Easy and secure implementation of Azure AD for your FastAPI APIs
Project description
FastAPI-Azure-auth
Azure AD Authentication for FastAPI apps made easy.
🚀 Description
FastAPI is a modern, fast (high-performance), web framework for building APIs with Python, based on standard Python type hints.
At Intility, FastAPI is a popular framework among its developers, with customer-facing and internal services developed entirely on a FastAPI backend.
This package enables our developers (and you 😊) to create features without worrying about authentication and authorization.
Also, we're hiring!
⚡️ Quick start
Azure
Azure docs will be available when create-fastapi-app is developed. In the meantime please use the .NET documentation.
FastAPI
- Install this library:
pip install fastapi-azure-auth
# or
poetry add fastapi-azure-auth
- Include
swagger_ui_oauth2_redirect_urlandswagger_ui_init_oauthin your FastAPI app initialization:
app = FastAPI(
...
swagger_ui_oauth2_redirect_url='/oauth2-redirect',
swagger_ui_init_oauth={
'usePkceWithAuthorizationCodeGrant': True,
'clientId': settings.OPENAPI_CLIENT_ID # SPA app with grants to your app
},
)
-
Ensure you have CORS enabled for your local environment, such as
http://localhost:8000. See main.py and theBACKEND_CORS_ORIGINSin config.py -
Import and configure your Azure authentication:
from fastapi_azure_auth.auth import AzureAuthorizationCodeBearer
azure_scheme = AzureAuthorizationCodeBearer(
app=app,
app_client_id=settings.APP_CLIENT_ID, # Web app
scopes={
f'api://{settings.APP_CLIENT_ID}/user_impersonation': 'User Impersonation',
},
)
- Set your
intility_schemeas a dependency for your wanted views/routers:
app.include_router(api_router, prefix=settings.API_V1_STR, dependencies=[Depends(azure_scheme)])
⚙️ Configuration
For those using a non-Intility tenant, you also need to make changes to the provider_config:
from fastapi_azure_auth.provider_config import provider_config
intility_scheme = AzureAuthorizationCodeBearer(
...
)
provider_config.tenant_id = 'my-own-tenant-id'
If you want, you can deny guest users to access your API by passing the allow_guest_users=False
to AzureAuthorizationCodeBearer:
intility_scheme = AzureAuthorizationCodeBearer(
...
allow_guest_users=False
)
💡 Nice to knows
A User object is attached to the request state if the token is valid. Unparsed claims can be accessed at
request.state.user.claims.
from fastapi_azure_auth.user import User
from fastapi import Request
@router.get(...)
async def world(request: Request) -> dict:
user: User = request.state.user
return {'user': user}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi-azure-auth-1.1.1.tar.gz.
File metadata
- Download URL: fastapi-azure-auth-1.1.1.tar.gz
- Upload date:
- Size: 8.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.7 CPython/3.9.6 Linux/5.8.0-1039-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ceb3b4cd6cda6a1658fcb7d48164035f79333a71aa277cfc71cbd4b3a36925ed
|
|
| MD5 |
e0a41258ec43e01335502f6df1ca4852
|
|
| BLAKE2b-256 |
0513d02062292c64282793a2adb90281ea51f9140cccb9dde503b2988c539700
|
File details
Details for the file fastapi_azure_auth-1.1.1-py3-none-any.whl.
File metadata
- Download URL: fastapi_azure_auth-1.1.1-py3-none-any.whl
- Upload date:
- Size: 8.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.7 CPython/3.9.6 Linux/5.8.0-1039-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ddcdac5860ae2130dab001c0ae669c044cad03e820ef7c3407ebb1b66edd012e
|
|
| MD5 |
e38f2b53a91c24ae20fe8133c12349af
|
|
| BLAKE2b-256 |
14fc37156e39f9e5aa7def635b06bf54ec5380e10ebd0ba703ec8ebe8a0133d1
|
