add oauth with facebook (#5)

* add oauth with facebook * add new envs to .envs.example * edit schema for identity-provider and now refresh_token isnt required for facebook client
ruslands · Aug 8, 2023 · 8b06c87 · 8b06c87
1 parent eb60a89
commit 8b06c87
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 3 deletions.
diff --git a/.env.example b/.env.example
@@ -13,6 +13,8 @@ APPLE_CLIENT_ID=<id>
 APPLE_TEAM_ID=<id> 
 APPLE_KEY_ID=<id> 
 APPLE_PRIVATE_KEY=<key>
+FACEBOOK_CLIENT_ID=id
+FACEBOOK_CLIENT_SECRET=secret
 ACCESS_TOKEN_EXPIRE_MINUTES=1440 
 REFRESH_TOKEN_EXPIRE_MINUTES=100000 
 # generate your own JWK key

diff --git a/api/v1/endpoints/auth.py b/api/v1/endpoints/auth.py
@@ -10,6 +10,7 @@
 from fastapi.security import OAuth2PasswordRequestForm, OAuth2PasswordBearer
 from fastapi_sso.sso.base import SSOBase
 from fastapi_sso.sso.google import GoogleSSO
+from fastapi_sso.sso.facebook import FacebookSSO
 from sqlmodel.ext.asyncio.session import AsyncSession
 from pydantic.networks import AnyHttpUrl
 
@@ -45,9 +46,17 @@
     use_state=False,
 )
 
-if google_sso.allow_insecure_http or keycloak_sso.allow_insecure_http:
+facebook_sso = FacebookSSO(
+    client_id=settings.FACEBOOK_CLIENT_ID,
+    client_secret=settings.FACEBOOK_CLIENT_SECRET,
+    allow_insecure_http=True,
+    use_state=False,
+)
+
+if any((google_sso.allow_insecure_http, keycloak_sso.allow_insecure_http, facebook_sso.allow_insecure_http)):
     os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
 
+
 reusable_oauth2 = OAuth2PasswordBearer(
     tokenUrl=f"{settings.HOSTNAME}/api/auth/access-token"
 )
@@ -56,6 +65,7 @@
 class SSOProvider(str, Enum):
     keycloak = "keycloak"
     google = "google"
+    facebook = "facebook"
 
 
 def get_sso_provider(provider: SSOProvider) -> SSOBase:
@@ -64,6 +74,8 @@ def get_sso_provider(provider: SSOProvider) -> SSOBase:
             return google_sso
         case SSOProvider.keycloak:
             return keycloak_sso
+        case SSOProvider.facebook:
+            return facebook_sso
         case _:
             raise NotFoundException(detail="Provider not found")
 

diff --git a/app/user/schema.py b/app/user/schema.py
@@ -44,12 +44,18 @@ class IIdentityProvider(BaseModel):
     idp_access_token: str
     idp_refresh_token: str
 
-    @validator("idp_access_token", "idp_refresh_token")
+    @validator("idp_access_token")
     def validate_empty(cls, value):
         if not value:
             raise ValueError("Field cannot be empty")
-
         return value
+
+    @validator("idp_refresh_token")
+    def validate_refresh_token(cls, token, values):
+        if values.get("idp") != "facebook":
+            if not token:
+                raise ValueError("Field cannot be empty")
+        return token
 
 
 class ICreate(BaseModel):

diff --git a/core/settings.py b/core/settings.py
@@ -44,6 +44,8 @@ class SecretsSchema(BaseModel):
     APPLE_TEAM_ID: str
     APPLE_KEY_ID: str
     APPLE_PRIVATE_KEY: str
+    FACEBOOK_CLIENT_ID: str
+    FACEBOOK_CLIENT_SECRET: str
     ACCESS_TOKEN_EXPIRE_MINUTES: int
     REFRESH_TOKEN_EXPIRE_MINUTES: int
     JWK: str