FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account)
Project description
FastAPI SSO
FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 account).
This allows you to implement the famous Login with Google/Facebook/Microsoft buttons functionality on your backend very easily.
Supported login providers
Official
- Microsoft
- Spotify
- Fitbit
- Github (credits to Brandl for hint using
acceptheader) - generic (see docs)
Contributed
- Kakao (by Jae-Baek Song - thdwoqor)
See Contributing for a guide on how to contribute your own login provider.
Installation
Install using pip
pip install fastapi-sso
Install using poetry
poetry add fastapi-sso
Example
For more examples, see examples directory.
example.py
"""This is an example usage of fastapi-sso.
"""
from fastapi import FastAPI
from starlette.requests import Request
from fastapi_sso.sso.google import GoogleSSO
app = FastAPI()
google_sso = GoogleSSO("my-client-id", "my-client-secret", "https://my.awesome-web.com/google/callback")
@app.get("/google/login")
async def google_login():
"""Generate login url and redirect"""
return await google_sso.get_login_redirect()
@app.get("/google/callback")
async def google_callback(request: Request):
"""Process login response from Google and return user info"""
user = await google_sso.verify_and_process(request)
return {
"id": user.id,
"picture": user.picture,
"display_name": user.display_name,
"email": user.email,
"provider": user.provider,
}
Run using uvicorn example:app.
Specify redirect_uri on request time
In scenarios you cannot provide the redirect_uri upon the SSO class initialization, you may simply omit
the parameter and provide it when calling get_login_redirect method.
...
google_sso = GoogleSSO("my-client-id", "my-client-secret")
@app.get("/google/login")
async def google_login(request: Request):
"""Generate login url and redirect"""
return await google_sso.get_login_redirect(redirect_uri=request.url_for("google_callback"))
@app.get("/google/callback")
async def google_callback(request: Request):
...
Specify scope
Since 0.4.0 you may specify scope when initializing the SSO class.
from fastapi_sso.sso.microsoft import MicrosoftSSO
sso = MicrosoftSSO(client_id="client-id", client_secret="client-secret", scope=["openid", "email"])
Additional query parameters
Since 0.4.0 you may provide additional query parameters to be
sent to the login screen.
E.g. sometimes you want to specify access_type=offline or prompt=consent in order for
Google to return refresh_token.
async def google_login():
return await google_sso.get_login_redirect(
redirect_uri=request.url_for("google_callback"),
params={"prompt": "consent", "access_type": "offline"}
)
HTTP and development
You should always use https in production. But in case you need to test on localhost and do not want to
use self-signed certificate, make sure you set up redirect uri within your SSO provider to http://localhost:{port}
and then add this to your environment:
OAUTHLIB_INSECURE_TRANSPORT=1
And make sure you pass allow_insecure_http = True to SSO class' constructor, such as:
google_sso = GoogleSSO("client-id", "client-secret", allow_insecure_http=True)
See this issue for more information.
State
State is used in OAuth to make sure server is responding to the request we send. It may cause you trouble
as fastsapi-sso actually saves the state content as a cookie and attempts reading upon callback and this may
fail (e.g. when loging in from different domain then the callback is landing on). If this is your case,
you may want to disable state checking by passing use_state = False in SSO class's constructor, such as:
google_sso = GoogleSSO("client-id", "client-secret", use_state=False)
See more on state here.
Contributing
If you'd like to contribute and add your specific login provider, please see CONTRIBUTING.md file.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi-sso-0.6.3.tar.gz.
File metadata
- Download URL: fastapi-sso-0.6.3.tar.gz
- Upload date:
- Size: 10.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.12 CPython/3.10.0 Linux/5.15.0-50-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ca3ac83294bdde9af9e4a47fc5c5b258a4593cee5b5f890ece6de9a411f71503
|
|
| MD5 |
6053790997e6f7c7c6689f2dce259815
|
|
| BLAKE2b-256 |
9e328070aa43d3633e0c7bfd87149501aecb817485b6d3500273561be1e402c5
|
File details
Details for the file fastapi_sso-0.6.3-py3-none-any.whl.
File metadata
- Download URL: fastapi_sso-0.6.3-py3-none-any.whl
- Upload date:
- Size: 13.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.12 CPython/3.10.0 Linux/5.15.0-50-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a448ec3155c75ef877374627f88640b7e250b46f2e48518762ff46a376f91fdf
|
|
| MD5 |
6b0830919b10133332e4b1d3b648ee2f
|
|
| BLAKE2b-256 |
4d0ac30dd5aefa651b2ee86842e9e715277856c2006f892c870d7fee4dc5b8b7
|
