Shared JWT + Google OAuth auth middleware for pal-e platform services
- Python 100%
forgejo_admin
20a6dd1b84
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
|
||
|---|---|---|
| src/pal_e_auth | ||
| tests | ||
| .gitignore | ||
| .woodpecker.yml | ||
| CLAUDE.md | ||
| poetry.lock | ||
| pyproject.toml | ||
| README.md | ||
pal-e-auth
Shared JWT + Google OAuth auth middleware for pal-e platform services.
Install
pip install pal-e-auth-ldraney
Quick Start
from fastapi import FastAPI, Depends
from pal_e_auth import AuthConfig, auth_router, get_current_user, require_role, User
app = FastAPI()
config = AuthConfig(
secret_key="your-jwt-secret",
google_client_id="your-google-client-id",
google_client_secret="your-google-client-secret",
)
app.state.auth_config = config
app.include_router(auth_router(config))
@app.get("/protected")
async def protected(user: User = Depends(get_current_user)):
return {"email": user.email}
@app.get("/admin-only")
async def admin_only(user: User = Depends(require_role("admin"))):
return {"email": user.email}
Auth Flow
- User visits
/auth/google→ redirected to Google consent screen - Google redirects back to
/auth/callbackwith auth code - Server exchanges code for ID token, extracts user info
- JWT created and set as
access_tokencookie - Subsequent requests authenticated via cookie or
Authorization: Bearerheader
Dependencies
FastAPI apps provide auth by reading app.state.auth_config:
get_current_user— requires valid JWT, returnsUseroptional_user— returnsUser | Nonerequire_role("admin", "coach")— requires valid JWT + matching role
Roles
admin, coach, parent, viewer (default)
Development
poetry install
poetry run pytest
poetry run ruff check .
poetry run ruff format --check .