happyz
/
fastapi
mirror of https://github.com/tiangolo/fastapi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🎨 [pre-commit.ci] Auto format from pre-commit.com hooks

This commit is contained in:
pre-commit-ci[bot] 2023-09-19 21:27:27 +00:00
parent 90ef000643
commit 11207e80f3
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/en/docs/tutorial/security/oidc-jwt.md
View File

@ -1,6 +1,6 @@
# OpenID Connect (OIDC) with JWT Access Tokens # OpenID Connect (OIDC) with JWT Access Tokens
For this tutorial we will be using OpenID Connect (OIDC) as an *authentication* layer that builds on top of the OAuth2 *authorization* layer. For this tutorial we will be using OpenID Connect (OIDC) as an *authentication* layer that builds on top of the OAuth2 *authorization* layer.
We will be using the Swagger UI to serve the OpenID Connect authentication flow. The **FastAPI** (default) router will implement a OAuth2 resource server that validates the JWT access tokens and grant access to the router's endpoints. We will be using the Swagger UI to serve the OpenID Connect authentication flow. The **FastAPI** (default) router will implement a OAuth2 resource server that validates the JWT access tokens and grant access to the router's endpoints.
@ -24,14 +24,14 @@ First, we will need to configure an Applicaton (i.e. Relying Party in OpenID-spe
* *Write down the client id* * *Write down the client id*
Then, we will select an authorization server to verify user identities and issue tokens for secure authentication and authorization of login requests: Then, we will select an authorization server to verify user identities and issue tokens for secure authentication and authorization of login requests:
!!! check "Step 2 - Configure authorization server to return a custom claim" !!! check "Step 2 - Configure authorization server to return a custom claim"
* Select/create a custom authorization server for the abovementioned application * Select/create a custom authorization server for the abovementioned application
* Create a custom claim with the name "`groups`". * Create a custom claim with the name "`groups`".
* Map the values to the groups of which the authenticated user is member of * Map the values to the groups of which the authenticated user is member of
* *Write down issuer URL* * *Write down issuer URL*
* *Write down audience* * *Write down audience*
Finally, we will need to create a user and a group named "`Foo`" to Finally, we will need to create a user and a group named "`Foo`" to
!!! check "Step 3 - Create a user and group" !!! check "Step 3 - Create a user and group"
* Create a group called "`Foo`" * Create a group called "`Foo`"
* Create a user * Create a user
@ -41,14 +41,14 @@ Finally, we will need to create a user and a group named "`Foo`" to
## Configure your **FastAPI** Application ## Configure your **FastAPI** Application
We assume a running pip environment with **FastAPI** installed (see [here](../../index.md#installation)). We assume a running pip environment with **FastAPI** installed (see [here](../../index.md#installation)).
This example contains a `AccessTokenValidator` that validates the JWT access tokens using the jwks url that is part of the oidc well known configuration. It requires a Python JavaScript Object Signing and Encryprion (JOSE) library, a HTTP client to fetch keysets and some cache utilities. This example contains a `AccessTokenValidator` that validates the JWT access tokens using the jwks url that is part of the oidc well known configuration. It requires a Python JavaScript Object Signing and Encryprion (JOSE) library, a HTTP client to fetch keysets and some cache utilities.
!!! check "Step 4 - Install AccessTokenValidator Dependencies" !!! check "Step 4 - Install AccessTokenValidator Dependencies"
```console ```console
pip install jose cachetools types-cachetools httpx pip install jose cachetools types-cachetools httpx
``` ```
You need to fill in the values in the .env file that you wrote down from the previous steps: You need to fill in the values in the .env file that you wrote down from the previous steps: