search

litestar-org / litestar

Production-ready, Light, Flexible and Extensible ASGI API framework | Effortlessly Build Performant APIs
https://litestar.dev/
MIT License
5.66k stars 384 forks source link

Enhancement: Auth0/Keycloak #2442

Open Saphyel opened 1 year ago

Saphyel commented 1 year ago

Summary

Would be possible to include documentation for this services in the documentation ?

They are becoming more common to use them (and their competitors) so I think having a section for them it would be great

Basic Example

No response

Drawbacks and Impact

No response

Unresolved questions

No response

[!NOTE]
Check out all issues funded or available for funding here: https://polar.sh/litestar-org

  • If you would like to see an issue prioritized, make a pledge towards it!
  • We receive the pledge once the issue is completed & verified

Fund with Polar

codespearhead commented 8 months ago

I'm not familiar with Litestar, but there's an MRE for FastAPI here: ilyesAj/keycloak-fastAPI-integration.

codespearhead commented 3 months ago

Found another one, and this one uses Litestar for the backend: https://github.com/GhentCDH/nuxt-keycloak-jwt-auth .

However, it's important to emphasize that without a well-maintained Python OAuth 2.x server implementation (covering both Authorization and Resource Servers) and a Python OpenID Connect 1.x (OIDC) client, it is impossible to securely and reliably integrate it into Litestar or into any other Python framework for that matter.

This issue is not unique to Python though: most ecosystems outside of Java and C# face the same challenge (see Certified Relying Party Libraries and Certified OpenID Provider Libraries).

The best approach would be to contribute to improving Authlib.

JacobCoffee commented 3 months ago

Re: authlib, we have an issue for tracking that impl.

https://github.com/lepture/authlib/issues/601

Yacobolo commented 3 months ago

Any news on this? Migrating from FASTAPI where i use Auth0. But am stuck getting it to work in litestar.

# app/auth/routes.py

from urllib.parse import quote_plus, urlencode, urljoin

from authlib.integrations.starlette_client import OAuth
from fastapi import APIRouter, Request
from fastapi.responses import RedirectResponse

from app.config import settings

router = APIRouter()

oauth = OAuth()
oauth.register(
    "auth0",
    client_id=settings.auth0_client_id,
    client_secret=settings.auth0_client_secret,  # Ensure you import the secret
    client_kwargs={
        "scope": "openid profile email",
    },
    server_metadata_url=f"https://{settings.auth0_domain}/.well-known/openid-configuration",
)

@router.get("/callback")
async def callback(request: Request):
    token = await oauth.auth0.authorize_access_token(request)

    request.session["user"] = token
    return RedirectResponse(url="/")

@router.get("/login")
async def login(request: Request):
    redirect_uri = request.url_for("callback")
    return await oauth.auth0.authorize_redirect(request, redirect_uri)

@router.get("/logout")
async def logout(request: Request):
    request.session.clear()
    return_to_url = urljoin(str(request.base_url), "/")
    logout_url = f"https://{settings.auth0_domain}/v2/logout?" + urlencode(
        {
            "returnTo": return_to_url,
            "client_id": settings.auth0_client_id,
        },
        quote_via=quote_plus,
    )
    return RedirectResponse(logout_url)
provinzkraut commented 3 months ago

Any news on this? Migrating from FASTAPI where i use Auth0. But am stuck getting it to work in litestar.

The issue seems to be that you're using the authlib Starlette integration, so you should probably ask this question over at authlib regarding plans for a Litestar integration. There's not much we can do here.

That being said, Auth0 has an SDK for Python, that you should be able to easily integrate into your Litestar application. You'd simply have to replace the authlib API shown in your example with the equivalent Auth0 SDK functionality :)