Open woprandi opened 1 year ago
I have a similar issue. In my case, I have fastapi+starlette+strawberry+oidc. I am building a GraphQl API for the frontend. The backend API receives a bearer token in the header of the request. So, I need to check against the openid server that the token is valid and retrieve the user information related. Should I open a new issue to discuss this use case?
Hi, I don't quite understand the question. Currently, starlette/FastAPI has only the client integration, while you are comparing fastapi's client documentation with Flask's server documentation.
You're right it misses at least documentation to how protect resources with fastapi.
The doc explains well how to obtain an access token with starlette/fastapi framework https://docs.authlib.org/en/latest/client/fastapi.html and https://docs.authlib.org/en/latest/client/starlette.html But how to implements correctly token validation/renew when oauth client are also the resource server ? I saw a explanation for flask here https://docs.authlib.org/en/latest/flask/2/resource-server.html but not for starlette/fastapi.