Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/harrymwinters/fastapi-oidc

Verify and decrypt 3rd party OIDC ID tokens to protect your fastapi (https://github.com/tiangolo/fastapi) endpoints.
https://github.com/harrymwinters/fastapi-oidc

fastapi oidc oidc-resource-server

Last synced: 5 days ago
JSON representation

Verify and decrypt 3rd party OIDC ID tokens to protect your fastapi (https://github.com/tiangolo/fastapi) endpoints.

Host: GitHub
URL: https://github.com/harrymwinters/fastapi-oidc
Owner: HarryMWinters
License: mit
Created: 2020-08-23T00:42:10.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2025-02-11T19:03:28.000Z (9 days ago)
Last Synced: 2025-02-15T08:42:18.060Z (5 days ago)
Topics: fastapi, oidc, oidc-resource-server
Language: Python
Homepage:
Size: 330 KB
Stars: 75
Watchers: 4
Forks: 16
Open Issues: 11
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # FastAPI OIDC



    

       

    

    

        

    

    

       

    



---

:warning: **See [this issue](https://github.com/HarryMWinters/fastapi-oidc/issues/1) for

simple role-your-own example of checking OIDC tokens.**

Verify and decrypt 3rd party OIDC ID tokens to protect your

[fastapi](https://github.com/tiangolo/fastapi) endpoints.

**Documentation:** [ReadTheDocs](https://fastapi-oidc.readthedocs.io/en/latest/)

**Source code:** [Github](https://github.com/HarryMWinters/fastapi-oidc)

## Installation

`pip install fastapi-oidc`

## Usage

### Verify ID Tokens Issued by Third Party

This is great if you just want to use something like Okta or google to handle

your auth. All you need to do is verify the token and then you can extract user ID info

from it.

```python3

from fastapi import Depends

from fastapi import FastAPI

# Set up our OIDC

from fastapi_oidc import IDToken

from fastapi_oidc import get_auth

OIDC_config = {

    "client_id": "0oa1e3pv9opbyq2Gm4x7",

    # Audience can be omitted in which case the aud value defaults to client_id

    "audience": "https://yourapi.url.com/api",

    "base_authorization_server_uri": "https://dev-126594.okta.com",

    "issuer": "dev-126594.okta.com",

    "signature_cache_ttl": 3600,

}

authenticate_user: Callable = get_auth(**OIDC_config)

app = FastAPI()

@app.get("/protected")

def protected(id_token: IDToken = Depends(authenticate_user)):

    return {"Hello": "World", "user_email": id_token.email}

```

#### Using your own tokens

The IDToken class will accept any number of extra field but if you want to craft your

own token class and validation that's accounted for too.

```python3

class CustomIDToken(fastapi_oidc.IDToken):

    custom_field: str

    custom_default: float = 3.14

authenticate_user: Callable = get_auth(**OIDC_config, token_type=CustomIDToken)

app = FastAPI()

@app.get("/protected")

def protected(id_token: CustomIDToken = Depends(authenticate_user)):

    return {"Hello": "World", "user_email": id_token.custom_default}

```