Verify and decrypt 3rd party OpenID Connect tokens to protect your FastAPI endpoints.
Easily used with authenticators such as:
- Keycloak (open source)
- SuperTokens (open source)
- Auth0
- Okta
FastAPI's generated interactive documentation supports the grant types
authorization_code
, implicit
, password
and client_credentials
.
.. toctree:: :maxdepth: 2 :caption: Contents:
poetry add fastapi-third-party-auth
Or, for the old-timers:
pip install fastapi-third-party-auth
Basic configuration for verifying OIDC tokens.
from fastapi import Depends
from fastapi import FastAPI
from fastapi import Security
from fastapi import status
from fastapi_third_party_auth import Auth
from fastapi_third_party_auth import GrantType
from fastapi_third_party_auth import KeycloakIDToken
auth = Auth(
openid_connect_url="http://localhost:8080/auth/realms/my-realm/.well-known/openid-configuration",
issuer="http://localhost:8080/auth/realms/my-realm", # optional, verification only
client_id="my-client", # optional, verification only
scopes=["email"], # optional, verification only
grant_types=[GrantType.IMPLICIT], # optional, docs only
idtoken_model=KeycloakIDToken, # optional, verification only
)
app = FastAPI(
title="Example",
version="dev",
dependencies=[Depends(auth)],
)
@app.get("/protected")
def protected(id_token: KeycloakIDToken = Security(auth.required)):
return dict(message=f"You are {id_token.email}")
.. automodule:: fastapi_third_party_auth.auth :members:
.. automodule:: fastapi_third_party_auth.grant_types :members:
.. automodule:: fastapi_third_party_auth.idtoken_types :members: