Skip to main content

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account)

Project description

FastAPI SSO

Supported Python Versions Test coverage Tests Workflow Status Lint Workflow Status Mypy Workflow Status Black Workflow Status CodeQL Workflow Status PyPi weekly downloads Project License PyPi Version

FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 account).

This allows you to implement the famous Login with Google/Facebook/Microsoft buttons functionality on your backend very easily.

Documentation: https://tomasvotava.github.io/fastapi-sso/

Source Code: https://github.com/tomasvotava/fastapi-sso

Demo site

An awesome demo site was created and is maintained by even awesomer Chris Karvouniaris (@chrisK824). Chris has also posted multiple Medium articles about FastAPI and FastAPI SSO.

Be sure to see his tutorials, follow him and show him some appreciation!

Please see his announcement with all the links.

Quick links for the eager ones:

Security Notice

Version 0.19.0 Update: OAuth state Validation Fix

A critical OAuth login CSRF vulnerability caused by missing state validation was reported by @davidbors-snyk (Snyk Security Labs) in #266 and has been resolved in version 0.19.0.

Starting with fastapi-sso==1.0.0, OAuth state will be backed by a pluggable server-side store (in-memory by default, with support for external stores such as Redis).

Version 0.16.0 Update: Race Condition Bug Fix & Context Manager Change

A race condition bug in the login flow that could, in rare cases, allow one user to assume the identity of another due to concurrent login requests was recently discovered by @parikls. This issue was reported in #186 and has been resolved in version 0.16.0.

Details of the Fix:

The bug was mitigated by introducing an async lock mechanism that ensures only one user can attempt the login process at any given time. This prevents race conditions that could lead to unintended user identity crossover.

Important Change:

To fully support this fix, users must now use the SSO instance within an async with context manager. This adjustment is necessary for proper handling of asynchronous operations.

The synchronous with context manager is now deprecated and will produce a warning. It will be removed in future versions to ensure best practices for async handling.

Impact:

This bug could potentially affect deployments with high concurrency or scenarios where multiple users initiate login requests simultaneously. To prevent potential issues and deprecation warnings, update to version 0.16.0 or later and modify your code to use the async with context.

Code Example Update:

# Before (deprecated)
with sso:
    openid = await sso.verify_and_process(request)

# After (recommended)
async with sso:
    openid = await sso.verify_and_process(request)

Thanks to both @parikls and the community for helping me identify and improve the security of fastapi-sso. If you encounter any issues or potential vulnerabilities, please report them immediately so they can be addressed.

For more details, refer to Issue #186 and PR #189.

Support this project

If you'd like to support this project, consider buying me a coffee ☕. I tend to process Pull Requests faster when properly caffeinated 😉.

Buy Me A Coffee

Supported login providers

Official

  • Google
  • Microsoft
  • Facebook
  • Spotify
  • Fitbit
  • Github (credits to Brandl for hint using accept header)
  • generic (see docs)
  • Notion
  • Twitter (X)

Contributed

See Contributing for a guide on how to contribute your own login provider.

Installation

Install using pip

pip install fastapi-sso

Install using poetry

poetry add fastapi-sso

Contributing

If you'd like to contribute and add your specific login provider, please see Contributing file.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fastapi_sso-0.21.1.tar.gz (18.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fastapi_sso-0.21.1-py3-none-any.whl (29.2 kB view details)

Uploaded Python 3

File details

Details for the file fastapi_sso-0.21.1.tar.gz.

File metadata

  • Download URL: fastapi_sso-0.21.1.tar.gz
  • Upload date:
  • Size: 18.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.3.2 CPython/3.14.5 Linux/6.12.91-1-MANJARO

File hashes

Hashes for fastapi_sso-0.21.1.tar.gz
Algorithm Hash digest
SHA256 c6f730b075caf537efa7c0f531095cf2d963a6fa27d059b3300e5eb19b282adb
MD5 5935bf081b674cc34305fdf041625136
BLAKE2b-256 41381288b0248f91822bba254ce852466857cb51217b817c3d62bcc21cfd4d9e

See more details on using hashes here.

File details

Details for the file fastapi_sso-0.21.1-py3-none-any.whl.

File metadata

  • Download URL: fastapi_sso-0.21.1-py3-none-any.whl
  • Upload date:
  • Size: 29.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.3.2 CPython/3.14.5 Linux/6.12.91-1-MANJARO

File hashes

Hashes for fastapi_sso-0.21.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d73216ffc29a18a6e7b47260f249d593537b777bec1026d0596d0ec374a042ff
MD5 4a0291b6c965ffd971abc657a47bf4d9
BLAKE2b-256 2572f66eb9ccbb03a4566af471e12c88c5c6278c6d8185efc6891174c62b6272

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page