fastapi-cloudauth supports simple integration between FastAPI and cloud authentication services (AWS Cognito, Auth0, Firebase Authentication).
Project description
FastAPI Cloud Auth
fastapi-cloudauth supports simple integration between FastAPI and cloud authentication services (AWS Cognito, Auth0, Firebase Authentication). This standardize the interface for some authentication services.
Features
- Verify access/id token
- Authenticate permission based on scope (or groups) within access token
- Get login user info (name, email, etc.) within ID token
- Dependency injection for verification/getting user, powered by FastAPI
- Support for:
- AWS Cognito
- Auth0
- Firebase Auth (Only ID token)
Requirements
Python 3.6+
Install
$ pip install fastapi-cloudauth
Example (AWS Cognito)
Pre-requirement
- Check
region
anduserPoolID
of AWS Cognito that you manage to - Create a user assigned
read:users
permission in AWS Cognito - Get Access/ID token for the created user
NOTE: access token is valid for verification and scope-based authentication. ID token is valid for verification and getting user info from claims.
Create it
Create a file main.py with:
import os
from fastapi import FastAPI, Depends
from fastapi_cloudauth.cognito import Cognito, CognitoCurrentUser, CognitoClaims
app = FastAPI()
auth = Cognito(region=os.environ["REGION"], userPoolId=os.environ["USERPOOLID"])
@app.get("/", dependencies=[Depends(auth.scope("read:users"))])
def secure():
# access token is valid
return "Hello"
get_current_user = CognitoCurrentUser(
region=os.environ["REGION"], userPoolId=os.environ["USERPOOLID"]
)
@app.get("/user/")
def secure_user(current_user: CognitoClaims = Depends(get_current_user)):
# ID token is valid
return f"Hello, {current_user.username}"
Run the server with:
$ uvicorn main:app
INFO: Started server process [15332]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
Interactive API Doc
Go to http://127.0.0.1:8000/docs.
You will see the automatic interactive API documentation (provided by Swagger UI).
Authorize
:unlock: button can be available at the endpoints injected dependency.
You can put token and try endpoint interactively.
Example (Auth0)
Pre-requirement
- Check
domain
of Auth0 that you manage to - Create a user assigned
read:users
permission in Auth0 - Get Access/ID token for the created user
Create it
Create a file main.py with:
import os
from fastapi import FastAPI, Depends
from fastapi_cloudauth.auth0 import Auth0, Auth0CurrentUser, Auth0Claims
app = FastAPI()
auth = Auth0(domain=os.environ["DOMAIN"])
@app.get("/", dependencies=[Depends(auth.scope("read:users"))])
def secure():
# access token is valid
return "Hello"
get_current_user = Auth0CurrentUser(domain=os.environ["DOMAIN"])
@app.get("/user/")
def secure_user(current_user: CognitoClaims = Depends(get_current_user)):
# ID token is valid
return f"Hello, {current_user.username}"
Try to run the server and see interactive UI in the same way.
Example (Firebase Authentication)
Pre-requirement
- Create a user in Firebase Authentication
- Get ID token for the created user
Create it
Create a file main.py with:
from fastapi import FastAPI, Depends
from fastapi_cloudauth.firebase import FirebaseCurrentUser, FirebaseClaims
app = FastAPI()
get_current_user = FirebaseCurrentUser()
@app.get("/user/")
def secure_user(current_user: FirebaseClaims = Depends(get_current_user)):
# ID token is valid
return f"Hello, {current_user.user_id}"
Try to run the server and see interactive UI in the same way.
Custom claims
We can get values for current user by writing a few lines. For Auth0, ID token contains extra values as follows (Ref at Auth0 official doc):
{
"iss": "http://YOUR_DOMAIN/",
"sub": "auth0|123456",
"aud": "YOUR_CLIENT_ID",
"exp": 1311281970,
"iat": 1311280970,
"name": "Jane Doe",
"given_name": "Jane",
"family_name": "Doe",
"gender": "female",
"birthdate": "0000-10-31",
"email": "janedoe@example.com",
"picture": "http://example.com/janedoe/me.jpg"
}
By default, Auth0CurrentUser
gives pydantic.BaseModel
object, which has username
(name) and email
fields.
Here is a sample code to extract extra user information (adding user_id
):
from pydantic import Field
from fastapi_cloudauth.auth0 import Auth0Claims # base current user info model (inheriting `pydantic`).
# extend current user info model by `pydantic`.
class CustomAuth0Claims(Auth0Claims):
user_id: str = Field(alias="sub")
get_current_user = Auth0CurrentUser(domain=DOMAIN)
get_current_user.user_info = CustomAuth0Claims # override user info model by custom one.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for fastapi_cloudauth-0.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9e4a2e73e00ce15bdb1d53de1473e7bee37ab77a06f684b09ea236eae90c7545 |
|
MD5 | 5a1f0f3839878c114b8ab9d67abd5e5b |
|
BLAKE2b-256 | 4c9551125d7f4167460745f105d2841e3f362dc79bd6f7bb618bbeab5211c193 |