Helpers for authentication & authorization patterns for eoAPI applications.
pip install eoapi.auth-utils
In your eoAPI application:
from eoapi.auth_utils import AuthSettings, OpenIdConnectAuth
from fastapi import FastAPI
from fastapi.routing import APIRoute
from stac_fastapi.api.app import StacApi
auth_settings = AuthSettings(_env_prefix="AUTH_")
api = StacApi(
app=FastAPI(
# ...
swagger_ui_init_oauth={
"clientId": auth_settings.client_id,
"usePkceWithAuthorizationCodeGrant": auth_settings.use_pkce,
},
),
# ...
)
if auth_settings.openid_configuration_url:
oidc_auth = OpenIdConnectAuth.from_settings(auth_settings)
# Implement your custom app-specific auth logic here...
restricted_routes = {
"/collections": ("POST", "stac:collection:create"),
"/collections/{collection_id}": ("PUT", "stac:collection:update"),
"/collections/{collection_id}": ("DELETE", "stac:collection:delete"),
"/collections/{collection_id}/items": ("POST", "stac:item:create"),
"/collections/{collection_id}/items/{item_id}": ("PUT", "stac:item:update"),
"/collections/{collection_id}/items/{item_id}": ("DELETE", "stac:item:delete"),
}
api_routes = {
route.path: route for route in api.app.routes if isinstance(route, APIRoute)
}
for endpoint, (method, scope) in restricted_routes.items():
route = api_routes.get(endpoint)
if route and method in route.methods:
oidc_auth.apply_auth_dependencies(route, required_token_scopes=[scope])Releases are managed via CICD workflow, as described in the Python Packaging User Guide. To create a new release:
- Update the version in
eoapi/auth_utils/__init__.pyfollowing appropriate Semantic Versioning convention. - Push a tagged commit to
main, with the tag matching the package's new version number.
Note
This package makes use of Github's automatically generated release notes. These can be later augmented if one sees fit.