litestar
litestar copied to clipboard
litestar-org
Enhancement: Auth0/Keycloak
Summary
Would be possible to include documentation for this services in the documentation ?
They are becoming more common to use them (and their competitors) so I think having a section for them it would be great
Basic Example
No response
Drawbacks and Impact
No response
Unresolved questions
No response
[!NOTE]
Check out all issues funded or available for funding here: https://polar.sh/litestar-org
- If you would like to see an issue prioritized, make a pledge towards it!
- We receive the pledge once the issue is completed & verified
I'm not familiar with Litestar, but there's an MRE for FastAPI here: ilyesAj/keycloak-fastAPI-integration.
Found another one, and this one uses Litestar for the backend: https://github.com/GhentCDH/nuxt-keycloak-jwt-auth .
However, it's important to emphasize that without a well-maintained Python OAuth 2.x server implementation (covering both Authorization and Resource Servers) and a Python OpenID Connect 1.x (OIDC) client, it is impossible to securely and reliably integrate it into Litestar or into any other Python framework for that matter.
This issue is not unique to Python though: most ecosystems outside of Java and C# face the same challenge (see Certified Relying Party Libraries and Certified OpenID Provider Libraries).
The best approach would be to contribute to improving Authlib.
Re: authlib, we have an issue for tracking that impl.
https://github.com/lepture/authlib/issues/601
Any news on this? Migrating from FASTAPI where i use Auth0. But am stuck getting it to work in litestar.
# app/auth/routes.py
from urllib.parse import quote_plus, urlencode, urljoin
from authlib.integrations.starlette_client import OAuth
from fastapi import APIRouter, Request
from fastapi.responses import RedirectResponse
from app.config import settings
router = APIRouter()
oauth = OAuth()
oauth.register(
"auth0",
client_id=settings.auth0_client_id,
client_secret=settings.auth0_client_secret, # Ensure you import the secret
client_kwargs={
"scope": "openid profile email",
},
server_metadata_url=f"https://{settings.auth0_domain}/.well-known/openid-configuration",
)
@router.get("/callback")
async def callback(request: Request):
token = await oauth.auth0.authorize_access_token(request)
request.session["user"] = token
return RedirectResponse(url="/")
@router.get("/login")
async def login(request: Request):
redirect_uri = request.url_for("callback")
return await oauth.auth0.authorize_redirect(request, redirect_uri)
@router.get("/logout")
async def logout(request: Request):
request.session.clear()
return_to_url = urljoin(str(request.base_url), "/")
logout_url = f"https://{settings.auth0_domain}/v2/logout?" + urlencode(
{
"returnTo": return_to_url,
"client_id": settings.auth0_client_id,
},
quote_via=quote_plus,
)
return RedirectResponse(logout_url)
Any news on this? Migrating from FASTAPI where i use Auth0. But am stuck getting it to work in litestar.
The issue seems to be that you're using the authlib Starlette integration, so you should probably ask this question over at authlib regarding plans for a Litestar integration. There's not much we can do here.
That being said, Auth0 has an SDK for Python, that you should be able to easily integrate into your Litestar application. You'd simply have to replace the authlib API shown in your example with the equivalent Auth0 SDK functionality :)
