Skip to main content

Generic OAuth2 authorization-code login for FastAPI, with pluggable user storage and JWT sessions

Project description

mpt-fastapi-oauth

mptauth - generic OAuth2 (authorization-code) login for FastAPI.

Works against any spec-compliant OAuth2/OIDC provider (Google, GitHub, Keycloak, Auth0, or a custom in-house IdP) by configuring its endpoints explicitly. After the provider redirect completes, mptauth hands the user's profile to a host-supplied resolve_user hook (so you control how/where users are stored) and issues its own short-lived session JWT.

Install

pip install mpt-fastapi-oauth

Usage

from fastapi import Depends, FastAPI
from mptauth import (
    OAuth2Client,
    OAuth2ProviderConfig,
    TokenIssuer,
    build_current_user_dependency,
    build_oauth_router,
)

provider = OAuth2ProviderConfig(
    client_id="...",
    client_secret="...",
    base_url="https://provider.example.com",
    redirect_uri="https://myapp.example.com/auth/callback",
    scopes=("openid", "profile", "email"),
    # authorize_path / token_path / userinfo_path default to the
    # Django OAuth Toolkit-style "/o/authorize", "/o/token/",
    # "/api/v1/account/me/" - override them if your provider differs
)
client = OAuth2Client(provider)
issuer = TokenIssuer(secret_key="change-me", expire_minutes=60 * 24)


def resolve_user(profile: dict) -> dict:
    # Map the provider profile to local user claims. Look the user up (or
    # create it) in your own storage here; mptauth doesn't dictate storage.
    return {"sub": profile["email"], "name": profile.get("name")}


app = FastAPI()
app.include_router(build_oauth_router(client=client, issuer=issuer, resolve_user=resolve_user))

get_current_user = build_current_user_dependency(issuer)


@app.get("/me")
def me(user: dict = Depends(get_current_user)):
    return user

This exposes:

  • GET /auth/login - redirects the browser to the provider's authorize endpoint
  • GET /auth/callback - exchanges the code, resolves the user, and returns {"access_token", "token_type"}
  • Depends(get_current_user) - verifies the session JWT on protected routes

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mpt_fastapi_oauth-0.1.2.tar.gz (5.4 kB view details)

Uploaded Source

File details

Details for the file mpt_fastapi_oauth-0.1.2.tar.gz.

File metadata

  • Download URL: mpt_fastapi_oauth-0.1.2.tar.gz
  • Upload date:
  • Size: 5.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for mpt_fastapi_oauth-0.1.2.tar.gz
Algorithm Hash digest
SHA256 a30d5437d719a5e49f588bafbb902014a4201c099bad53cbd1c3079f3493f550
MD5 6fc4d54c57b45c21760934f4b24b4e11
BLAKE2b-256 cdd9c8e74695ee20c72835f658635079c0bdbc6b8658e6986f6e4240912d8a4c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page