stackoom
  简体   繁体   中英

How to implement OAuth to FastAPI with client ID & Secret

 原文  2020-08-04 13:36:37       python/ oauth-2.0/ fastapi

Question

I have followed the docs about Oauth2 but it does not describe the proccess to add client id and secret

https://fastapi.tiangolo.com/advanced/security/oauth2-scopes/

and what this does

class UserInDB(User):
    hashed_password: str

from the original example

1 answers

solution1
 3 ACCPTED  2020-08-05 11:35:43

In documentation it uses OAuth2PasswordRequestForm to authenticate the user this class has basically 6 different Fields,

grant_type: str = Form(None, regex="password"),
username: str = Form(...),
password: str = Form(...),
scope: str = Form(""),
client_id: Optional[str] = Form(None),
client_secret: Optional[str] = Form(None),

So you can add client_id and client_secret ,if you are interested Repository here.

But i usally prefer authlib , it saves so much time makes it easier. Here is a complete example of how you can create a OAuth with authlib

First create a OAuth Client

from authlib.integrations.starlette_client import OAuth
from starlette.config import Config

config = Config('.env')  # read config from .env file
oauth = OAuth(config)
oauth.register(
    name='google',
    server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
    client_kwargs={
        'scope': 'openid email profile'
    }
)

We don't need to add client_id and client_secret here, because they are in.env file. You are not supposed to hard code them in the code in real products.Google has an OpenID discovery endpoint, we can use this URL for server_metadata_url . Authlib will automatically fetch this server_metadata_url to configure the OAuth client for you.

Now we will create a FastAPI application to define a login route.

from fastapi import FastAPI, Request
from starlette.middleware.sessions import SessionMiddleware

app = FastAPI()
app.add_middleware(SessionMiddleware, secret_key="secret-string")

We need this SessionMiddleware, because Authlib will use request.session to store temporary codes and states. The below code which is /login endpoint, will redirect you to Google account website.

@app.route('/login')
async def login(request: Request):
    redirect_uri = request.url_for('auth')
    return await oauth.google.authorize_redirect(request, redirect_uri

When you grant access from Google website, Google will redirect back to your given redirect_uri , which is request.url_for('auth') :

@app.route('/auth')
async def auth(request: Request):
    token = await oauth.google.authorize_access_token(request)
    user = await oauth.google.parse_id_token(request, token)
    return user

The above code will obtain a token which contains access_token and id_token. An id_token contains user info, we just need to parse it to get the login user's information.

Sources: Authlib-FastAPI-Google-Login

Also if you still wanna use Pure FastAPI check this link FastAPI OAuth2PasswordRequestForm

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do i implement login with FastAPI /token endpoint in Flutter? FastAPI(JWT + OAuth) Frontend & Flutter Backend Get the client_id and client_secret dinamically in django with the social_oauth2 authentication How to access spotify's web api with client id and secret? Can I save OAuth2WebServerFlow(CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE, REDIRECT_URI) to a session variable in flask? FastAPI - how to generate random ID? How to safely store client secret? Gmail OAuth API fails to read client_secret.json Python OAuth 2.0 embedd Client_secret.json How to generate OAuth Access Token and Secret on LinkedIn How do I retrieve client ID and secret in Azure to use creating and destroying Virtual Machines?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM