Closed randyberos closed 11 months ago
Hi Randy,
In general, you will always exchange username / password for a token using the /login endpoint first, then use the token against protected endpoints. The token contains information such as permissions which the endpoint uses to decide if a user is allowed or not.
Let me know if this helps.
For our case, we would like to access the client APIs through a third party application QGIS and it would be tedious for our users if they need to go to another application and login to get a token that they will need to provide to the QGIS application to access our APIs. Is there a way for our client API to manually authenticate our users using the Basic Auth credentials they provide to our client endpoint?
@randyberos , here is one way to accomplish this with an EasyAuthClient
from fastapi import FastAPI
from easyauth.client import EasyAuthClient
from easyauth import get_user
server = FastAPI()
auth_client = EasyAuthClient.create(
server,
token_server='0.0.0.0',
token_server_port=8090,
auth_secret='abcd1234',
default_permissions={'groups': ['users']}
)
async def custom_authenticator(username: str, password: str) -> str:
token = await auth_client.rpc_server["easyauth"]["generate_auth_token"](
username, password
)
if not "access_token" in token:
message = (
"invalid username / password"
if "invalid username / password" in token
else token
)
raise Exception(message)
token = token["access_token"]
# extract token id from token to store in valid token store
token_id = self.decode_token(token)[1]["token_id"]
auth_client.store["tokens"][token_id] = ""
return token
This is a pretty good use case for a future enhancement of both EasyAuthServer & EasyAuthClient to provide a method that does exactly this. In summary, the client will pass the username / password to the connected EasyAuthServer via rpc & get a token, the token id will be cached locally as a valid token, then the token can be used on any endpoint attached with {"Authentication": "Bearer {token}"}
header
Thank you for this @codemation. 😊
I will try this approach in our application.
Hello, I have a fastapi API server as an easyauth client. Is it possible to authenticate the API routes in the client server using Basic Authentication?