Comments (7)
OK.. best way is to solve in a different layer https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization . I can confirm it works well.. at least for a SINGLE container app. (This feature is not available for multi container deployments yet, per the documentation as of today anyways).
from fastapi_msal.
Hi @jlerman44,
about this
I am trying to hide my documentation (so /docs, /redoc, and /openapi.json not accessible without msal login)
I'm not sure you can have a conditional documentation so only who is already authenticated can see them.
I will add that while the documentation feature in fastapi is amazing, it has its downsides and it is quite a headache to "hack" it. So I suggest either show it or hide.
If you wish to switch only the fastapi_msal parts this could be done via the configuration class MSALClientConfig
In the example provide you can set:
client_config: MSALClientConfig = MSALClientConfig()
client_config.show_in_docs = False # False currently is default
# you can also set your own customized routing paths
client_config.login_path = ... # This is the initial path to start the login process (should be call by the application client)
client_config.token_path = ... # This is the path that you provide to MS on the app registration process.
# it will be used by MS as the token call-back
client_config.logout_path = ... # This is the path the application client will use to logout the user
The docs are important only if you use them for the actual initialization process.
Indeed, if you will start with the docs the library will try to follow the already implemented OAuth2 path which is part of the open_api websites (hence the "strange" redirects you mentioned).
But if you are not going to use the docs at all - it won't be redirecting to them.
Though ideally this would be Microsoft based login.
This could be achieved by the following adaptations to your code:
- When you would like to show the client the login page - redirect to the login_path
the default login path is "/_login_route" - The callback url is the one set on the client config class - default is "/token"
Make sure to register "YOUR_URL/token" as part of the app registration process.
A short deep dive into the paths, router etc.
The router itself is implemented in the MSALAuthorization class.
There are two different token path classes:
GET operation method - this is useful if you wish to interact directly with the MS based login as mentioned.
Since MS callback is a GET call
POST operation method - this is useful if you use the documentation or any client which retrieve the token from MS and than forward the token to the API (This is the "offical" way of the OAuth2 flow - but I think it is not always correct to use it)
There are two different methods since they are also sourced from different places and holds different APIs.
To make the documentation and the MS direct approach work nice together I had to take this approach.
from fastapi_msal.
Thanks for these helpful pointers! I will probably press on to try to find a way to hide the /docs behind a username and password while keeping fastapi_msal working. This is really important to me. If you have further ideas here, please let me know!
Also, I think the redirect URL that is being used by default is YOUR_URL/docs/oauth2-redirect and not YOUR_URL/token. Is that strange?
from fastapi_msal.
This also can be closed.
from fastapi_msal.
Hi @jlerman44,
The strange behavior is the mixture of using the FastAPI OpenAPI documentation website to simulate the login etc. vs how this should be used in production.
To be honest, you have a very solid point which is related to non exist documentation for this project. I only now realise it is quite a complex... 😬
Must admit I'm not expert in that field and if you can assist with setting up the basic of it that would be amazing!
BTW I've created my own private poc basedr to what MS created in this repository:
https://github.com/Azure-Samples/ms-identity-python-webapp
If you believe you can find it useful, please let me know and I'll be happy to clean it up and share it.
from fastapi_msal.
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
from fastapi_msal.
This issue was closed because it has been stalled for 5 days with no activity.
from fastapi_msal.
Related Issues (20)
- Traceback when launching app contains error with itsdangerous HOT 8
- Document how to get a token for accessing the API via curl HOT 4
- How to get group claims? HOT 5
- Dependency overrides in unit testing HOT 1
- Expired token return Internal Server Error HOT 1
- Exception in ASGI Application When Running Sample from README HOT 17
- Wrong redirect URL when using README usage example HOT 2
- redirect_uri str type expected (type=type_error.str) HOT 2
- Migration to pydantic v2 (and pydantic-settings) HOT 1
- Question: How to access API outside of swagger page HOT 10
- [Auth bug] 500 instead of 401 when invalid auth token (JWT) is provived HOT 5
- Route to token_path is http when I need httpS per Azure application configuration HOT 2
- Cannot use B2C logins HOT 1
- Authority URL is now always returns as a b2c url. HOT 3
- Missing "groups" property on IDTokenClaim HOT 6
- Question: How to bypass MSAL authentication for unit testing? HOT 4
- Question: Cannot install fastapi_msal on Windows HOT 4
- How do I get past this stage to get the access token? HOT 2
- Logout with fastapi_msal HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastapi_msal.