Documentation: https://fastapi-third-party-auth.readthedocs.io/
Source Code: https://github.com/aiwizo/fastapi-third-party-auth
Simple library for using a third party authentication service with FastAPI. Verifies and decrypts 3rd party OpenID Connect tokens to protect your endpoints.
Easily used with authentication services such as:
- Keycloak (open source)
- SuperTokens (open source)
- Auth0
- Okta
FastAPI's generated interactive documentation supports the grant flows:
GrantType.AUTHORIZATION_CODE
GrantType.IMPLICIT
GrantType.PASSWORD
GrantType.CLIENT_CREDENTIALS
poetry add fastapi-third-party-auth
Or, for the old-timers:
pip install fastapi-third-party-auth
See this example for how to use
docker-compose to set up authentication with fastapi-third-party-auth +
Keycloak.
from fastapi import Depends
from fastapi import FastAPI
from fastapi import Security
from fastapi import status
from fastapi_third_party_auth import Auth
from fastapi_third_party_auth import GrantType
from fastapi_third_party_auth import KeycloakIDToken
auth = Auth(
openid_connect_url="http://localhost:8080/auth/realms/my-realm/.well-known/openid-configuration",
issuer="http://localhost:8080/auth/realms/my-realm", # optional, verification only
client_id="my-client", # optional, verification only
scopes=["email"], # optional, verification only
grant_types=[GrantType.IMPLICIT], # optional, docs only
idtoken_model=KeycloakIDToken, # optional, verification only
)
app = FastAPI(
title="Example",
version="dev",
dependencies=[Depends(auth)],
)
@app.get("/protected")
def protected(id_token: KeycloakIDToken = Security(auth.required)):
return dict(message=f"You are {id_token.email}")The IDToken class will accept any number of extra fields but you can also validate fields in the token like this:
class MyAuthenticatedUser(IDToken):
custom_field: str
custom_default: float = 3.14
auth = Auth(
...,
idtoken_model=MyAuthenticatedUser,
)