# FastAPI/MSAL - MSAL (Microsoft Authentication Library) plugin for FastAPI
[![Checked with mypy](http://www.mypy-lang.org/static/mypy_badge.svg)](http://mypy-lang.org/)
[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
[![Lint & Security](https://github.com/dudil/fastapi_msal/actions/workflows/lint.yml/badge.svg)](https://github.com/dudil/fastapi_msal/actions/workflows/lint.yml)
[![Download monthly](https://pepy.tech/badge/fastapi_msal/month)](https://pypistats.org/packages/fastapi_msal)
FastAPI - https://github.com/tiangolo/fastapi
_FastAPI is a modern, fast (high-performance), web framework for building APIs based on standard Python type hints._
MSAL for Python - https://github.com/AzureAD/microsoft-authentication-library-for-python
_The Microsoft Authentication Library for Python enables applications to integrate with the
[Microsoft identity platform.](https://aka.ms/aaddevv2)
It allows you to sign in users or apps with Microsoft identities
and obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/)
or your own APIs registered with the Microsoft identity platform.
It is built using industry standard OAuth2 and OpenID Connect protocols_
The **fastapi_msal** package was built to allow quick "out of the box" integration with MSAL.
As a result the pacage was built around simplicity and ease of use on the expense of flexability and versatility.
## Features
1. Includes Async implementation of MSAL confidential client class utilizaing Starlette threadpool model.
1. Use pydantic models to translate the MSAL objects to data objects which are code and easy to work with.
1. Have a built-in router which includes the required paths for the authentication flow.
1. Include a dependency class to authenticate and secure your application APIs
1. Includes a pydantic setting class for easy and secure configuration from your ENV (or .env or secrets directory)
1. Full support with FastAPI swagger documentations and authentication simulation
## Installation
```shell
pip install "fastapi_msal"
```
Or if you wish to have all the required packages straight forward
```shell
pip install "fastapi_msal[full]"
```
## Prerequisets
1. Python 3.9 and above
2. As part of your fastapi application the following packages should be included:
(if you use the **[full]** method it is not required.)
1. [python-multipart](https://andrew-d.github.io/python-multipart/),
_[From FastAPI documentation](https://fastapi.tiangolo.com/tutorial/security/first-steps/#run-it)_:
This is required since OAuth2 (Which MSAL is based upon) uses "form data" to send the credentials.
2. [itsdangerous](https://github.com/pallets/itsdangerous)
Used by Starlette [session middleware](https://www.starlette.io/middleware/)
## Usage
1. Follow the application [registration process
with the Microsoft Identity Platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-v2-register-an-app). Finishing the processes will allow you to [register your app callback path with the platform](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-a-redirect-uri), as well as to retrieve your application `client_id`, `tenant_id` and `client_credential` ([client secrets](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-credentials)) - see images below:
![Client and tenant ID page](docs/images/client_tenant_id_page.png)
![Client secrets page](docs/images/client_secrets_page.png)
2. Create a new main.py file and add the following lines.
Make sure to update the lines with the information retrieved in the previous step
``` python
import uvicorn
from fastapi import FastAPI, Depends
from starlette.middleware.sessions import SessionMiddleware
from fastapi_msal import MSALAuthorization, UserInfo, MSALClientConfig
client_config: MSALClientConfig = MSALClientConfig()
client_config.client_id = "The client_id retrieved at step #1"
client_config.client_credential = "The client_credential retrieved at step #1"
client_config.tenant = "Your tenant_id retrieved at step #1"
app = FastAPI()
app.add_middleware(SessionMiddleware, secret_key="SOME_SSH_KEY_ONLY_YOU_KNOW") # replace with your own!!!
msal_auth = MSALAuthorization(client_config=client_config)
app.include_router(msal_auth.router)
@app.get("/users/me", response_model=UserInfo, response_model_exclude_none=True, response_model_by_alias=False)
async def read_users_me(current_user: UserInfo = Depends(msal_auth.scheme)) -> UserInfo:
return current_user
if __name__ == "__main__":
uvicorn.run("main:app", host="localhost", port=5000, reload=True)
```
3. Run your app
```shell
(pipenv shell)$ python main.py
INFO: Uvicorn running on http://localhost:5000 (Press CTRL+C to quit)
INFO: Started reloader process [12785] using statreload
INFO: Started server process [12787]
INFO: Waiting for application startup.
INFO: Application startup complete.
```
4. Browse to http://localhost:5000/docs - this is the API docs generated by FastAPI (totaly cool!)
![Document Page Image](https://github.com/dudil/fastapi_msal/blob/master/docs/images/authorize_page.png?raw=true/blob/images/docs_page.png?raw=true)
5. Using the "built-in" authenticaiton button (the little lock) you will be able to set the full authentication process
![Authorize Page Image](https://github.com/dudil/fastapi_msal/blob/master/docs/images/authorize_page.png?raw=true)
(Igonre the cline_id and client_secret - they are not relevant for the process as you already set them)
6. After you complete the process you will get a confirmation popup
![Token Page Image](https://github.com/dudil/fastapi_msal/blob/master/docs/images/token_page.png?raw=true)
7. Trying out the _ME_ api endpoint
![Me Page Image](https://github.com/dudil/fastapi_msal/blob/master/docs/images/me_page.png?raw=true)
## Working Example/Template
If you wish to try out a working example, clone the following project and adjust it to your needs:
[https://github.com/dudil/ms-identity-python-webapp](https://github.com/dudil/ms-identity-python-webapp)
**NB!** Make sure you are using the *fastapi_msal* branch!!!
Raw data
{
"_id": null,
"home_page": null,
"name": "fastapi-msal",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "AAD, FastAPI, MSAL, SSO, authentication, fastapi-middleware, fastapi-plugin, plugin",
"author": null,
"author_email": "Dudi Levy <4785835+dudil@users.noreply.github.com>",
"download_url": "https://files.pythonhosted.org/packages/e9/c9/f7c6b24dfa9e6019dd4a494ffc326f6a335f3570bb1b80ee49b2d30a002d/fastapi_msal-2.1.6.tar.gz",
"platform": null,
"description": "# FastAPI/MSAL - MSAL (Microsoft Authentication Library) plugin for FastAPI\n[![Checked with mypy](http://www.mypy-lang.org/static/mypy_badge.svg)](http://mypy-lang.org/)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n[![Lint & Security](https://github.com/dudil/fastapi_msal/actions/workflows/lint.yml/badge.svg)](https://github.com/dudil/fastapi_msal/actions/workflows/lint.yml)\n[![Download monthly](https://pepy.tech/badge/fastapi_msal/month)](https://pypistats.org/packages/fastapi_msal)\n\nFastAPI - https://github.com/tiangolo/fastapi\n_FastAPI is a modern, fast (high-performance), web framework for building APIs based on standard Python type hints._\n\nMSAL for Python - https://github.com/AzureAD/microsoft-authentication-library-for-python\n_The Microsoft Authentication Library for Python enables applications to integrate with the\n[Microsoft identity platform.](https://aka.ms/aaddevv2)\nIt allows you to sign in users or apps with Microsoft identities\nand obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/)\nor your own APIs registered with the Microsoft identity platform.\nIt is built using industry standard OAuth2 and OpenID Connect protocols_\n\nThe **fastapi_msal** package was built to allow quick \"out of the box\" integration with MSAL.\nAs a result the pacage was built around simplicity and ease of use on the expense of flexability and versatility.\n\n## Features\n1. Includes Async implementation of MSAL confidential client class utilizaing Starlette threadpool model.\n1. Use pydantic models to translate the MSAL objects to data objects which are code and easy to work with.\n1. Have a built-in router which includes the required paths for the authentication flow.\n1. Include a dependency class to authenticate and secure your application APIs\n1. Includes a pydantic setting class for easy and secure configuration from your ENV (or .env or secrets directory)\n1. Full support with FastAPI swagger documentations and authentication simulation\n\n## Installation\n\n```shell\npip install \"fastapi_msal\"\n```\nOr if you wish to have all the required packages straight forward\n```shell\npip install \"fastapi_msal[full]\"\n```\n\n## Prerequisets\n1. Python 3.9 and above\n2. As part of your fastapi application the following packages should be included: \n(if you use the **[full]** method it is not required.)\n 1. [python-multipart](https://andrew-d.github.io/python-multipart/),\n _[From FastAPI documentation](https://fastapi.tiangolo.com/tutorial/security/first-steps/#run-it)_:\n This is required since OAuth2 (Which MSAL is based upon) uses \"form data\" to send the credentials.\n\n 2. [itsdangerous](https://github.com/pallets/itsdangerous)\n Used by Starlette [session middleware](https://www.starlette.io/middleware/)\n\n## Usage\n1. Follow the application [registration process\nwith the Microsoft Identity Platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-v2-register-an-app). Finishing the processes will allow you to [register your app callback path with the platform](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-a-redirect-uri), as well as to retrieve your application `client_id`, `tenant_id` and `client_credential` ([client secrets](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-credentials)) - see images below:\n\n![Client and tenant ID page](docs/images/client_tenant_id_page.png)\n\n![Client secrets page](docs/images/client_secrets_page.png)\n\n2. Create a new main.py file and add the following lines.\nMake sure to update the lines with the information retrieved in the previous step\n``` python\nimport uvicorn\nfrom fastapi import FastAPI, Depends\nfrom starlette.middleware.sessions import SessionMiddleware\nfrom fastapi_msal import MSALAuthorization, UserInfo, MSALClientConfig\n\nclient_config: MSALClientConfig = MSALClientConfig()\nclient_config.client_id = \"The client_id retrieved at step #1\"\nclient_config.client_credential = \"The client_credential retrieved at step #1\"\nclient_config.tenant = \"Your tenant_id retrieved at step #1\"\n\napp = FastAPI()\napp.add_middleware(SessionMiddleware, secret_key=\"SOME_SSH_KEY_ONLY_YOU_KNOW\") # replace with your own!!!\nmsal_auth = MSALAuthorization(client_config=client_config)\napp.include_router(msal_auth.router)\n\n\n@app.get(\"/users/me\", response_model=UserInfo, response_model_exclude_none=True, response_model_by_alias=False)\nasync def read_users_me(current_user: UserInfo = Depends(msal_auth.scheme)) -> UserInfo:\n return current_user\n\n\nif __name__ == \"__main__\":\n uvicorn.run(\"main:app\", host=\"localhost\", port=5000, reload=True)\n```\n\n3. Run your app\n```shell\n(pipenv shell)$ python main.py\nINFO: Uvicorn running on http://localhost:5000 (Press CTRL+C to quit)\nINFO: Started reloader process [12785] using statreload\nINFO: Started server process [12787]\nINFO: Waiting for application startup.\nINFO: Application startup complete.\n```\n\n4. Browse to http://localhost:5000/docs - this is the API docs generated by FastAPI (totaly cool!)\n![Document Page Image](https://github.com/dudil/fastapi_msal/blob/master/docs/images/authorize_page.png?raw=true/blob/images/docs_page.png?raw=true)\n\n5. Using the \"built-in\" authenticaiton button (the little lock) you will be able to set the full authentication process\n![Authorize Page Image](https://github.com/dudil/fastapi_msal/blob/master/docs/images/authorize_page.png?raw=true)\n (Igonre the cline_id and client_secret - they are not relevant for the process as you already set them)\n\n6. After you complete the process you will get a confirmation popup\n![Token Page Image](https://github.com/dudil/fastapi_msal/blob/master/docs/images/token_page.png?raw=true)\n\n7. Trying out the _ME_ api endpoint\n![Me Page Image](https://github.com/dudil/fastapi_msal/blob/master/docs/images/me_page.png?raw=true)\n\n## Working Example/Template\nIf you wish to try out a working example, clone the following project and adjust it to your needs:\n[https://github.com/dudil/ms-identity-python-webapp](https://github.com/dudil/ms-identity-python-webapp)\n\n**NB!** Make sure you are using the *fastapi_msal* branch!!!\n",
"bugtrack_url": null,
"license": null,
"summary": "FastAPI/MSAL - The MSAL (Microsoft Authentication Library) plugin for FastAPI!",
"version": "2.1.6",
"project_urls": {
"Documentation": "https://github.com/dudil/fastapi_msal#readme",
"Homepage": "https://github.com/dudil/fastapi_msal",
"Issues": "https://github.com/dudil/fastapi_msal/issues",
"Source": "https://github.com/dudil/fastapi_msal"
},
"split_keywords": [
"aad",
" fastapi",
" msal",
" sso",
" authentication",
" fastapi-middleware",
" fastapi-plugin",
" plugin"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d2232df0f3e4fc441fcbc67c7c58d7519ddc56b9ec9a038df5430cb46c5a354e",
"md5": "2af4c56c1cae308473dfce311fd1e659",
"sha256": "534d3183949564b2380ca62f00be0e0da2a0eb360105a3c69f55a7073d403782"
},
"downloads": -1,
"filename": "fastapi_msal-2.1.6-py3-none-any.whl",
"has_sig": false,
"md5_digest": "2af4c56c1cae308473dfce311fd1e659",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 23189,
"upload_time": "2024-08-07T12:54:13",
"upload_time_iso_8601": "2024-08-07T12:54:13.022385Z",
"url": "https://files.pythonhosted.org/packages/d2/23/2df0f3e4fc441fcbc67c7c58d7519ddc56b9ec9a038df5430cb46c5a354e/fastapi_msal-2.1.6-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e9c9f7c6b24dfa9e6019dd4a494ffc326f6a335f3570bb1b80ee49b2d30a002d",
"md5": "457525314452a83b147c216bdd088b06",
"sha256": "1fc92fb214c0766795d894b2e4a7f381979c6ff343d1431fadbeb404a1d57f9e"
},
"downloads": -1,
"filename": "fastapi_msal-2.1.6.tar.gz",
"has_sig": false,
"md5_digest": "457525314452a83b147c216bdd088b06",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 17931,
"upload_time": "2024-08-07T12:54:14",
"upload_time_iso_8601": "2024-08-07T12:54:14.162240Z",
"url": "https://files.pythonhosted.org/packages/e9/c9/f7c6b24dfa9e6019dd4a494ffc326f6a335f3570bb1b80ee49b2d30a002d/fastapi_msal-2.1.6.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-08-07 12:54:14",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "dudil",
"github_project": "fastapi_msal#readme",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "fastapi-msal"
}