From 11207e80f339399c842dc5bc31e5add24cd1749e Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 19 Sep 2023 21:27:27 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=A8=20[pre-commit.ci]=20Auto=20format?= =?UTF-8?q?=20from=20pre-commit.com=20hooks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/en/docs/tutorial/security/oidc-jwt.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/en/docs/tutorial/security/oidc-jwt.md b/docs/en/docs/tutorial/security/oidc-jwt.md index 839d828a8..b7939827c 100644 --- a/docs/en/docs/tutorial/security/oidc-jwt.md +++ b/docs/en/docs/tutorial/security/oidc-jwt.md @@ -1,6 +1,6 @@ # OpenID Connect (OIDC) with JWT Access Tokens -For this tutorial we will be using OpenID Connect (OIDC) as an *authentication* layer that builds on top of the OAuth2 *authorization* layer. +For this tutorial we will be using OpenID Connect (OIDC) as an *authentication* layer that builds on top of the OAuth2 *authorization* layer. We will be using the Swagger UI to serve the OpenID Connect authentication flow. The **FastAPI** (default) router will implement a OAuth2 resource server that validates the JWT access tokens and grant access to the router's endpoints. @@ -24,14 +24,14 @@ First, we will need to configure an Applicaton (i.e. Relying Party in OpenID-spe * *Write down the client id* Then, we will select an authorization server to verify user identities and issue tokens for secure authentication and authorization of login requests: -!!! check "Step 2 - Configure authorization server to return a custom claim" +!!! check "Step 2 - Configure authorization server to return a custom claim" * Select/create a custom authorization server for the abovementioned application * Create a custom claim with the name "`groups`". * Map the values to the groups of which the authenticated user is member of * *Write down issuer URL* * *Write down audience* -Finally, we will need to create a user and a group named "`Foo`" to +Finally, we will need to create a user and a group named "`Foo`" to !!! check "Step 3 - Create a user and group" * Create a group called "`Foo`" * Create a user @@ -41,14 +41,14 @@ Finally, we will need to create a user and a group named "`Foo`" to ## Configure your **FastAPI** Application -We assume a running pip environment with **FastAPI** installed (see [here](../../index.md#installation)). +We assume a running pip environment with **FastAPI** installed (see [here](../../index.md#installation)). This example contains a `AccessTokenValidator` that validates the JWT access tokens using the jwks url that is part of the oidc well known configuration. It requires a Python JavaScript Object Signing and Encryprion (JOSE) library, a HTTP client to fetch keysets and some cache utilities. !!! check "Step 4 - Install AccessTokenValidator Dependencies" ```console - pip install jose cachetools types-cachetools httpx + pip install jose cachetools types-cachetools httpx ``` You need to fill in the values in the .env file that you wrote down from the previous steps: