fastapi-cloudauth supports simple integration between FastAPI and cloud authentication services (AWS Cognito, Auth0, Firebase Authentication). This standardize the interface for some authentication services.
- Verify access/id token
- Authenticate permission based on scope (or groups) within access token
- Get login user info (name, email, etc.) within ID token
- Dependency injection for verification/getting user, powered by FastAPI
- Support for:
- AWS Cognito
- Auth0
- Firebase Auth (Only ID token)
Python 3.6+
$ pip install fastapi-cloudauth- Check
regionanduserPoolIDof AWS Cognito that you manage to - Create a user assigned
read:userspermission in AWS Cognito - Get Access/ID token for the created user
NOTE: access token is valid for verification and scope-based authentication. ID token is valid for verification and getting user info from claims.
Create a file main.py with:
import os
from fastapi import FastAPI, Depends
from fastapi_cloudauth.cognito import Cognito, CognitoCurrentUser, CognitoClaims
app = FastAPI()
auth = Cognito(region=os.environ["REGION"], userPoolId=os.environ["USERPOOLID"])
@app.get("/", dependencies=[Depends(auth.scope("read:users"))])
def secure():
# access token is valid
return "Hello"
get_current_user = CognitoCurrentUser(
region=os.environ["REGION"], userPoolId=os.environ["USERPOOLID"]
)
@app.get("/user/")
def secure_user(current_user: CognitoClaims = Depends(get_current_user)):
# ID token is valid
return f"Hello, {current_user.username}"Run the server with:
$ uvicorn main:app
INFO: Started server process [15332]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)Go to http://127.0.0.1:8000/docs.
You will see the automatic interactive API documentation (provided by Swagger UI).
Authorize 🔓 button can be available at the endpoints injected dependency.
You can put token and try endpoint interactively.
- Check
domainof Auth0 that you manage to - Create a user assigned
read:userspermission in Auth0 - Get Access/ID token for the created user
Create a file main.py with:
import os
from fastapi import FastAPI, Depends
from fastapi_cloudauth.auth0 import Auth0, Auth0CurrentUser, Auth0Claims
app = FastAPI()
auth = Auth0(domain=os.environ["DOMAIN"])
@app.get("/", dependencies=[Depends(auth.scope("read:users"))])
def secure():
# access token is valid
return "Hello"
get_current_user = Auth0CurrentUser(domain=os.environ["DOMAIN"])
@app.get("/user/")
def secure_user(current_user: CognitoClaims = Depends(get_current_user)):
# ID token is valid
return f"Hello, {current_user.username}"Try to run the server and see interactive UI in the same way.
- Create a user in Firebase Authentication
- Get ID token for the created user
Create a file main.py with:
from fastapi import FastAPI, Depends
from fastapi_cloudauth.firebase import FirebaseCurrentUser, FirebaseClaims
app = FastAPI()
get_current_user = FirebaseCurrentUser()
@app.get("/user/")
def secure_user(current_user: FirebaseClaims = Depends(get_current_user)):
# ID token is valid
return f"Hello, {current_user.user_id}"Try to run the server and see interactive UI in the same way.
We can get values for current user by writing a few lines. For Auth0, ID token contains extra values as follows (Ref at Auth0 official doc):
{
"iss": "http://YOUR_DOMAIN/",
"sub": "auth0|123456",
"aud": "YOUR_CLIENT_ID",
"exp": 1311281970,
"iat": 1311280970,
"name": "Jane Doe",
"given_name": "Jane",
"family_name": "Doe",
"gender": "female",
"birthdate": "0000-10-31",
"email": "janedoe@example.com",
"picture": "http://example.com/janedoe/me.jpg"
}By default, Auth0CurrentUser gives pydantic.BaseModel object, which has username (name) and email fields.
Here is a sample code to extract extra user information (adding user_id):
from pydantic import Field
from fastapi_cloudauth.auth0 import Auth0Claims # base current user info model (inheriting `pydantic`).
# extend current user info model by `pydantic`.
class CustomAuth0Claims(Auth0Claims):
user_id: str = Field(alias="sub")
get_current_user = Auth0CurrentUser(domain=DOMAIN)
get_current_user.user_info = CustomAuth0Claims # override user info model by custom one.