fastapi-cloudauth supports simple integration between FastAPI and cloud authentication services (AWS Cognito, Auth0). This standardize the interface for some authentication services.
- Verify access/id token
- Authenticate permission based on scope (or groups) within access token
- Get login user info (name, email, etc.) within ID token
- Dependency injection for verification/getting user, powered by FastAPI
- Support for:
Python 3.6+
$ pip install fastapi-cloudauth- Check
regionanduserPoolIDof AWS Cognito that you manage to - Create a user assigned
read:userspermission in AWS Cognito - Get Access/ID token for the created user
NOTE: access token is valid for verification and scope-based authentication. ID token is valid for verification and getting user info.
Create a file main.py with:
import os
from fastapi import FastAPI, Depends
from fastapi_cloudauth.cognito import Cognito, CognitoCurrentUser, CognitoClaims
app = FastAPI()
auth = Cognito(region=os.environ["REGION"], userPoolId=os.environ["USERPOOLID"])
@app.get("/", dependencies=[Depends(auth.scope("read:users"))])
def secure():
# access token is valid
return "Hello"
get_current_user = CognitoCurrentUser(
region=os.environ["REGION"], userPoolId=os.environ["USERPOOLID"]
)
@app.get("/user/")
def secure_user(current_user: CognitoClaims = Depends(get_current_user)):
# ID token is valid
return f"Hello, {current_user.username}"Run the server with:
$ uvicorn main:app
INFO: Started server process [15332]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)Go to http://127.0.0.1:8000/docs.
You will see the automatic interactive API documentation (provided by Swagger UI).
Authorize 🔓 button can be available at the endpoints injected dependency.
You can put token and try endpoint interactively.
