FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 account).
This allows you to implement the famous Login with Google/Facebook/Microsoft
buttons functionality on your
backend very easily.
Documentation: https://tomasvotava.github.io/fastapi-sso/
Source Code: https://github.com/tomasvotava/fastapi-sso
An awesome demo site was created and is maintained by even awesomer Chris Karvouniaris (@chrisK824). Chris has also posted multiple Medium articles about FastAPI and FastAPI SSO.
Be sure to see his tutorials, follow him and show him some appreciation!
Please see his announcement with all the links.
Quick links for the eager ones:
A race condition bug in the login flow that could, in rare cases, allow one user
to assume the identity of another due to concurrent login requests was recently discovered
by @parikls.
This issue was reported in #186 and has been resolved
in version 0.16.0
.
Details of the Fix:
The bug was mitigated by introducing an async lock mechanism that ensures only one user can attempt the login process at any given time. This prevents race conditions that could lead to unintended user identity crossover.
Important Change:
To fully support this fix, users must now use the SSO instance within an async with
context manager. This adjustment is necessary for proper handling of asynchronous operations.
The synchronous with
context manager is now deprecated and will produce a warning.
It will be removed in future versions to ensure best practices for async handling.
Impact:
This bug could potentially affect deployments with high concurrency or scenarios where multiple users initiate
login requests simultaneously. To prevent potential issues and deprecation warnings, update to
version 0.16.0
or later and modify your code to use the async with context.
Code Example Update:
# Before (deprecated)
with sso:
openid = await sso.verify_and_process(request)
# After (recommended)
async with sso:
openid = await sso.verify_and_process(request)
Thanks to both @parikls and the community for helping me identify and improve the
security of fastapi-sso
. If you encounter any issues or potential vulnerabilities, please report them
immediately so they can be addressed.
For more details, refer to Issue #186 and PR #189.
If you'd like to support this project, consider buying me a coffee β. I tend to process Pull Requests faster when properly caffeinated π.
- Microsoft
- Spotify
- Fitbit
- Github (credits to Brandl for hint using
accept
header) - generic (see docs)
- Notion
- Twitter (X)
- Kakao (by Jae-Baek Song - thdwoqor)
- Naver (by 1tang2bang92) - 1tang2bang92
- Gitlab (by Alessandro Pischedda) - Cereal84
- Line (by Jimmy Yeh) - jimmyyyeh
- LinkedIn (by Alessandro Pischedda) - Cereal84
- Yandex (by Akim Faskhutdinov) β akimrx
- Seznam (by Tomas Koutek) - TomasKoutek
- Discord (by Kaelian Baudelet) - afi-dev
- Bitbucket (by Kaelian Baudelet) - afi-dev
See Contributing for a guide on how to contribute your own login provider.
pip install fastapi-sso
poetry add fastapi-sso
If you'd like to contribute and add your specific login provider, please see Contributing file.