Skip to content

webclinic017/auth0-python-fastapi-sample

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
application
application
 
 
.example.config
.example.config
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Auth0 + Python + FastAPI API Seed

This is the seed project you need to use if you're going to create an API using FastAPI in Python and Auth0. If you just want to create a Regular Python WebApp, please check this project

Running the example

In order to run the example you need to have python3 (any version higher than 3.6) and pip3 installed.

Configuration

Configuration

The configuration you'll need is mostly information from Auth0, you'll need both the tentant domain and the API information.

This app reads its configuration information from a .config file by default.

To create a .config file you can copy the .example.config file and fill the values accordingly:

cp .example.config .config
# update the config file for the correct values
export ENV='.config'

You can change this behavior by setting the following environment variables (remember to update the values accordingly):

export ENV='variables'
export DOMAIN='your.domain.auth0.com'
export API_AUDIENCE='your.api.audience'
export ISSUER='https://your.domain.auth0.com'
export ALGORITHMS='RS256'

Spin up the server

Once you've set your environment information below you'll find the commands you'll need.

  1. Create and activate a python environment:
python3 -m venv .env
source .env/bin/bash
  1. Install the needed dependencies with:
pip install -r requirements.txt
  1. Start the server with the following:
uvicorn application.main:app
  1. Try calling http://localhost:8000/api/public
curl -X 'GET' \
  'http://localhost:8000/api/public' \
  -H 'accept: application/json'

API documentation

Access http://localhost:8000/docs. From there you'll see all endpoints and can test your API

Testing the API

Private endpoint

You can then try to do a GET to http://localhost:8000/api/private which will throw an error if you don't send an access token signed with RS256 with the appropriate issuer and audience in the Authorization header.

curl -X 'GET' \
  'http://localhost:8000/api/private' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer  <FILL YOUR TOKEN HERE>'

Private-Scoped endpoint

You can also try to do a GET to http://localhost:8000/api/private-scoped which will throw an error if you don't send an access token with the scope read:messages signed with RS256 with the appropriate issuer and audience in the Authorization header.

curl -X 'GET' \
  'http://localhost:8000/api/private-scoped' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer  <FILL YOUR TOKEN WITH SCOPES HERE>'

About

Code sample for a protected API in FastAPI for Python

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%