first working version of the OAuth2 authentication

.vscode/launch.json

@@ -15,7 +15,7 @@
                 "host_server": "localhost",
                 "database_name": "fastapi",
                 "ssl_mode": "prefer",
-                "db_server_port": "5432"
+                "db_server_port": "5432",
             },
             "args": [
                 "main:app",

main.py

@@ -1,13 +1,87 @@
+import json
 from typing import Annotated
+from authlib.integrations.starlette_client import OAuth, OAuthError
+from starlette.config import Config
+from fastapi import Depends, FastAPI, Request
+from fastapi.staticfiles import StaticFiles
+from fastapi.templating import Jinja2Templates
+from pydantic_settings import BaseSettings, SettingsConfigDict
+from starlette.middleware.sessions import SessionMiddleware
+# from fastapi.security import OAuth2AuthorizationCodeBearer
+from starlette.responses import HTMLResponse, RedirectResponse
 
-from fastapi import Depends, FastAPI
-from fastapi.security import OAuth2PasswordBearer
+
+class Settings(BaseSettings):
+    client_id: str
+    client_secret: str
+
+    # File '.env' will be read
+    model_config = SettingsConfigDict(env_file=".env")
+settings = Settings()
+
+config = Config('.oauth_env')  # read config from .env file
+
+oauth = OAuth(config)
+
+# print(f"client_id: {config.get('client_id', None)}")
+oauth.register(
+    name='cbase',
+    server_metadata_url='https://c-base.org/oauth/.well-known/openid-configuration/',
+    client_id=settings.client_id,
+    client_secret=settings.client_secret,
+    client_kwargs={
+        'scope': 'openid',
+    }
+)
 
 app = FastAPI()
+# oauth2_scheme = OAuth2AuthorizationCodeBearer(scopes={"openid": "openid"}, authorizationUrl="https://c-base.org/oauth/authorize/", tokenUrl="https://c-base.org/oauth/token/")
+app.add_middleware(SessionMiddleware, secret_key="secret-string")
+templates = Jinja2Templates(directory="templates")
+# Static files
+app.mount("/static", StaticFiles(directory="static"), name="static")
+
+
+@app.get('/')
+async def homepage(request: Request):
+    user = request.session.get('user')
+    if user:
+        context = {
+            "data": json.dumps(user),
+            "user": user,
+            "request": request
+        }
+        return templates.TemplateResponse("index.html", context)
+    return templates.TemplateResponse("index_login_required.html", {"request": request})
+
+@app.get('/logout')
+async def logout(request: Request):
+    request.session.clear()
+    return RedirectResponse(url='/')
+
+
+@app.route('/login')
+async def login(request: Request):
+    user = request.session.get('user')
+    if user:
+        return RedirectResponse(url='/')
+    # absolute url for callback
+    # we will define it below
+    redirect_uri = request.url_for('auth')
+    print(redirect_uri)
+    return await oauth.cbase.authorize_redirect(request, redirect_uri)
+
+
+@app.route('/auth')
+async def auth(request: Request):
+    token = await oauth.cbase.authorize_access_token(request)
+    user = token.get('userinfo')
+    if user:
+        request.session['user'] = dict(user)
+    return RedirectResponse(url='/')
 
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
 
 
-@app.get("/items/")
-async def read_items(token: Annotated[str, Depends(oauth2_scheme)]):
-    return {"token": token}
+# @app.get("/items/")
+#async def read_items(token: Annotated[str, Depends(oauth)]):
+#    return {"token": token}

pyproject.toml

@@ -10,6 +10,11 @@ readme = "README.md"
 python = "^3.10"
 fastapi = "^0.103.1"
 uvicorn = "^0.23.2"
+authlib = "1.2.1"
+httpx = "^0.24.1"
+itsdangerous = "^2.1.2"
+pydantic-settings = "^2.0.3"
+jinja2 = "^3.1.2"
 
 
 [build-system]

static/css/style.css

@@ -0,0 +1,3 @@
+body {
+    font-family: sans-serif;
+}

templates/base.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>ctatus.c-base.org</title>
+    <link rel="stylesheet" href="/static/css/style.css">
+  </head>
+  <body>
+    {% block content %}{% endblock content %}
+	<script src="index.js"></script>
+  </body>
+</html>

templates/index.html

@@ -0,0 +1,12 @@
+{% extends "base.html" %}
+
+{% block content %}
+<h1>Hallo {{ user.preferred_username }}</h1>
+<p><a href="/logout/">Logout</a></p>
+<p>
+    A "shields-up" or "open" status does not mean that c-base is necessarily open:
+    <ul>
+
+    </ul>
+</p>
+{% endblock content %}

templates/index_login_required.html

@@ -0,0 +1,7 @@
+{% extends "base.html" %}
+
+{% block content %}
+<h1>Login Required</h1>
+<p>You need to be logged-in in order to use this service</h1>
+<p><a href="/login/">Login with c-base Oauth2</a></p>
+{% endblock content %}