Parse token for additional information #22
Comments
Hello @afraazali. Sorry for coming back this late to you, this notification somehow got stuck in my spam folder. For your first question: Yes. It is possible and relatively easy to achieve. Our data transfer objects are based on pydantic models. So, if you want to extend the /model.py class OIDCUser(BaseModel):
sub: str
iat: int
exp: int
scope: Optional[str]
email_verified: bool
name: Optional[str]
given_name: Optional[str]
family_name: Optional[str]
email: Optional[str]
realm_access: Optional[dict]
groups: Optional[List[str]] # <---- New attribute If your token contains a section "groups" it will be included in the ...
user = OIDCUser.parse_obj(decoded_token)
... We did not add all these attributes as they were not in our initial scope. We also are a bit short on time to add all of these ourselves, but we're happy to see a pull request for it 😊 As for the second question; I'm not sure what you mean by "adding more scopes". Could you please elaborate on that? |
Thank you @yannicschroeer. As for my second question, in keycloak, there are multiple optional client scopes. For example: address When using |
I'm still not sure I get your question. The |
Apologies, the actual method has nothing to do with scopes, I’m more wondering how I can request additional scopes. Like this: https://fastapi.tiangolo.com/advanced/security/oauth2-scopes/?h=scope |
Scopes are a concept that is not explicitly bound to our package. Scopes are an authorization concept, and we mainly focus on authentication in this package. You usually request the scopes when logging in as a user. This is dependent on two factors:
I think what you're actually looking for is an authorization middleware. You might want to check out https://fastapi-auth-middleware.code-specialist.com/ . We recently created this package and it's main focus is to deliver plug-and-play authentication and authorization, including scope management (either provided by the IDP solution or the app itself). It works perfectly with fastapi-keycloak, but we did not finish an example yet. I hope I got your question right this time. |
Thank you @yannicschroeer. This is exactly what I was looking for. |
I've been using https://github.com/elbernv/fastapi-keycloack to add security to my routes. I was trying to switch to using this library, seeing as though it is getting regular updates. I was wondering if it's currently possible to decode more from the token than what the OIDCUser object currently returns?
For example, I've added the users group memberships to the profile scope, I've also added it as it's own scope, so two questions:
Thank you.
The text was updated successfully, but these errors were encountered: