start using fastapi-auth0

[peterdudfield]

Pull Request

Description

• start using fastapi-auth0
• adds "Authorization" button on swagger code

How Has This Been Tested?

• CI tests
• ran things locally

Checklist:

• My code follows OCF's coding style guidelines
• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• I have checked my code and corrected any misspellings

[devsjc]

A few suggestions. I'm not really sure what advantage this brings over the previous method, sure its saves us a few lines of code for another dependency, but do we gain any functionality with that? In fact, it seems we lose access to the sub key which is actually used in other parts of the code - so those parts would need updating also.

[devsjc]

I've tried to keep environment variables limited only to the top level. How come you've changed the access pattern? Seems like you could just have the previous Auth0 class be replaced entirely with this imported one, and remove the remove the call entirely from the DummyAuth and make it instead inherit from the fastapi_auth0.Auth0 class (as you sort of have already with the get_user method override). Then the code in main would be something like

# Override dependencies according to configuration
    auth_instance: fastapi_auth0.Auth0
    match (conf.get_string("auth0.domain"), conf.get_string("auth0.audience")):
        case (_, "") | ("", _):
            auth_instance = auth.DummyAuth()
            log.warning("disabled authentication. NOT recommended for production")
        case (domain, audience):
            auth_instance = fastapi_auth0.Auth0(domain=domain, api_audience=audience)
    
    server.dependency_overrides[auth.get_user] = auth_instance.get_user

You could even make the abstract auth class with a get_user method in the auth middleware that defines the auth_instance type.

[peterdudfield]

Ill try again, (I think i tried this but somehting wasnt working, but Ill try again as I do like what youve done with env vars there)

[peterdudfield]

I know remember, it was tricky to get the "Autherization" green box up on the swagger UI. This is done via fastapis Security. But ill try and get this working

[peterdudfield]

Ive added this route,

[braddf]

hey @peterdudfield, haven't looked into the code/revisions on this but @devsjc left me a tag when he wasn't feeling well I think.
First of all, is there are reason we're integrating this relatively small/less recently updated package instead of the official auth0-fastapi-api package, which seems to have a similar API / implementation?
If there's not a strong reason to use this one, e.g. a simple swap in and out for identical codebases which this is not quite the same implementation I think, then it's usually better to use 1st-party libraries esp. for things like auth.

[peterdudfield]

hey @peterdudfield, haven't looked into the code/revisions on this but @devsjc left me a tag when he wasn't feeling well I think. First of all, is there are reason we're integrating this relatively small/less recently updated package instead of the official auth0-fastapi-api package, which seems to have a similar API / implementation? If there's not a strong reason to use this one, e.g. a simple swap in and out for identical codebases which this is not quite the same implementation I think, then it's usually better to use 1st-party libraries esp. for things like auth.

Yea, the library is only one file, so I could just copy that over.
Ive used it all before in the other fastapi's and Auth is hard, so I thought just trying to keep it the same as before (for #147 )
it has nice features like, classes, permission/scopes, Nicer error messages, get_user - which seems to be more commonly used

[peterdudfield]

Ive moved this back to draft, as if we do this, we need to update the routes too