Skip to main content
Join the official 2020 Python Developers SurveyStart the survey!

No project description provided

Project description

Starlette OAuth2

A Startlette middleware for authentication through oauth2's via a secret key, which is often used to add authentication and authorization to a web application that interacts with an API on behalf of the user.

This middleware is intented to be used when the application relies on an external tenant (e.g. Microsoft AD) for authentication.

Check example/ for a concrete implementation.

How to run the example against Microsoft AD

Note: the values in capital such as CLIENT_ID are to be added to example/.venv.

  1. Generate a secret (e.g. openssl rand -base64 32) and write its value on SECRET_KEY

  2. Go to Azure AD, create an app registration (app registrations), give it a name, and add http://localhost:5001/authorized as a Redirect URI.

    • add the value on Application (client) ID to CLIENT_ID
    • add the value on Endpoints > OpenID Connect metadata document to SERVER_METADATA_URL
  3. In Certificates & secrets tab, create a new client secret.

    • add the value of the key you just created under Client secrets to CLIENT_SECRET
  4. Install dependencies and run:

cd example
python -m venv venv
venv/bin/pip install -r requirements.txt
venv/bin/python -m app

When you visit http://localhost:5001/public, you will see that you are not authenticated. When you visit http://localhost:5001/other, you will be redirected to your tenant, to authenticate. Once authenticated, you will be redirected back to http://localhost:5001/other, and your email will appear.

Public endpoints are optional. They are useful for e.g. health checks.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for starlette-oauth2, version 0.3.1
Filename, size File type Python version Upload date Hashes
Filename, size starlette-oauth2-0.3.1.tar.gz (3.3 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page