mirror
/
tiangolo.fastapi
mirror of https://github.com/tiangolo/fastapi
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

🎨 [pre-commit.ci] Auto format from pre-commit.com hooks

pull/10278/head
pre-commit-ci[bot] 2 years ago
parent
90ef000643
commit
11207e80f3
1 changed files with 5 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      docs/en/docs/tutorial/security/oidc-jwt.md

10
docs/en/docs/tutorial/security/oidc-jwt.md
View File

@ -1,6 +1,6 @@
# OpenID Connect (OIDC) with JWT Access Tokens
For this tutorial we will be using OpenID Connect (OIDC) as an *authentication* layer that builds on top of the OAuth2 *authorization* layer.
For this tutorial we will be using OpenID Connect (OIDC) as an *authentication* layer that builds on top of the OAuth2 *authorization* layer.
We will be using the Swagger UI to serve the OpenID Connect authentication flow. The **FastAPI** (default) router will implement a OAuth2 resource server that validates the JWT access tokens and grant access to the router's endpoints.
@ -24,14 +24,14 @@ First, we will need to configure an Applicaton (i.e. Relying Party in OpenID-spe
* *Write down the client id*
Then, we will select an authorization server to verify user identities and issue tokens for secure authentication and authorization of login requests:
!!! check "Step 2 - Configure authorization server to return a custom claim"
!!! check "Step 2 - Configure authorization server to return a custom claim"
* Select/create a custom authorization server for the abovementioned application
* Create a custom claim with the name "`groups`".
* Map the values to the groups of which the authenticated user is member of
* *Write down issuer URL*
* *Write down audience*
Finally, we will need to create a user and a group named "`Foo`" to
Finally, we will need to create a user and a group named "`Foo`" to
!!! check "Step 3 - Create a user and group"
* Create a group called "`Foo`"
* Create a user
@ -41,14 +41,14 @@ Finally, we will need to create a user and a group named "`Foo`" to
## Configure your **FastAPI** Application
We assume a running pip environment with **FastAPI** installed (see [here](../../index.md#installation)).
We assume a running pip environment with **FastAPI** installed (see [here](../../index.md#installation)).
This example contains a `AccessTokenValidator` that validates the JWT access tokens using the jwks url that is part of the oidc well known configuration. It requires a Python JavaScript Object Signing and Encryprion (JOSE) library, a HTTP client to fetch keysets and some cache utilities.
!!! check "Step 4 - Install AccessTokenValidator Dependencies"
```console
pip install jose cachetools types-cachetools httpx
pip install jose cachetools types-cachetools httpx
```
You need to fill in the values in the .env file that you wrote down from the previous steps:

Write Preview
Loading…
Cancel
Save