{"id":31539781,"url":"https://github.com/smk1085/smac-fastapi-auth","last_synced_at":"2026-04-14T06:33:24.300Z","repository":{"id":247087919,"uuid":"824915405","full_name":"SMK1085/smac-fastapi-auth","owner":"SMK1085","description":"Reusable code for authentication in Python backends using FastAPI","archived":false,"fork":false,"pushed_at":"2025-02-11T19:33:37.000Z","size":402,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-25T11:55:40.840Z","etag":null,"topics":["aws","cognito","fastapi","secrets-manager"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SMK1085.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-06T09:40:11.000Z","updated_at":"2024-12-29T11:07:40.000Z","dependencies_parsed_at":"2024-08-14T17:15:42.570Z","dependency_job_id":"7b3bd00a-439e-4092-bd4b-c396107b68f2","html_url":"https://github.com/SMK1085/smac-fastapi-auth","commit_stats":null,"previous_names":["smk1085/smac-fastapi-auth"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/SMK1085/smac-fastapi-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SMK1085%2Fsmac-fastapi-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SMK1085%2Fsmac-fastapi-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SMK1085%2Fsmac-fastapi-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SMK1085%2Fsmac-fastapi-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SMK1085","download_url":"https://codeload.github.com/SMK1085/smac-fastapi-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SMK1085%2Fsmac-fastapi-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278290999,"owners_count":25962669,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cognito","fastapi","secrets-manager"],"created_at":"2025-10-04T09:14:49.437Z","updated_at":"2025-10-04T09:14:51.110Z","avatar_url":"https://github.com/SMK1085.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SMAC: FastAPI Auth\n\n![GitHub Workflow](https://github.com/SMK1085/smac-fastapi-auth/actions/workflows/main.yaml/badge.svg)\n\nThis project contains the reusable code for authentication in Python backends using FastAPI.\nIt leverages Cognito User Pools and Secrets Manager for authentication.\n\n## Usage\n\nTBD\n\n### Authentication of Service Principals (Automation)\n\nThe authentication of service principals is done leveraging AWS Secrets Manager. The service principal needs to provide a token that and an identifier.\nThe name identifier is used to retrieve the secret from Secrets Manager. The token is validated against the secret.\nThe secret in Secrets Manager needs to be a JSON object with the following structure:\n\n```json\n{\n  \"token\": \"Secret Token\",\n  \"id\": \"Actual principal identifier of the service\"\n}\n```\n\n### Configuration (Environment Variables)\n\nConfiguration is done through environment variables. The following table lists the environment variables that can be used to configure the authentication.\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `SMAC__AUTH__USER_ID` | The claim name which contains the unique user identifier. | `email` |\n| `SMAC__AUTH__PROVIDER` | The provider name. | `NONE` |\n| `SMAC__AUTH__PROVIDER_COGNITO__CHECK_EXPIRATION` | Whether to check the expiration of the token. | `True` |\n| `SMAC__AUTH__PROVIDER_COGNITO__JWT_HEADER_PREFIX` | The prefix for the JWT header. | `Bearer` |\n| `SMAC__AUTH__PROVIDER_COGNITO__JWT_HEADER_NAME` | The name of the JWT header. | `Authorization` |\n| `SMAC__AUTH__PROVIDER_COGNITO__USERPOOLS__PRIMARY__REGION` | The region of the primary user pool. | `None` |\n| `SMAC__AUTH__PROVIDER_COGNITO__USERPOOLS__PRIMARY__USERPOOL_ID` | The ID of the primary user pool. | `None` |\n| `SMAC__AUTH__PROVIDER_COGNITO__USERPOOLS__PRIMARY__APP_CLIENT_ID` | The app client ID of the primary user pool. | `None` |\n| `SMAC__AUTH__PROVIDER_COGNITO__USERPOOLS__PRIMARY__DOMAIN` | The domain name of the primary user pool. | `None` |\n| `SMAC__AUTH__PROVIDER_COGNITO__USERPOOLS__SECONDARY__REGION` | The region of the secondary user pool. | `None` |\n| `SMAC__AUTH__PROVIDER_COGNITO__USERPOOLS__SECONDARY__USERPOOL_ID` | The ID of the secondary user pool. | `None` |\n| `SMAC__AUTH__PROVIDER_COGNITO__USERPOOLS__SECONDARY__APP_CLIENT_ID` | The app client ID of the secondary user pool. | `None` |\n| `SMAC__AUTH__PROVIDER_COGNITO__USERPOOLS__SECONDARY__DOMAIN` | The domain name of the secondary user pool. | `None` |\n| `SMAC__AUTH__AUTOMATION_PRINCIPALS__SECRETS_MANAGER__REGION` | The region of the Secrets Manager. | `None` |\n| `SMAC__AUTH__AUTOMATION_PRINCIPALS__SECRETS_MANAGER__PROFILE` | The AWS credentials profile to authenticate with. | `None` |\n| `SMAC__AUTH__AUTOMATION_PRINCIPALS__SECRETS_MANAGER__COMMON_PREFIX` | The common prefix for the secrets in the Secrets Manager. | `\"\"` |\n| `SMAC__AUTH__AUTOMATION_PRINCIPALS__ID_HEADER_NAME` | The name of the header containing the automation principal name. | `SMAC-Principal` |\n| `SMAC__AUTH__AUTOMATION_PRINCIPALS__TOKEN_HEADER_NAME` | The name of the header containing the automation principal token. | `SMAC-Token` |\n\nNote: The secondary user pool is entirely optional. If it is configured, keep in mind that the `SMAC__AUTH__USER_ID` cannot be set to `sub` as the user pools create the sub claim automatically. It is advised to use the email address as the user identifier in this case so that the application logic does not need to differentiate between the primary and secondary user pools.\n\n## Development\n\n### Setup\n\n1. Install [Poetry](https://python-poetry.org/docs/#installation)\n2. Install dependencies:\n\n    ```bash\n    poetry config virtualenvs.in-project true\n    poetry install --with dev\n\n    # Install pre-commit hooks\n    poetry run pre-commit install\n    ```\n\n3. Run tests:\n\n    ```bash\n    poetry run pytest --cov .\n    ```\n\n## Releases\n\nReleases are done automatically using [python-semantic-release](https://python-semantic-release.readthedocs.io/en/latest/commit-parsing.html).\n\nRefer to the [CHANGELOG](CHANGELOG.md) for the release history.\n\nNote that minor releases are done, if the underlying fastapi version changes. This is to ensure that the package is compatible with the latest fastapi version and to address any security vulnerabilities.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmk1085%2Fsmac-fastapi-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmk1085%2Fsmac-fastapi-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmk1085%2Fsmac-fastapi-auth/lists"}