rest-framework icon indicating copy to clipboard operation
rest-framework copied to clipboard
verified publisher icon OCA

[17.0][ADD] fastapi_auth_apikey

Open Tisho99 opened this issue 6 months ago • 2 comments

This module provides FastAPI Depends to allow authentication with Odoo's built in API Keys

T-8323

Tisho99 avatar Jun 16 '25 13:06 Tisho99

@simahawk @lmignon @etobella @sbidoul Let me explain the case a bit:

  • Odoo APIKeys exist.
  • You can't choose which FastAPI app uses each APIKey (or APIKey scope).
  • This module allows you to choose APIKey authentication and specify a Scope based on the user selected in the app.
  • This is a simple and maintainable use of Odoo APIKeys with FastAPI, using what Odoo has.

We've seen the module at https://github.com/OCA/server-auth/tree/17.0/auth_api_key . It provides an additional APIKey layer to the system and more maintenance, etc. However, it's more complex, and if you only want it for this FastAPI case, you'll have to maintain a much more complex module (I'm not saying it's incorrect, just that it's for more complex cases).

How would you view the use of this proposed concept?

ValentinVinagre avatar Jun 17 '25 12:06 ValentinVinagre

@Tisho99 Thank you for the proposal. A first glance at the code suggests that this is very interesting. I'll try to take a closer look over the next few days.

lmignon avatar Jun 17 '25 12:06 lmignon

@Tisho99 Thank you for the proposal. A first glance at the code suggests that this is very interesting. I'll try to take a closer look over the next few days.

@lmignon , have you had time to review it? 😄

ValentinVinagre avatar Jun 30 '25 06:06 ValentinVinagre

Is this a duplicate of #544 ?

yvaucher avatar Jul 23 '25 16:07 yvaucher

Is this a duplicate of #544 ?

This is the 544.

ValentinVinagre avatar Jul 23 '25 16:07 ValentinVinagre

My bad I meant #539

yvaucher avatar Jul 23 '25 16:07 yvaucher

My bad I meant #539

Owl-y shit, I hadn't seen the module. I think the idea is a little different since it's still done by scope, so it's not the idea of keeping two modules identical. I don't know what you think about this point of view; I understand that OCA would follow the other module. In my opinion, I'm not entirely convinced that you can see the API key logs. In this case, a scope is used to mask that point. For our part, I have no problem canceling this PR.

ValentinVinagre avatar Jul 24 '25 06:07 ValentinVinagre

@ValentinVinagre As there was an existing module in v16 (but was never merged?) It's arguable.

But to respect other work if @Tisho99 could base his work on it, that would be nice. (especially if it needs some migration scripts)

Otherwise I like the module name fastapi_auth_api_key better. With api and key separated as the camelcase APIKey translate to api_key in snake case.

ping @henrybackman @mmequignon

yvaucher avatar Jul 28 '25 14:07 yvaucher

Hi @yvaucher

I also don't have problem closing this PR.

At glance, both modules are similar. This one uses Odoo core API Keys, and https://github.com/OCA/rest-framework/pull/539 uses OCA's

But I'd wait for more opinions

Thank you

Tisho99 avatar Jul 28 '25 14:07 Tisho99

@ValentinVinagre As there was an existing module in v16 (but was never merged?) It's arguable.

But to respect other work if @Tisho99 could base his work on it, that would be nice. (especially if it needs some migration scripts)

Otherwise I like the module name fastapi_auth_api_key better. With api and key separated as the camelcase APIKey translate to api_key in snake case.

ping @henrybackman @mmequignon

Okay, so that's why we created this module, and the OCA module is based on the "auth_api_key_group" module, as @Tisho99 points out. This module is based on the Odoo api-key concept. Given the different approaches, I wouldn't join them. We can change the name to distinguish it. What do you think? Fastapi_auth_odoo_api_key?

ValentinVinagre avatar Jul 31 '25 08:07 ValentinVinagre

@Tisho99 change name to: Fastapi_auth_odoo_api_key or Fastapi_auth_scope_api_key

ValentinVinagre avatar Aug 07 '25 08:08 ValentinVinagre