fastapi.security support
lukas-koschmieder opened this issue · 3 comments
Following the FastAPI-SSO documentation, I have managed to configure a working SSO. I had to define a custom SSO provider but it still works perfectly. My current setup includes a login route (redirecting to my OAuth server) and callback route (returning some user information). Next, I would like to somehow integrate my custom SSOProvider into the FastAPI security mechanism. I'm not an expert on this topic but the driving idea seems to be that you inject your auth provider as dependencies into your FastAPI routers/apps (using fastapi.Depends). Does FastAPI-SSO support this mechanism as well?
Hi @lukas-koschmieder and thanks for your question. I am not ignoring it but I've been quite busy and fail to provide you with a full example.
The thing is fastapi-sso doesn't solve login for you, it only solves the part where you authenticate your user with a login provider. What you do next in your application is up to you. What I usually do is create a JWT (using python-jose) and return it in a cookie for the user. Then you can use ApiKeyCookie from fastapi.security as your dependency for protected endpoints which will add the lock icon into your Swagger documentation.
I'll try to come up with a code example ASAP, sorry for keeping you waiting.
@tomasvotava
Hi! Is there already a code example for the login you mentioned?
With the exact speed of 19 characters per day I have finished writing this article. Sorry for taking this long.
https://tomasvotava.github.io/fastapi-sso/how-to-guides/use-with-fastapi-security/
Let me know if that's not sufficient and I'll gladly reopen this issue.