Create a centralized Authentication and Authorization token server. Easily secure FastAPI endpoints based on Users, Groups, Roles or Permissions with very little database usage.
Improved client token generation flow, Now: on /login a token is issued by EasyAuthServer & token_id is extracted from token to update local token store, and a task is created to update all other subsequent clients with the new token_id.
Improved response exceptions for 401's and 403's, ref path cookies are now correctly set on 401 responses with login prompts, JWT expiration.
Invalid signature will result in 401's instead of 500 status_code's due to token decode failures, expired tokens are no longer 403's but 401's to correctly trigger & notify requirement to authenticate again
improved & filtered logging exceptions from rpc framework to better indicate client -> server issues
added scheduler & recurring task for refreshing the token public rsa key from EasyAuthServer - needed when EasyAuthServer private key changes dynamically or for future server rotations
New Exception for improved error reporting combined with changes to log filtering on client
EasyAuthServer
token store updates are now ran as tasks to allow for concurrent updates & to prevent slow updates in case of a disconnected / restarting client
Improved router detection of web browsers on 401's to return a login prompt instead of a generic 401 message meant for API's
Improved error responses for unknown / revoked tokens - now returning 401's. 401's for web browsers are not better detected to return login prompt instead of generic API 401 response, Improved RSA token implementation, new RSA private keys are now assigned a random 52 char key_id to match best practices with JWK usage & improve public key generation & validation
Tests
Extended tests to sqlite, mysql & postgres tests now trigger docker-compose container setup respective to each db environment & server / client test
Added os environement hook for setting TEST_INIT_PASSWORD on fresh environments, to allow for a predictable admin password when testing
Description
EasyAuthClient
EasyAuthServer
Tests