docs: Document new extra for oauth2 support

jacobsvante · Mar 11, 2022 · 73e1696 · 73e1696
1 parent 1f8f779
commit 73e1696
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -10,6 +10,14 @@ Add authentication and authorization to your FastAPI app via dependencies.
 
 ## Installation
 
+With OAuth2/OIDC support:
+
+```bash
+pip install fastapi-security[oauth2]
+```
+
+With basic auth only:
+
 ```bash
 pip install fastapi-security
 ```

diff --git a/docs/index.md b/docs/index.md
@@ -2,24 +2,39 @@
 
 FastAPI-Security is a package that you can use together with [FastAPI](https://fastapi.tiangolo.com/) to easily add authentication and authorization.
 
+## Installation
+
+With OAuth2/OIDC support:
+
+```bash
+pip install fastapi-security[oauth2]
+```
+
+With basic auth only:
+
+```bash
+pip install fastapi-security
+```
+
 ## Key features
 
-- Authentication via JWT-based OAuth 2 access tokens and via Basic Auth
+With base install:
+- Authentication via HTTP Basic Auth
 - Pydantic-based `User` model for authenticated and anonymous users
-- Sub-classable `UserPermission` dependency to check against the `permissions` attribute returned in OAuth 2 access tokens
+- Limit endpoint access to authenticated users
+- Limit endpoint access to users with an explicit set of user permissions
+- Easily create endpoint for users to check their user info and permissions
+
+With extra `oauth2`:
+- Authentication via JWT-based OAuth 2 access tokens in addition to HTTP Basic Auth
 - Ability to extract user info from access tokens via OpenID Connect
+- Permissions are checked agains the `permissions` attribute returned in OAuth 2 access tokens
 
 ## Current limitations
 
 - Only supports validating access tokens using public keys from a JSON Web Key Set (JWKS) endpoint. I.e. for use with external identity providers such as Auth0 and ORY Hydra.
 - Permissions can only be picked up automatically from OAuth2 tokens, from the non-standard `permissions` list attribute (Auth0 provides this, maybe other identity providers as well). For all other use cases, `permission_overrides` must be used. For example if there's a basic auth user called `user1` you can set `permission_overrides={"user1": ["*"]}` to give the user access to all permissions, or `permission_overrides={"user1": ["products:create"]}` to only assign `user1` with the permission `products:create`.
 
-Installation
-
-```
-pip install fastapi-security
-```
-
 ## Usage example
 
 An example app using FastAPI-Security [can be found here](https://github.com/jacobsvante/fastapi-security/tree/main/examples).