I have the first steps working for fastapi-users==12.0.0 with Google OAuth but I don't know what to do with the access_token once I get it from /auth/google/callback.
The fastapi logs show User <user_id> has registered and a new row is added into each table (user, oauth_account), so that's good.
So far I have:
GET /auth/google/authorizewhich returns a JSON with anauthorization_url.- I navigate to that
authorization_urland authenticate via the prompts athttps://accounts.google.com/signin. - I am redirected to
/auth/google/callback?state=<some_token>&scope=<email, profile, user scopes>=0&prompt=consent, which shows{"access_token":<access_token>,"token_type":"bearer"}.
What am I supposed to do with that access_token? To access private endpoints do I need to include it in the header of every future request?
For this strictly google process, do I need to use any of the other endpoints (eg. /auth/jwt/login, /auth/register, /auth/request-verify-token, /auth/verify)?
How would I complete this process via the swagger docs? The Authorize form (OAuth2PasswordBearer) currently shows Token URL: auth/jwt/login and Flow: password). I don't need to change that at all right?
Yes. You'll need to include it as authorization header to access your protected resources (the ones that need authorization).
These endpoints are not used in Google Oauth flow. This is for normal login using credentials i.e. Username and Password. The endpoint
/auth/jwt/login/takes your credentials and responds with JWT token similar to what you're going to receive from the/auth/google/callback. Now you'll need to store this token in your frontend client or any other service that is calling your endpoint since JWTs are not stored in backend server.