fastapi-azure-auth 1.1.0

Easy and secure implementation of Azure AD for your FastAPI APIs

FastAPI-Azure-auth

Azure AD Authentication for FastAPI apps made easy.

🚀 Description

FastAPI is a modern, fast (high-performance), web framework for building APIs with Python, based on standard Python type hints.

At Intility, FastAPI is a popular framework among its developers, with customer-facing and internal services developed entirely on a FastAPI backend.

This package enables our developers (and you 😊) to create features without worrying about authentication and authorization.

Also, we're hiring!

⚡️ Quick start

Azure

Azure docs will be available when create-fastapi-app is developed. In the meantime please use the .NET documentation.

FastAPI

1. Install this library:

pip install fastapi-azure-auth
# or
poetry add fastapi-azure-auth

2. Include swagger_ui_oauth2_redirect_url and swagger_ui_init_oauth in your FastAPI app initialization:

app = FastAPI(
    ...
    swagger_ui_oauth2_redirect_url='/oauth2-redirect',
    swagger_ui_init_oauth={
        'usePkceWithAuthorizationCodeGrant': True, 
        'clientId': settings.OPENAPI_CLIENT_ID  # SPA app with grants to your app
    },
)

3. Ensure you have CORS enabled for your local environment, such as http://localhost:8000. See main.py and the BACKEND_CORS_ORIGINS in config.py

4. Import and configure your Azure authentication:

from fastapi_azure_auth.auth import AzureAuthorizationCodeBearer

azure_scheme = AzureAuthorizationCodeBearer(
    app=app,
    app_client_id=settings.APP_CLIENT_ID,  # Web app
    scopes={
        f'api://{settings.APP_CLIENT_ID}/user_impersonation': 'User Impersonation',
    },
)

5. Set your intility_scheme as a dependency for your wanted views/routers:

app.include_router(api_router, prefix=settings.API_V1_STR, dependencies=[Depends(azure_scheme)])

⚙️ Configuration

For those using a non-Intility tenant, you also need to make changes to the provider_config:

from fastapi_azure_auth.provider_config import provider_config

intility_scheme = AzureAuthorizationCodeBearer(
    ...
)

provider_config.tenant_id = 'my-own-tenant-id'

If you want, you can deny guest users to access your API by passing the allow_guest_users=False to AzureAuthorizationCodeBearer:

intility_scheme = AzureAuthorizationCodeBearer(
    ...
    allow_guest_users=False
)

💡 Nice to knows

A User object is attached to the request state if the token is valid. Unparsed claims can be accessed at request.state.user.claims.

from fastapi_azure_auth.user import User
from fastapi import Request

@router.get(...)
async def world(request: Request) -> dict:
    user: User = request.state.user
    return {'user': user}