| marp | true | ||
|---|---|---|---|
| theme | gaia | ||
| author | Margit ANTAL | ||
| class |
|
||
| paginate | true |
- What is OAuth2?
- OAuth2 Roles
- OAuth2 Flow with GitHub
- CORS configuration
- The React app will have a simple UI for
- user registration (using local database)
- user login
- displaying all users data
- deleting a user by ID
- An authorization framework that enables applications to obtain limited access to user accounts on an HTTP service
- Delegated access: Users can authorize third-party apps to access their resources without sharing credentials
- Commonly used for "Login with Google/GitHub/Facebook" features
- Resource Owner: The user who authorizes an application to access their resources.
- Client: The application (frontend) requesting access to the user's resources.
- Authorization Server: The server that authenticates the user.
- Resource Server:
- GitHub OAuth2 Server acts as the resource server for user information
- Backend API is a resource server if it provides protected endpoints that require access tokens
This OAuth2 Flow
- GitHub plays a dual role as both the Authorization Server (issuing access tokens) and Resource Server (providing user info)
- Your Backend API acts as an intermediary that exchanges tokens and then becomes a resource server for your application's protected endpoints
- Register OAuth app on GitHub
- Add GitHub OAuth endpoints to FastAPI
- Exchange code for token, get user info
- Match or create user in your DB
- Generate your app’s JWT token
- Redirect to frontend with token
- Store token in frontend and use it like local login
-
Click "New OAuth App"
-
Set:
- Application name
- Homepage URL: http://your-frontend.com
- Authorization callback URL: http://your-backend.com/auth/github/callback
-
GitHub gives you:
CLIENT_IDandCLIENT_SECRET
GitHub OAuth2 flow:
- Frontend button click --> Redirects to Backend (
/auth/github/login) - Backend (
/auth/github/login) --> Redirects to GitHub OAuth2 Server - GitHub OAuth2 Server: User authorizes --> Redirects to Backend with authorization code (
/auth/github/callback?code=...) - Backend exchanges
codeforaccess tokenfrom GitHub - Backend retrieves user info from GitHub using
access token - Backend issues
JWT tokencontaining user info - Frontend receives
JWT tokenand stores it in local storage
Link: https://claude.ai/public/artifacts/c4114f4b-b87a-4acf-adf6-37426cb9419b
- Endpoints
GET /auth/github/login
Redirects to GitHub's OAuth consent page.
GET /auth/github/callback
GitHub sends users here after login with a code.
- Utility function
get_or_create_user()
create or match a GitHub-authenticated user in your DB.
- Add a
Login with GitHubButton
<a href="https://your-backend.com/auth/github/login">
<button>Login with GitHub</button>
</a>- Handle the Redirect (JWT Token)
Create a page like
/oauth/callbackto extract theJWT tokenfrom the URL and store it
- CORS (Cross-Origin Resource Sharing) is a security feature implemented by browsers to restrict web pages from making requests to a different domain than the one that served the web page.
- When your frontend and backend are hosted on different domains or ports, you need to configure CORS on your backend to allow requests from your frontend domain.
- In FastAPI, you can use the
CORSMiddlewareto set up CORS
from fastapi.middleware.cors import CORSMiddleware
app.add_middleware(
CORSMiddleware,
allow_origins=["http://your-frontend.com"], # Frontend URL
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)allow_origins: Specifies which origins are allowed to make requests. Set this to your frontend URL.allow_credentials: Allows cookies and authentication headers to be included in requests.allow_methods: Specifies which HTTP methods are allowed (e.g., GET, POST).allow_headers: Specifies which headers can be included in requests.
Link to homework Section: Practical exercises
- What is OAuth2?
- OAuth2 Roles
- OAuth2 Flow with GitHub
- CORS configuration