DEVHIDE
Login Or Sign up

FastAPI: Oauth2 implicit flow not passing the access token in subsequent apis

88 Views Asked by At

I am implementing the Fastapi oauth2 implicit flow, while implementing I am able to receive the access token from azure ad, however the access token is not passed in subsequent apis.

In my swagger url the authorize button looks like this enter image description here

After successful login in UI I can see see this enter image description here

I can also see the access token stored in the browser local storage, however in my subsequent api request the accessToken is not passed in curl url

curl url is formed like this

curl -X 'GET' \
  'http://localhost:8000/protected' \
  -H 'accept: application/json'

Now in swagger redirect logic I have html like this

html = """
    <!doctype html>
    <html lang="en-US">
    <head>
        <title>Swagger UI: OAuth2 Redirect</title>
    </head>
    <body>
    <script>
        'use strict';
        function run() {
            var oauth2 = window.opener.swaggerUIRedirectOauth2;
            var sentState = oauth2.state;
            var redirectUrl = oauth2.redirectUrl;
            var isValid, qp, arr;

            // Extract the query parameters from the URL fragment
            var fragment = window.location.hash.substring(1);
            var params = new URLSearchParams(fragment);

            // Extract the token from the fragment
            var accessToken = params.get('access_token');

            isValid = params.get('state') === sentState;

            // Store the access token securely in localStorage
            localStorage.setItem('accessToken', accessToken);

            // Callback with the token
            oauth2.callback({ auth: oauth2.auth, token: accessToken, isValid: isValid, redirectUrl: redirectUrl });

            window.close()
        }

        if (document.readyState !== 'loading') {
            run();
        } else {
            document.addEventListener('DOMContentLoaded', function () {
                run();
            });
        }
    </script>
    </body>
    </html>
        """

what should I do that in curl request I can pass the access token?

Implemented the oauth2 implicit flow in fastapi, receiving the access token however the access token is not passed in subsequent apis curl request.

python-3.x fastapi azure-ad-b2c fastapiusers
Original Q&A
1

There are 1 best solutions below

0
On

After looking for lot of solution I found that fastapi internally doesn't support implicit flow but it supports authorization code with pkce flow which is more secure than implicit flow.

There is a package which has good documentation to implement the authorization code with pkce flow.

Package name : fastapi-azure-auth

Related Questions in PYTHON-3.X

Related Questions in FASTAPI

Related Questions in AZURE-AD-B2C

Related Questions in FASTAPIUSERS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.