This is an example of OpenID Connect 1.0 server in FastAPI and Authlib.
- FastAPI Repo: https://github.com/tiangolo/fastapi
- Authlib Repo: https://github.com/lepture/authlib
This is a ready to run example, let's take a quick experience at first. To run the example, we need to install all the dependencies:
$ pip install -r requirements.txtSet FastAPI and Authlib environment variables:
# disable check https (DO NOT SET THIS IN PRODUCTION)
$ export AUTHLIB_INSECURE_TRANSPORT=1Create Database and run the development server:
$ uvicorn main:app --host 127.0.0.1 --port 5000 --reloadNow, you can open your browser with http://127.0.0.1:5000/.
Before testing, we need to create a client:
NOTE: YOU MUST ADD openid SCOPE IN YOUR CLIENT
Let's take authorization_code grant type as an example. Visit:
$ curl -i -XPOST http://127.0.0.1:5000/oauth/authorize?client_id=${CLIENT_ID}&response_type=code&scope=openid+profile&nonce=abc -F uuid=XXXXXXXAfter that, you will be redirect to a URL. For instance:
HTTP/1.1 100 Continue
HTTP/1.1 302 Found
date: Tue, 06 Oct 2020 22:21:12 GMT
server: uvicorn
location: https://example.com/?code=RSv6j745Ri0DhBSvi2RQu5JKpIVvLm8SFd5ObjOZZSijohe0
content-length: 2
content-type: application/jsonCopy the code value, use curl to get the access token:
$ curl -u "${CLIENT_ID}:${CLIENT_SECRET}" -XPOST http://127.0.0.1:5000/oauth/token -F grant_type=authorization_code -F code=RSv6j745Ri0DhBSvi2RQu5JKpIVvLm8SFd5ObjOZZSijohe0 -F scope=profileNow you can access /oauth/userinfo:
$ curl -H "Authorization: Bearer ${access_token}" http://127.0.0.1:5000/oauth/userinfo