An isolated example to show authorization-code oauth flow in fastapi for web application flow + simple HttpBearer route dependency.
- Log into
- Settings > Developer Settings > Oauth Apps > New oauth App
- Fill out the form
<some-name>http://localhost:8000<some-description>http://localhost:8000/auth/login
- Generate a ClientSecret (and don't paste it anywhere)
- Copy
ClientID&ClientSecret - Add your required scopes from https://docs..com/
- Put it into and
.env - Take a look at the documentation @ https://docs..com/
The device flow isn't covered here at all. This example shows a simple web application flow using fastapis onboard utilities.
- Request user permissions for provided scopes (
/auth/request)
- Let your user authenticate the oauth app permission request
- will forward to your
CALLBACK_URL(/auth/login)
- Recieve code from and use it to provide the satisfied
acces_token(/auth/login) - Use the recieved
acces_tokenfrom step 2 to verify it using the API
- Output look like:
{"Id":<UserId>,"Login":"<Login>","Token":"<UserToken>","Message":"Happy hacking :D"}
- Use
HttpBearer, to bear the token and use it as dependency for our routes - These routes are only accessible for authenticated users (requests with valid
access_token) - See the example with
secure/content
git clone [email protected]:arrrrrmin/fastapi--oauth.git
cd fastapi--oauth
poetry install
poetry shell
uvicorn app.main:app --reload- Do the setup for your Oauth application create some oauth app
- Do API setup stuff with Install stuff with poetry
- Open the file in
examples/example.html - Click the link
- Happy hacking ๐