Skip to main content

Generic OAuth2 authorization-code login for FastAPI, with pluggable user storage and JWT sessions

Project description

mpt-fastapi-oauth

mptauth - generic OAuth2 (authorization-code) login for FastAPI.

Works against any spec-compliant OAuth2/OIDC provider (Google, GitHub, Keycloak, Auth0, or a custom in-house IdP) by configuring its endpoints explicitly. After the provider redirect completes, mptauth hands the user's profile to a host-supplied resolve_user hook (so you control how/where users are stored) and issues its own short-lived session JWT.

Usage

from fastapi import Depends, FastAPI
from mptauth import (
    OAuth2Client,
    OAuth2ProviderConfig,
    TokenIssuer,
    build_current_user_dependency,
    build_oauth_router,
)

provider = OAuth2ProviderConfig(
    client_id="...",
    client_secret="...",
    base_url="https://provider.example.com",
    redirect_uri="https://myapp.example.com/auth/callback",
    scopes=("openid", "profile", "email"),
    # authorize_path / token_path / userinfo_path default to the
    # Django OAuth Toolkit-style "/o/authorize", "/o/token/",
    # "/api/v1/account/me/" - override them if your provider differs
)
client = OAuth2Client(provider)
issuer = TokenIssuer(secret_key="change-me", expire_minutes=60 * 24)


def resolve_user(profile: dict) -> dict:
    # Map the provider profile to local user claims. Look the user up (or
    # create it) in your own storage here; mptauth doesn't dictate storage.
    return {"sub": profile["email"], "name": profile.get("name")}


app = FastAPI()
app.include_router(build_oauth_router(client=client, issuer=issuer, resolve_user=resolve_user))

get_current_user = build_current_user_dependency(issuer)


@app.get("/me")
def me(user: dict = Depends(get_current_user)):
    return user

This exposes:

  • GET /auth/login - redirects the browser to the provider's authorize endpoint
  • GET /auth/callback - exchanges the code, resolves the user, and returns {"access_token", "token_type"}
  • Depends(get_current_user) - verifies the session JWT on protected routes

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mpt_fastapi_oauth-0.1.0.tar.gz (5.2 kB view details)

Uploaded Source

File details

Details for the file mpt_fastapi_oauth-0.1.0.tar.gz.

File metadata

  • Download URL: mpt_fastapi_oauth-0.1.0.tar.gz
  • Upload date:
  • Size: 5.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for mpt_fastapi_oauth-0.1.0.tar.gz
Algorithm Hash digest
SHA256 af82c7dc1d06e7cc861756a6737b79f8746d68d8fdd60503719c1a5ee9d60099
MD5 e6636cf58a31568b0e8cdcb061f4d120
BLAKE2b-256 7bd2f8f8856ef050ece0ccfaa1289dbbd2bae6de6ed4a915ad981e60da62a70b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page