fastapi-cloudauth Firebase - Unauthenticated request is not raising an exception

Firebase - Unauthenticated request is not raising an exception

Open br-follow opened this issue 3 years ago • 1 comments

When injecting the FirebaseClaims object, no exception is raised for an unauthenticated user. It looks like it should raise a 401 exception because auto_error is set to True.

Additionally, it is unclear how to test this via the Swagger UI. There does not appear to be any authentication UI, as there is with cogito.

Code:

async def get_current_user(settings: Settings = Depends(get_settings)):
    return FirebaseCurrentUser(project_id=settings.firebase_project_id)


@app.get("/protected")
async def protected(current_user: FirebaseClaims = Depends(get_current_user)):
    return f"Hello, {current_user.user_id}"

Sep 30 '21 18:09 br-follow

@br-allstreet ,

try to do something like this:

from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

async def get_current_user(
    settings: AppSettings = Depends(get_app_settings),
    http_auth: Optional[HTTPAuthorizationCredentials] = Depends(HTTPBearer(auto_error=False)),
) -> CognitoCurrentUser:
    current_user_auth = FirebaseCurrentUser(project_id=settings.firebase_project_id)
    return await current_user_auth(http_auth)

@app.get("/protected")
async def protected(current_user: FirebaseClaims = Depends(get_current_user)):
    return f"Hello, {current_user.user_id}"

I didn't check it, jsut a quick sketch...

Jan 18 '22 13:01 tivaliy

fastapi-cloudauth fastapi-cloudauth copied to clipboard

Firebase - Unauthenticated request is not raising an exception

fastapi-cloudauth
fastapi-cloudauth copied to clipboard