Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/bakdata/python-keycloak-oauth

Keycloak authentication for Python projects with optional integrations for FastAPI & Starlette-Admin
https://github.com/bakdata/python-keycloak-oauth

fastapi keycloak starlette-admin

Last synced: 12 months ago
JSON representation

Keycloak authentication for Python projects with optional integrations for FastAPI & Starlette-Admin

Awesome Lists containing this project

README 

          
# python-keycloak-oauth



Keycloak OAuth client for Python projects with optional integrations for [FastAPI](https://github.com/tiangolo/fastapi) & [Starlette-Admin](https://github.com/jowilf/starlette-admin).



## Getting started



### FastAPI



```sh

pip install keycloak-oauth[fastapi]

```



```python

from typing import Annotated

from fastapi import FastAPI, Request, Depends

from starlette.middleware.sessions import SessionMiddleware

from backend.settings import settings, BASE_URL, SECRET_KEY  # secrets

from keycloak_oauth import KeycloakOAuth2



keycloak = KeycloakOAuth2(

    client_id=settings.keycloak.client_id,

    client_secret=settings.keycloak.client_secret,

    server_metadata_url=str(settings.keycloak.server_metadata_url),

    client_kwargs=settings.keycloak.client_kwargs,

    base_url=BASE_URL,

)

# create router and register API endpoints

keycloak.setup_fastapi_routes()



app = FastAPI()

app.add_middleware(SessionMiddleware, secret_key=SECRET_KEY)

app.include_router(keycloak.router, prefix="/auth")



@app.get("/")

def index(

    request: Request, user: Annotated[User, Depends(KeycloakOAuth2.get_user)]

):

    """Protected endpoint, will return 401 Unauthorized if not signed in."""

    return f"Hello {user.name}"

```



We now expose the API endpoints for Keycloak:



- `/auth/login`: redirect to Keycloak login page

- `/auth/callback`: authorize user with Keycloak access token

- `/auth/logout`: deauthorize user and redirect to the logout page



### Starlette-Admin



```sh

pip install keycloak-oauth[starlette-admin]

```



```python

from starlette.middleware.sessions import SessionMiddleware

from starlette_admin.contrib.sqla import Admin

from backend.settings import settings, BASE_URL, SECRET_KEY  # secrets

from keycloak_oauth import KeycloakOAuth2

from keycloak.starlette_admin import KeycloakAuthProvider



keycloak = KeycloakOAuth2(

    client_id=settings.keycloak.client_id,

    client_secret=settings.keycloak.client_secret,

    server_metadata_url=str(settings.keycloak.server_metadata_url),

    client_kwargs=settings.keycloak.client_kwargs,

    base_url=BASE_URL,

)



admin = Admin(

    # engine,

    title=...,

    base_url=BASE_URL,

    auth_provider=KeycloakAuthProvider(keycloak),

    middlewares=[Middleware(SessionMiddleware, secret_key=SECRET_KEY)],

)



admin.add_view(...)

```



## Development



If you want to contribute to this project, you can simply clone the repository and run `poetry install --all-extras`.



Please also run `pre-commit install` for linting and enforcing a consistent code style.



## Contributing



We are happy if you want to contribute to this project. If you find any bugs or have suggestions for improvements, please open an issue. We are also happy to accept your PRs. Just open an issue beforehand and let us know what you want to do and why.



## License



This project is licensed under the MIT license. Have a look at the [LICENSE](LICENSE) for more details.