{"id":19752733,"url":"https://github.com/datadavev/oauth_example","last_synced_at":"2025-09-05T12:49:40.849Z","repository":{"id":261081915,"uuid":"883206823","full_name":"datadavev/oauth_example","owner":"datadavev","description":"A simple example of ORCIRD authentication in FastAPI using JWT","archived":false,"fork":false,"pushed_at":"2025-01-08T21:30:34.000Z","size":115,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-10T21:47:52.911Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datadavev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-04T15:02:16.000Z","updated_at":"2024-11-04T15:14:07.000Z","dependencies_parsed_at":"2024-11-04T16:26:13.033Z","dependency_job_id":"b183367f-0e81-4fd0-880b-f954cba73bb4","html_url":"https://github.com/datadavev/oauth_example","commit_stats":null,"previous_names":["datadavev/oauth_example"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datadavev%2Foauth_example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datadavev%2Foauth_example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datadavev%2Foauth_example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datadavev%2Foauth_example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datadavev","download_url":"https://codeload.github.com/datadavev/oauth_example/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241084310,"owners_count":19907091,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T02:49:51.579Z","updated_at":"2025-02-28T01:20:04.783Z","avatar_url":"https://github.com/datadavev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# README for oauth_example\n\nThis is a minimal example of cross-application authentication using FastAPI and ORCID.\n\nThere are two web apps here: `authenticate` which authenticates a user and returns the generated JWT, and `protected` which has a protected endpoint that requires an ORCID JWT to access.\n\nAlthough FastAPI is used as the web app here, the approach is not framework specific.\n\nA brief description is provided below, more detailed explanations in the source.\n\nSee also:\n\n* https://github.com/ORCID/ORCID-Source/blob/main/orcid-web/ORCID_AUTH_WITH_OPENID_CONNECT.md#authorization-code-flow\n* https://info.orcid.org/documentation/integration-and-api-faq/\n* https://gitlab.com/jorgecarleitao/starlette-oauth2-api/-/blob/master/starlette_oauth2_api.py\n* https://docs.authlib.org/en/latest/client/starlette.html\n* https://github.com/mpdavis/python-jose/blob/5ec9f48c1babcbfa62d433b29e55db8888c315ec/jose/jwt.py\n\n## Install\n\nCreate a virtual environment, then install using poetry. For example:\n\n```\ngit clone https://github.com/datadavev/oauth_example.git\ncd oauth_example\npython -m venv venv\nsource venv/bin/activate\npoetry install\n```\n\nOr if you are using `direnv`:\n\n```\ngit clone https://github.com/datadavev/oauth_example.git\ncd oauth_example\ndirenv allow\npoetry install\n```\n\n## authenticate\n\nThis app will authenticate via ORCID and present the resulting JWT.\n\nTo run the app, first visit ORCID, login, open the developer tools, and add an endpoint callback URL:\n\n```\nhttp://127.0.0.1:8000/oauthcallback\n```\n\nMake note of the Client ID and Client Secret for the next step.\n\nRun the server like:\n\n```\nexport ORCID_CLIENT_APP=\"Client ID\"\nexport ORCID_CLIENT_SECRET=\"client secret\"\nfastapi dev --port 8000 authenticate/app.py\n```\n\nVist `http://localhost:8000/auth` to log in via ORCID. The response page is JSON, the `id_token` property is the ORCID issued JWT value. \n\n\n## protected\n\nThis app has two end points: `/` which is publicly accessible and `/protected` which can only be accessed when the request includes a valid ORCID JWT.\n\nRun the server like:\n\n```\nfastapi dev --port 8001 protected/app.py\n```\n\nTest access like:\n\n```\nEXPORT TOKEN=\"the value of id_token from the authenticate app (or any other ORCID JWT)\"\n\ncurl -H \"Authorization: Bearer ${TOKEN}\" -s \"http://localhost:8001/protected\" | jq '.'\n{\n  \"message\": \"Protected endpoint\",\n  \"provider\": \"orcid\",\n  \"claims\": {\n    \"at_hash\": \"BVJZ...\",\n    \"aud\": \"APP-ZTT8BDD9D2LPQNFV\",\n    \"sub\": \"0000-0002-6513-4996\",\n    \"auth_time\": 1730729245,\n    \"iss\": \"https://orcid.org\",\n    \"name\": \"Dave Vieglais\",\n    \"exp\": 1730815697,\n    \"given_name\": \"David\",\n    \"iat\": 1730729297,\n    \"nonce\": \"cb9H3CrUN97Iu9ADyXe6\",\n    \"family_name\": \"Vieglais\",\n    \"jti\": \"a741f264...\"\n  }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatadavev%2Foauth_example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatadavev%2Foauth_example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatadavev%2Foauth_example/lists"}