftOAuthPlugin.redirect_uri is derived from BELGIE_BASE_URL.
  • MicrosoftOAuthClient.signin_url() stores OAuth state before returning the Microsoft authorization URL.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mplemay97 from gravatar.com mplemay97

Unverified details

These details have not been verified by PyPI
Meta
  • Author: Matt LeMay
  • Requires: Python <3.15, >=3.12

Release history Release notifications | RSS feed

0.19.3

0.19.2

0.19.1

0.19.0

0.18.0

0.17.2

This version

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.3

0.14.2

0.14.1

0.14.0

0.13.0

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.6

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.1

0.9.0

0.8.0

0.7.0

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.4.0

0.3.1

0.3.0

0.2.0

0.1.0

0.1.0a4 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

belgie_oauth-0.17.1.tar.gz (6.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

belgie_oauth-0.17.1-py3-none-any.whl (10.3 kB view details)

Uploaded Python 3

File details

Details for the file belgie_oauth-0.17.1.tar.gz.

File metadata

  • Download URL: belgie_oauth-0.17.1.tar.gz
  • Upload date:
  • Size: 6.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.17.1.tar.gz
Algorithm Hash digest
SHA256 456c3a17b2cbccf3e6a1c3e5a903cb162b051a38aee9bab83526f9062bd6b40a
MD5 195a9214ea8f3b13c36890008dbc6285
BLAKE2b-256 ea588b0d63f1c78b106146af112f58c695f111e01432488483ca6814f5579afd

See more details on using hashes here.

File details

Details for the file belgie_oauth-0.17.1-py3-none-any.whl.

File metadata

  • Download URL: belgie_oauth-0.17.1-py3-none-any.whl
  • Upload date:
  • Size: 10.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.7 {"installer":{"name":"uv","version":"0.11.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for belgie_oauth-0.17.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ecbe9b3c7dad3ce8f377f769fe619e5735827dd21378c67848999d8110883c3f
MD5 0b6060b3de436771ae01c299f5e93373
BLAKE2b-256 521ae3e0542b2624ffad4229684ab5c7653cc54214aaf48a17a3e2c6d4a1bae5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page