Questions about the combination of this library and AuthenticationMiddleware

Question

Questions about the combination of this library and AuthenticationMiddleware

hidaris opened this issue 4 years ago · comments

John Smith commented 4 years ago

aioauth version: 0.1.4
Python version: 3.8.6
Operating System: manjaro 20.2

Description

I tried the example in the readme, but it's not quite clear how to combine it with AuthenticationMiddleware

What I Did

Add some persistent models to the examples in the readme

Rinat · Answer 1 · Mon Dec 21 2020 23:20:39 GMT+0800 (China Standard Time)

I think it doesn't depend on your OS
@hidaris

What error did you get?

Rinat · Answer 2 · Mon Dec 21 2020 23:21:45 GMT+0800 (China Standard Time)

@aliev how about removing OS from the issue template?

Ali Aliyev · Answer 3 · Tue Dec 22 2020 00:03:03 GMT+0800 (China Standard Time)

Hi, @hidaris. To access the request.user object fastapi as well as starlette requires the AuthenticationMiddleware.

Here is an example of how you can connect AuthenticationMiddleware to fastapi (JWT example):

from fastapi import FastAPI
from starlette.middleware.authentication import AuthenticationMiddleware
from starlette.authentication import (
    AuthCredentials,
    AuthenticationBackend,
    SimpleUser,
    UnauthenticatedUser,
)

class BasicAuthBackend(AuthenticationBackend):
    async def authenticate(self, request):
        # Get JWT token from user's cookies
        token = request.cookies.get("token")

        # Returns UnauthenticatedUser if token does not exists in cookies
        if not token:
            return AuthCredentials(), UnauthenticatedUser()

        # Checks the validity of the JWT token, if token is invalid returns UnauthenticatedUser object
        try:
            jwt_decoded = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
        except JWTError:
            return AuthCredentials(), UnauthenticatedUser()

        # In case if token is valid returns an object of the authorized user
        return AuthCredentials(["authenticated"]), SimpleUser(jwt_decoded["email"])

...
app = FastAPI()
app.add_middleware(AuthenticationMiddleware, backend=BasicAuthBackend())
...

Now in your views you can check whether the user is authorized or not:

...
user = None
if request.user.is_authenticated:
    user = request.user

return OAuth2Request(
    settings=settings,
    method=RequestMethod[method],
    headers=headers,
    post=Post(**post),
    query=Query(**query_params),
    url=url,
    user=user,
)

I would also recommend the fastapi-users project, which implements the user registration and authentication system for fastapi.

I also want to note that for aioauth.requests.Request the user argument is optional, if the user object is None, aioauth will consider that the user is not authorized.

John Smith · Answer 4 · Wed Dec 23 2020 12:37:17 GMT+0800 (China Standard Time)

Thanks for the detailed explanation！