Skip to main content

Middleware for FastAPI to authenticate a user against keycloak

Project description

Documentation Status License: MIT GitHub issues GitHub release (latest by date) GitHub top language pre-commit.ci status

FastAPI Keycloak Middleware

Full documentation is available at Read The Docs

This package provides a middleware for FastAPI that simplifies integrating with Keycloak for authentication and authorization. It supports OIDC and supports validating access tokens, reading roles and basic authentication. In addition it provides several decorators and dependencies to easily integrate into your FastAPI application.

It relies on the python-keycloak package, which is the only dependency outside of the FastAPI ecosystem which would be installed anyway. Shoutout to the author of fastapi-auth-middleware which served as inspiration for this package and some of its code.

In the future, I plan to add support for fine grained authorization using Keycloak Authorization services.

Motivation

Using FastAPI and Keycloak quite a lot, and keeping to repeat myself quite a lot when it comes to authentiating users, I decided to create this library to help with this.

There is a clear separation between the authentication and authorization:

  • Authentication is about verifying the identity of the user (who they are). This is done by an authentication backend that verifies the users access token obtained from the identity provider (Keycloak in this case).
  • Authorization is about deciding which resources can be accessed. This package providers convenience decoraters to enforce certain roles or permissions on FastAPI endpoints.

Installation

Install the package using poetry:

poetry add fastapi-keycloak-middleware

or pip:

pip install fastapi-keycloak-middleware

Features

The package helps with:

  • An easy to use middleware that validates the request for an access token
  • Validation can done in one of two ways:
    • Validate locally using the public key obtained from Keycloak
    • Validate using the Keycloak token introspection endpoint
  • Using Starlette authentication mechanisms to store both the user object as well as the authorization scopes in the Request object
  • Ability to provide custom callback functions to retrieve the user object (e.g. from your database) and to provide an arbitrary mapping to authentication scopes (e.g. roles to permissions)
  • A decorator to use previously stored information to enforce certain roles or permissions on FastAPI endpoints
  • Convenience dependencies to retrieve the user object or the authorization result after evaluation within the FastAPI endpoint

Acknowledgements

This package is heavily inspired by fastapi-auth-middleware which provides some of the same functionality but without the direct integration into Keycloak. Thanks for writing and providing this great piece of software!

Contributing

The client is written in pure Python. Any changes or pull requests are more than welcome, but please adhere to the code style.

Ruff is used both for code formatting and linting. Before committing, please run the following command to ensure that your code is properly formatted:

ruff check .
ruff format .

A pre-commit hook configuration is supplied as part of the project.

Development

This project is using Act to handle local development tasks. It is used to work locally and also to test Github actions before deploying them.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fastapi_keycloak_middleware-1.1.0.tar.gz (16.4 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file fastapi_keycloak_middleware-1.1.0.tar.gz.

File metadata

  • Download URL: fastapi_keycloak_middleware-1.1.0.tar.gz
  • Upload date:
  • Size: 16.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.3.1 CPython/3.10.3 Linux/6.5.0-1024-azure

File hashes

Hashes for fastapi_keycloak_middleware-1.1.0.tar.gz
Algorithm Hash digest
SHA256 d68e443f070a95ff7454e6a7f41737e95d2cd2264b6bf66c9c6554cbf8ec5773
MD5 e5e66ed485da543ae25bafaaefbd01dd
BLAKE2b-256 d774942949094ef4bb66ad4a7c242b05c7aee2741e1da4163a24cd7d3e857601

See more details on using hashes here.

File details

Details for the file fastapi_keycloak_middleware-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for fastapi_keycloak_middleware-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cc5cba9b24dd297f8bb2a77207df66c903b05c411863cd4c6fc79152b9c7cde2
MD5 db7cb4f43390a80558dac7e719c224d8
BLAKE2b-256 cead500df28e424188c2d992fa9b754366f6564782712c72e9578df76dd7ee9b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page