GithubHelp home page GithubHelp logo

fastapi-keycloak-jwt's Introduction

Securing FastAPI REST Services with JWT and Keycloak IdP

This guide provides example of integrating REST services with Keycloak Identity and Access Management to provide stateless Authentication and Authorization Services.

Configuring the Keycloak Server

Keycloak can be started in multiple ways: Keycloak Getting Started guides. Here, we'll use the easiest option :-)

  • Download the latest release, unzip and copy the data folder data in your unzipped directory.
  • From that directory, run the command:
bin/kc.[sh|bat] start-dev`

The data folder contains the h2 database with configured realm (SmartOcean), service (SO_service), roles, and users.

Point your url to: http://localhost:8080 and log in as the admin user to access the Keycloak Administration Console. Username is admin and password admin.

RestAPI Endpoints

There are 5 endpoints exposed by the service:

To access the resources at the protected endpoints using a JWT bearer token, your client needs to obtain an OAuth2 access token from the Keycloak IdP server. For this demo, we will obtain tokens using the resource owner password grant type.

You should be able to obtain tokens for any of these users:

Username Password Roles Level
alice alice ADMIN Realm
bob bob USER Realm
berit berit S_ADMIN SO_service
jan jan S_USER SO_service

To obtain the auth JWT bearer token, use curl as below (Linux/Mac) or other relevant client (e.g., Postman):

export token=$(\
curl -X POST http://{IP-address}:8080/realms/SmartOcean/protocol/openid-connect/token \
-d 'client_id=SO_service' \
-d 'username=alice&password=alice&grant_type=password'| jq --raw-output '.access_token' \
)

(Make sure to have jq package installed.) You can use the same command to obtain tokens on behalf of other users, by changing the username and password request parameters.

After running the command above, you can now access the http://localhost:8090/api/v1/admin endpoint for the user alice with the ADMIN role (realm) as follows:

curl http://localhost:8090/api/v1/admin -H "Authorization: Bearer "$token

You should see the following response from the service:

{"Data":"This is a protected resource for ADMIN role."}

fastapi-keycloak-jwt's People

Contributors

tosdanoye avatar maggesn avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.