Multiple providers and unit tests (GH-13)

Author: ArtyomVancyan

README.md

@@ -9,12 +9,6 @@
 FastAPI OAuth2 is a middleware-based social authentication mechanism supporting several auth providers. It depends on
 the [social-core](https://github.com/python-social-auth/social-core) authentication backends.
 
-## Features to be implemented
-
-- Use multiple OAuth2 providers at the same time
-    * There need to be provided a way to configure the OAuth2 for multiple providers
-- Customizable OAuth2 routes
-
 ## Installation
 
 ```shell

examples/demonstration/.env

@@ -1,5 +1,10 @@
-OAUTH2_CLIENT_ID=eccd08d6736b7999a32a
-OAUTH2_CLIENT_SECRET=642999c1c5f2b3df8b877afdc78252ef5b594d31
+# These id and secret are generated especially for testing purposes,
+# if you have your own, please use them, otherwise you can use these.
+OAUTH2_GITHUB_CLIENT_ID=eccd08d6736b7999a32a
+OAUTH2_GITHUB_CLIENT_SECRET=642999c1c5f2b3df8b877afdc78252ef5b594d31
+
+OAUTH2_GOOGLE_CLIENT_ID=105851609656-uueuan570963mnnf4288nv40eieh9f5l.apps.googleusercontent.com
+OAUTH2_GOOGLE_CLIENT_SECRET=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
 
 JWT_SECRET=secret
 JWT_ALGORITHM=HS256

examples/demonstration/config.py

@@ -2,6 +2,7 @@
 
 from dotenv import load_dotenv
 from social_core.backends.github import GithubOAuth2
+from social_core.backends.google import GoogleOAuth2
 
 from fastapi_oauth2.claims import Claims
 from fastapi_oauth2.client import OAuth2Client
@@ -17,14 +18,22 @@
     clients=[
         OAuth2Client(
             backend=GithubOAuth2,
-            client_id=os.getenv("OAUTH2_CLIENT_ID"),
-            client_secret=os.getenv("OAUTH2_CLIENT_SECRET"),
-            # redirect_uri="http://127.0.0.1:8000/",
+            client_id=os.getenv("OAUTH2_GITHUB_CLIENT_ID"),
+            client_secret=os.getenv("OAUTH2_GITHUB_CLIENT_SECRET"),
             scope=["user:email"],
             claims=Claims(
                 picture="avatar_url",
                 identity=lambda user: "%s:%s" % (user.get("provider"), user.get("id")),
             ),
         ),
+        OAuth2Client(
+            backend=GoogleOAuth2,
+            client_id=os.getenv("OAUTH2_GOOGLE_CLIENT_ID"),
+            client_secret=os.getenv("OAUTH2_GOOGLE_CLIENT_SECRET"),
+            scope=["openid", "profile", "email"],
+            claims=Claims(
+                identity=lambda user: "%s:%s" % (user.get("provider"), user.get("sub")),
+            ),
+        ),
     ]
 )

examples/demonstration/main.py

@@ -1,5 +1,6 @@
 from fastapi import APIRouter
 from fastapi import FastAPI
+from fastapi.staticfiles import StaticFiles
 from sqlalchemy.orm import Session
 
 from config import oauth2_config
@@ -24,16 +25,18 @@ async def on_auth(auth: Auth, user: User):
     db: Session = next(get_db())
     query = db.query(UserModel)
     if user.identity and not query.filter_by(identity=user.identity).first():
+        # create a local user by OAuth2 user's data if it does not exist yet
         UserModel(**{
-            "identity": user.get("identity"),
-            "username": user.get("username"),
-            "image": user.get("image"),
-            "email": user.get("email"),
-            "name": user.get("name"),
+            "identity": user.identity,  # User property
+            "username": user.get("username"),  # custom attribute
+            "name": user.display_name,  # User property
+            "image": user.picture,  # User property
+            "email": user.email,  # User property
         }).save(db)
 
 
 app = FastAPI()
 app.include_router(app_router)
 app.include_router(oauth2_router)
+app.mount("/static", StaticFiles(directory="static"), name="static")
 app.add_middleware(OAuth2Middleware, config=oauth2_config, callback=on_auth)

examples/demonstration/static/github.svg

@@ -21,18 +21,30 @@
             <a href="/auth" style="display: flex; align-items: center; color: #dfdfd6; margin-right: 1rem; text-decoration: none;">
                 Simulate Login
             </a>
-            <a href="/oauth2/github/auth" style="display: flex; align-items: center;">
-                <svg style="height: 50px; width: 50px;" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16">
-                    <path fill="#dfdfd6" d="M7.499,1C3.91,1,1,3.906,1,7.49c0,2.867,1.862,5.299,4.445,6.158C5.77,13.707,6,13.375,6,13.125 c0-0.154,0.003-0.334,0-0.875c-1.808,0.392-2.375-0.875-2.375-0.875c-0.296-0.75-0.656-0.963-0.656-0.963 c-0.59-0.403,0.044-0.394,0.044-0.394C3.666,10.064,4,10.625,4,10.625c0.5,0.875,1.63,0.791,2,0.625 c0-0.397,0.044-0.688,0.154-0.873C4.111,10.02,2.997,8.84,3,7.208c0.002-0.964,0.335-1.715,0.876-2.269 C3.639,4.641,3.479,3.625,3.961,3c1.206,0,1.927,0.873,1.927,0.873s0.565-0.248,1.61-0.248c1.045,0,1.608,0.234,1.608,0.234 S9.829,3,11.035,3c0.482,0.625,0.322,1.641,0.132,1.918C11.684,5.461,12,6.21,12,7.208c0,1.631-1.11,2.81-3.148,3.168 C8.982,10.572,9,10.842,9,11.25c0,0.867,0,1.662,0,1.875c0,0.25,0.228,0.585,0.558,0.522C12.139,12.787,14,10.356,14,7.49 C14,3.906,11.09,1,7.499,1z"></path>
-                </svg>
-            </a>
+            {% for provider in request.auth.clients %}
+                <a href="/oauth2/{{ provider }}/auth" style="display: flex; align-items: center;">
+                    <img
+                            alt="{{ provider }} icon"
+                            src="/static/{{ provider }}.svg"
+                            style="width: 50px; height: 50px; margin-right: 1rem;"
+                    >
+                </a>
+            {% endfor %}
         {% endif %}
     </div>
 </header>
 <section
         style="display: flex; flex-direction: column; align-items: center; justify-content: center; height: calc(100vh - 70px);">
     {% if request.user.is_authenticated %}
         <h1>Hi, {{ request.user.display_name }}</h1>
+        <h3>
+            You're signed in using
+            {% if request.auth.provider %}
+                external {{ request.auth.provider.provider }} OAuth2 provider.
+            {% else %}
+                local authentication system.
+            {% endif %}
+        </h3>
         <p>This is what your JWT contains currently</p>
         <pre>{{ json.dumps(request.user, indent=4) }}</pre>
     {% else %}

examples/demonstration/static/google-oauth2.svg

@@ -27,7 +27,7 @@ license_files = LICENSE
 platforms = unix, linux, osx, win32
 classifiers =
     Operating System :: OS Independent
-    Development Status :: 2 - Pre-Alpha
+    Development Status :: 3 - Alpha
     Framework :: FastAPI
     Programming Language :: Python
     Programming Language :: Python :: 3

examples/demonstration/templates/index.html

@@ -1 +1 @@
-__version__ = "1.0.0-alpha.1"
+__version__ = "1.0.0-alpha.2"

setup.cfg

@@ -10,6 +10,7 @@
 
 import httpx
 from oauthlib.oauth2 import WebApplicationClient
+from oauthlib.oauth2.rfc6749.errors import CustomOAuth2Error
 from social_core.backends.oauth import BaseOAuth2
 from social_core.strategy import BaseStrategy
 from starlette.exceptions import HTTPException
@@ -46,9 +47,10 @@ class OAuth2Core:
 
     client_id: str = None
     client_secret: str = None
-    callback_url: Optional[str] = None
     scope: Optional[List[str]] = None
     claims: Optional[Claims] = None
+    provider: str = None
+    redirect_uri: str = None
     backend: BaseOAuth2 = None
     _oauth_client: Optional[WebApplicationClient] = None
 
@@ -108,9 +110,12 @@ async def token_redirect(self, request: Request) -> RedirectResponse:
         auth = httpx.BasicAuth(self.client_id, self.client_secret)
         async with httpx.AsyncClient() as session:
             response = await session.post(token_url, headers=headers, content=content, auth=auth)
-            token = self.oauth_client.parse_request_body_response(json.dumps(response.json()))
-            token_data = self.standardize(self.backend.user_data(token.get("access_token")))
-            access_token = request.auth.jwt_create(token_data)
+            try:
+                token = self.oauth_client.parse_request_body_response(json.dumps(response.json()))
+                token_data = self.standardize(self.backend.user_data(token.get("access_token")))
+                access_token = request.auth.jwt_create(token_data)
+            except (CustomOAuth2Error, Exception) as e:
+                raise OAuth2LoginError(400, str(e))
 
         response = RedirectResponse(self.redirect_uri or request.base_url)
         response.set_cookie(