{"id":13424571,"url":"https://github.com/Intility/fastapi-azure-auth","last_synced_at":"2025-03-15T18:35:25.297Z","repository":{"id":38358162,"uuid":"394764603","full_name":"intility/fastapi-azure-auth","owner":"intility","description":"Easy and secure implementation of Azure Entra ID (previously AD) for your FastAPI APIs 🔒 B2C, single- and multi-tenant support.","archived":false,"fork":false,"pushed_at":"2025-03-03T13:20:19.000Z","size":7440,"stargazers_count":509,"open_issues_count":6,"forks_count":72,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-03-13T17:07:23.119Z","etag":null,"topics":["anyio","asgi","asyncio","authentication","azure","azure-active-directory","azure-ad","azuread","fastapi","oauth2","oidc","openapi","openid","openidconnect","python","security","trio"],"latest_commit_sha":null,"homepage":"https://intility.github.io/fastapi-azure-auth","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/intility.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-10T19:46:24.000Z","updated_at":"2025-03-07T03:51:51.000Z","dependencies_parsed_at":"2023-02-17T22:31:24.584Z","dependency_job_id":"4db6a65c-9109-484b-9774-2ba708aeb69a","html_url":"https://github.com/intility/fastapi-azure-auth","commit_stats":{"total_commits":282,"total_committers":28,"mean_commits":"10.071428571428571","dds":0.375886524822695,"last_synced_commit":"a03d87a4d80f5672b1823327419815513bd53ffe"},"previous_names":[],"tags_count":33,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intility%2Ffastapi-azure-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intility%2Ffastapi-azure-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intility%2Ffastapi-azure-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intility%2Ffastapi-azure-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/intility","download_url":"https://codeload.github.com/intility/fastapi-azure-auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243775875,"owners_count":20346281,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anyio","asgi","asyncio","authentication","azure","azure-active-directory","azure-ad","azuread","fastapi","oauth2","oidc","openapi","openid","openidconnect","python","security","trio"],"created_at":"2024-07-31T00:00:56.395Z","updated_at":"2025-03-15T18:35:20.276Z","avatar_url":"https://github.com/intility.png","language":"Python","readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg margin=\"0 10px 0 0\" src=\"https://avatars.githubusercontent.com/u/35199565\" width=\"124px\"/\u003e\n  \u003cimg margin=\"0 10px 0 0\" src=\"https://raw.githubusercontent.com/Intility/fastapi-azure-auth/main/docs/static/img/global/fastad.png\" width=\"124px\"/\u003e\u003cbr/\u003e\n  FastAPI-Azure-Auth\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003cem\u003eAzure AD Authentication for FastAPI apps made easy.\u003c/em\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n    \u003c!-- Line 1 --\u003e\n    \u003ca href=\"https://python.org\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/python-v3.8+-blue.svg?logo=python\u0026logoColor=white\u0026label=python\" alt=\"Python version\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://fastapi.tiangolo.com/\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/FastAPI-0.68.0+%20-blue.svg?logo=fastapi\u0026logoColor=white\u0026label=fastapi\" alt=\"FastAPI Version\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://pypi.org/pypi/fastapi-azure-auth\"\u003e\n        \u003cimg src=\"https://img.shields.io/pypi/v/fastapi-azure-auth.svg?logo=pypi\u0026logoColor=white\u0026label=pypi\" alt=\"Package version\"\u003e\n    \u003c/a\u003e\n    \u003c!-- Line 2 --\u003e\n    \u003cbr/\u003e\n    \u003ca href=\"https://codecov.io/gh/intility/fastapi-azure-auth\"\u003e\n        \u003cimg src=\"https://codecov.io/gh/intility/fastapi-azure-auth/branch/main/graph/badge.svg?token=BTFGII4GYR\" alt=\"Codecov\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/pre-commit/pre-commit\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white\" alt=\"Pre-commit\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/psf/black\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/code%20style-black-000000.svg\" alt=\"Black\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"http://mypy-lang.org\"\u003e\n        \u003cimg src=\"http://www.mypy-lang.org/static/mypy_badge.svg\" alt=\"mypy\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://pycqa.github.io/isort/\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/%20imports-isort-%231674b1?style=flat\u0026labelColor=ef8336\" alt=\"isort\"\u003e\n    \u003c/a\u003e\n    \u003c!-- Line 3 --\u003e\n    \u003cbr/\u003e\n    \u003ca href=\"https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Single--tenant-Supported-blue?logo=Microsoft%20Azure\u0026logoColor=white\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Multi--tenant-Supported-blue?logo=Microsoft%20Azure\u0026logoColor=white\"\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n\n## 🚀 Description\n\n\u003e FastAPI is a modern, fast (high-performance), web framework for building APIs with Python, based on standard Python type hints.\n\nAt Intility we use FastAPI for both internal (single-tenant) and customer-facing (multi-tenant) APIs. This package enables our developers (and you 😊) to create features without worrying about authentication and authorization.\n\nAlso, [we're hiring!](https://intility.no/en/career/)\n\n## 📚 Resources\n\nThe [documentation](https://intility.github.io/fastapi-azure-auth/) contains a full tutorial on how to configure Azure AD\nand FastAPI for single- and multi-tenant applications as well as B2C apps. It includes examples on how to lock down\nyour APIs to certain scopes, tenants, roles etc. For first time users it's strongly advised to set up your\napplication exactly how it's described there, and then alter it to your needs later.\n\n[**MIT License**](https://github.com/Intility/fastapi-azure-auth/blob/main/LICENSE)\n| [**Documentation**](https://intility.github.io/fastapi-azure-auth/)\n| [**GitHub**](https://github.com/snok/django-guid)\n\n\n## ⚡ Setup\n\nThis is a tl;dr intended to give you an idea of what this package does and how to use it.\nFor a more in-depth tutorial and settings reference you should read the\n[documentation](https://intility.github.io/fastapi-azure-auth/).\n\n\n#### 1. Install this library:\n```bash\npip install fastapi-azure-auth\n# or\npoetry add fastapi-azure-auth\n```\n\n#### 2. Configure your FastAPI app\nInclude `swagger_ui_oauth2_redirect_url` and `swagger_ui_init_oauth` in your FastAPI app initialization:\n\n```python\n# file: main.py\napp = FastAPI(\n    ...\n    swagger_ui_oauth2_redirect_url='/oauth2-redirect',\n    swagger_ui_init_oauth={\n        'usePkceWithAuthorizationCodeGrant': True,\n        'clientId': settings.OPENAPI_CLIENT_ID,\n    },\n)\n```\n\n#### 3. Setup CORS\nEnsure you have CORS enabled for your local environment, such as `http://localhost:8000`.\n\n#### 4. Configure FastAPI-Azure-Auth\nConfigure either [`SingleTenantAzureAuthorizationCodeBearer`](https://intility.github.io/fastapi-azure-auth/settings/single_tenant), [`MultiTenantAzureAuthorizationCodeBearer`](https://intility.github.io/fastapi-azure-auth/settings/multi_tenant) or [`B2CMultiTenantAuthorizationCodeBearer`](https://intility.github.io/fastapi-azure-auth/settings/b2c)\n\n\n```python\n# file: demoproj/api/dependencies.py\nfrom fastapi_azure_auth.auth import SingleTenantAzureAuthorizationCodeBearer\n\nazure_scheme = SingleTenantAzureAuthorizationCodeBearer(\n    app_client_id=settings.APP_CLIENT_ID,\n    tenant_id=settings.TENANT_ID,\n    scopes={\n        f'api://{settings.APP_CLIENT_ID}/user_impersonation': 'user_impersonation',\n    }\n)\n```\nor for multi-tenant applications:\n```python\n# file: demoproj/api/dependencies.py\nfrom fastapi_azure_auth.auth import MultiTenantAzureAuthorizationCodeBearer\n\nazure_scheme = MultiTenantAzureAuthorizationCodeBearer(\n    app_client_id=settings.APP_CLIENT_ID,\n    scopes={\n        f'api://{settings.APP_CLIENT_ID}/user_impersonation': 'user_impersonation',\n    },\n    validate_iss=False\n)\n```\nTo validate the `iss`, configure an\n[`iss_callable`](https://intility.github.io/fastapi-azure-auth/multi-tenant/accept_specific_tenants_only).\n\n#### 5. Configure dependencies\n\nAdd `azure_scheme` as a dependency for your views/routers, using either `Security()` or `Depends()`.\n```python\n# file: main.py\nfrom demoproj.api.dependencies import azure_scheme\n\napp.include_router(api_router, prefix=settings.API_V1_STR, dependencies=[Security(azure_scheme, scopes=['user_impersonation'])])\n```\n\n#### 6. Load config on startup\n\nOptional but recommended.\n\n```python\n# file: main.py\n@app.on_event('startup')\nasync def load_config() -\u003e None:\n    \"\"\"\n    Load OpenID config on startup.\n    \"\"\"\n    await azure_scheme.openid_config.load_config()\n```\n\n\n## 📄 Example OpenAPI documentation\nYour OpenAPI documentation will get an `Authorize` button, which can be used to authenticate.\n![authorize](docs/static/img/single-and-multi-tenant/fastapi_1_authorize_button.png)\n\nThe user can select which scopes to authenticate with, based on your configuration.\n![scopes](docs/static/img/single-and-multi-tenant/fastapi_3_authenticate.png)\n","funding_links":[],"categories":["Third-Party Extensions","Python"],"sub_categories":["Auth"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FIntility%2Ffastapi-azure-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FIntility%2Ffastapi-azure-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FIntility%2Ffastapi-azure-auth/lists"}