Documentation: https://fastapi-third-party-auth.readthedocs.io/
Source Code: https://github.com/aiwizo/fastapi-third-party-auth
Simple library for using a third party authentication service with FastAPI. Verifies and decrypts 3rd party OpenID Connect tokens to protect your endpoints.
Easily used with authentication services such as:
- Keycloak (open source)
- SuperTokens (open source)
- Auth0
- Okta
FastAPI's generated interactive documentation supports the grant flows:
GrantType.AUTHORIZATION_CODE GrantType.IMPLICIT GrantType.PASSWORD GrantType.CLIENT_CREDENTIALS
poetry add fastapi-third-party-auth Or, for the old-timers:
pip install fastapi-third-party-auth See this example for how to use docker-compose to set up authentication with fastapi-third-party-auth + Keycloak.
from fastapi import Depends from fastapi import FastAPI from fastapi import Security from fastapi import status from fastapi_third_party_auth import Auth from fastapi_third_party_auth import GrantType from fastapi_third_party_auth import KeycloakIDToken auth = Auth( openid_connect_url="http://localhost:8080/auth/realms/my-realm/.well-known/openid-configuration", issuer="http://localhost:8080/auth/realms/my-realm", # optional, verification only client_id="my-client", # optional, verification only scopes=["email"], # optional, verification only grant_types=[GrantType.IMPLICIT], # optional, docs only idtoken_model=KeycloakIDToken, # optional, verification only ) app = FastAPI( title="Example", version="dev", dependencies=[Depends(auth)], ) @app.get("/protected") def protected(id_token: KeycloakIDToken = Security(auth.required)): return dict(message=f"You are {id_token.email}")The IDToken class will accept any number of extra fields but you can also validate fields in the token like this:
class MyAuthenticatedUser(IDToken): custom_field: str custom_default: float = 3.14 auth = Auth( ..., idtoken_model=MyAuthenticatedUser, )