An isolated example to show github authorization-code oauth flow in fastapi for web application flow + simple HttpBearer route dependency.
- Log into github
- Settings > Developer Settings > Oauth Apps > New oauth App
- Fill out the form
<some-name>http://localhost:8000<some-description>http://localhost:8000/auth/login
- Generate a ClientSecret (and don't paste it anywhere)
- Copy
ClientID&ClientSecret - Add your required scopes from https://docs.github.com/
- Put it into and
.env - Take a look at the github documentation @ https://docs.github.com/
The device flow isn't covered here at all. This example shows a simple web application flow using fastapis onboard utilities.
- Request user permissions for provided scopes (
/auth/request)
- Let your user authenticate the github oauth app permission request
- Github will forward to your
CALLBACK_URL(/auth/login)
- Recieve code from github and use it to provide the satisfied
acces_token(/auth/login) - Use the recieved
acces_tokenfrom step 2 to verify it using the Github API
- Output look like:
{"Id":<UserId>,"Login":"<GithubLogin>","Token":"<UserToken>","Message":"Happy hacking :D"}
- Use
HttpBearer, to bear the token and use it as dependency for our routes - These routes are only accessible for authenticated users (requests with valid
access_token) - See the example with
secure/content
Install stuff with poetry
git clone git@github.com:arrrrrmin/fastapi-github-oauth.git
cd fastapi-github-oauth
poetry install
poetry shell
uvicorn app.main:app --reload- Do the setup for your Oauth application create some github oauth app
- Do API setup stuff with Install stuff with poetry
- Open the file in
examples/example.html - Click the link
- Happy hacking 🎉