Easy and secure implementation of Azure AD for your FastAPI APIs
Project description
FastAPI-Azure-auth
Azure AD Authentication for FastAPI apps made easy.
🚀 Description
FastAPI is a modern, fast (high-performance), web framework for building APIs with Python, based on standard Python type hints.
At Intility, FastAPI is a popular framework among its developers, with customer-facing and internal services developed entirely on a FastAPI backend.
This package enables our developers (and you 😊) to create features without worrying about authentication and authorization.
Also, we're hiring!
⚡️ Quick start
Azure
Azure docs will be available when create-fastapi-app is developed. In the meantime please use the .NET documentation.
FastAPI
- Install this library:
pip install fastapi-azure-auth
# or
poetry add fastapi-azure-auth
- Include
swagger_ui_oauth2_redirect_url
andswagger_ui_init_oauth
in your FastAPI app initialization:
app = FastAPI(
...
swagger_ui_oauth2_redirect_url='/oauth2-redirect',
swagger_ui_init_oauth={
'usePkceWithAuthorizationCodeGrant': True,
'clientId': settings.OPENAPI_CLIENT_ID # SPA app with grants to your app
},
)
-
Ensure you have CORS enabled for your local environment, such as
http://localhost:8000
. See main.py and theBACKEND_CORS_ORIGINS
in config.py -
Import and configure your Azure authentication:
from fastapi_azure_auth.auth import AzureAuthorizationCodeBearer
azure_scheme = AzureAuthorizationCodeBearer(
app=app,
app_client_id=settings.APP_CLIENT_ID, # Web app
scopes={
f'api://{settings.APP_CLIENT_ID}/user_impersonation': 'User Impersonation',
},
)
- Set your
intility_scheme
as a dependency for your wanted views/routers:
app.include_router(api_router, prefix=settings.API_V1_STR, dependencies=[Depends(azure_scheme)])
⚙️ Configuration
For those using a non-Intility tenant, you also need to make changes to the provider_config
:
from fastapi_azure_auth.provider_config import provider_config
intility_scheme = AzureAuthorizationCodeBearer(
...
)
provider_config.tenant_id = 'my-own-tenant-id'
If you want, you can deny guest users to access your API by passing the allow_guest_users=False
to AzureAuthorizationCodeBearer
:
intility_scheme = AzureAuthorizationCodeBearer(
...
allow_guest_users=False
)
💡 Nice to knows
A User
object is attached to the request state if the token is valid. Unparsed claims can be accessed at
request.state.user.claims
.
from fastapi_azure_auth.user import User
from fastapi import Request
@router.get(...)
async def world(request: Request) -> dict:
user: User = request.state.user
return {'user': user}
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for fastapi_azure_auth-1.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ddcdac5860ae2130dab001c0ae669c044cad03e820ef7c3407ebb1b66edd012e |
|
MD5 | e38f2b53a91c24ae20fe8133c12349af |
|
BLAKE2b-256 | 14fc37156e39f9e5aa7def635b06bf54ec5380e10ebd0ba703ec8ebe8a0133d1 |