Configuration OptionsΒΆ

Many of the configuration options can be set using environment variables (or a .env file).

This section describes the overall configuration object and it's (nested) options, defined in:

fastapi_aad_auth.config.Config[source]
Options:

  • <Config>.enabled (bool) : Enable authentication [default: True] (Can be set by FASTAPI_AUTH_ENABLED environment variable)

  • <Config>.user_klass (type) : User class to use within the AADOAuthBackend, this will be treated as an import path if provided as a string, with the last part the class to load [default: fastapi_aad_auth._base.state.User] (Can be set by FASTAPI_AUTH_USER_KLASS environment variable)

<Config>.aad:

  • <Config>.aad.flow_type (fastapi_aad_auth._base.validators.token.OAuthFlowType) : Select the OpenAPI OAuth2 flow [default: OAuthFlowType.authorizationCode] (Can be set by FASTAPI_AUTH_OPENAPI_OAUTH2_FLOW environment variable)

  • <Config>.aad.token_scopes (dict) : Set the (global) token scopes (Can be set by FASTAPI_AUTH_TOKEN_SCOPES environment variable)

  • <Config>.aad.client_id (pydantic.types.SecretStr) : Application Registration Client ID (Can be set by AAD_CLIENT_ID environment variable)

  • <Config>.aad.tenant_id (pydantic.types.SecretStr) : Application Registration Tenant ID (Can be set by AAD_TENANT_ID environment variable)

  • <Config>.aad.client_secret (pydantic.types.SecretStr) : Application Registration Client Secret (if required) (Can be set by AAD_CLIENT_SECRET environment variable)

  • <Config>.aad.scopes (list) : Additional scopes requested - if the scope is not configured to the application this will throw an error when validating the token

  • <Config>.aad.client_app_ids (list) : Additional Client App IDs to accept tokens from (when running as a backend service) (Can be set by AAD_CLIENT_APP_IDS environment variable)

  • <Config>.aad.strict (bool) : Check that all claims are provided [default: True] (Can be set by AAD_STRICT_CLAIM_CHECK environment variable)

  • <Config>.aad.api_audience (str) : Corresponds to the Application ID URI - used for token validation, defaults to api://{client_id} (Can be set by AAD_API_AUDIENCE environment variable)

  • <Config>.aad.redirect_uri (pydantic.networks.HttpUrl) : The redirect URI to use - overwrites the default path handling etc (Can be set by AAD_REDIRECT_URI environment variable)

  • <Config>.aad.prompt (str) : AAD prompt to request (Can be set by AAD_PROMPT environment variable)

  • <Config>.aad.domain_hint (str) : AAD domain hint (Can be set by AAD_DOMAIN_HINT environment variable)

  • <Config>.aad.roles (list) : AAD roles required in claims (Can be set by AAD_ROLES environment variable)

  • <Config>.aad.token_type (fastapi_aad_auth.providers.aad.TokenType) : The AAD token type to use to validate (we should use the access token if it is configured, unless we are acting as a pure UI component [default: TokenType.access]

  • <Config>.aad.jwks_cache_ttl (int) : Cache Time to Live value for MS JWKs token (Can be set by AAD_JWKS_CACHE_TTL environment variable)

<Config>.auth_session:

  • <Config>.auth_session.secret (pydantic.types.SecretStr) : Secret used for encoding authentication information (Can be set by SESSION_AUTH_SECRET environment variable)

  • <Config>.auth_session.salt (pydantic.types.SecretStr) : Salt used for encoding authentication information (Can be set by SESSION_AUTH_SALT environment variable)

<Config>.login_ui:

  • <Config>.login_ui.app_name (str) : Application name to show on the Login UI page (Can be set by APP_NAME environment variable)

  • <Config>.login_ui.template_file (pydantic.types.FilePath) : The jinja2 template to use for the login screen [default: fastapi_aad_auth\ui\login.html] (Can be set by FASTAPI_AUTH_LOGIN_TEMPLATE_FILE environment variable)

  • <Config>.login_ui.error_template_file (pydantic.types.FilePath) : The jinja2 template to use for error information [default: fastapi_aad_auth\ui\error.html] (Can be set by FASTAPI_AUTH_LOGIN_ERROR_TEMPLATE_FILE environment variable)

  • <Config>.login_ui.user_template_file (pydantic.types.FilePath) : The jinja2 template to use for the user view [default: fastapi_aad_auth\ui\user.html] (Can be set by FASTAPI_AUTH_USER_TEMPLATE_FILE environment variable)

  • <Config>.login_ui.static_directory (pydantic.types.DirectoryPath) : Static path for the UI components [default: fastapi_aad_auth\ui\static] (Can be set by FASTAPI_AUTH_LOGIN_STATIC_DIR environment variable)

  • <Config>.login_ui.static_path (str) : Path to mount the login static dir in [default: /static-login] (Can be set by FASTAPI_AUTH_LOGIN_STATIC_PATH environment variable)

  • <Config>.login_ui.context (dict) : Any additional context variables required for the template

  • <Config>.login_ui.ui_klass (type) : UI class to use to handle creating and returning the routes for the login, error and user screens, this will be treated as an import path if provided as a string, with the last part the class to load [default: fastapi_aad_auth.ui:UI] (Can be set by FASTAPI_AUTH_UI_KLASS environment variable)

<Config>.providers:

List of auth provider classes to use (defaults to AAD)

<Config>.routing:

  • <Config>.routing.login_path (str) : Path for initiating the AAD oauth call Field will be deprecated in version 0.2.0, and is replaced by Routing.oauth_base_route - To access the new behaviour, set this value to None or an empty string [default: /login/oauth] (Can be set by FASTAPI_AUTH_LOGIN_ROUTE environment variable)

  • <Config>.routing.login_redirect_path (str) : Path for handling the AAD redirect call Field will be deprecated in version 0.2.0, and is replaced by Routing.oauth_base_route - To access the new behaviour, set this value to None or an empty string [default: /login/oauth/redirect] (Can be set by FASTAPI_AUTH_LOGIN_REDIRECT_ROUTE environment variable)

  • <Config>.routing.oauth_base_route (str) : Base Path for initiating the oauth calls [default: /oauth] (Can be set by FASTAPI_OAUTH_BASE_ROUTE environment variable)

  • <Config>.routing.logout_path (str) : Path for processing a logout request [default: /logout] (Can be set by FASTAPI_AUTH_LOGOUT_ROUTE environment variable)

  • <Config>.routing.landing_path (str) : Path for the login UI page [default: /login] (Can be set by FASTAPI_AUTH_LOGIN_UI_ROUTE environment variable)

  • <Config>.routing.user_path (str) : Path for getting the user view [default: /me] (Can be set by FASTAPI_AUTH_USER_ROUTE environment variable)

  • <Config>.routing.home_path (str) : Path for the application home page (default redirect if none provided) [default: /] (Can be set by APP_HOME_ROUTE environment variable)

  • <Config>.routing.post_logout_path (str) : Path for the redirect post logout - defaults to the landing path if not provided (Can be set by FASTAPI_AUTH_POST_LOGOUT_ROUTE environment variable)

<Config>.session:

  • <Config>.session.secret_key (pydantic.types.SecretStr) : Secret used for the session middleware (Can be set by SESSION_SECRET environment variable)

  • <Config>.session.session_cookie (str) : Cookie name for the session information [default: session] (Can be set by SESSION_COOKIE environment variable)

  • <Config>.session.same_site (str) : Cookie validation mode for the session [default: lax] (Can be set by SESSION_SAME_SITE environment variable)

  • <Config>.session.https_only (bool) : Allow the sessions only with https connections (Can be set by SESSION_HTTPS_ONLY environment variable)

  • <Config>.session.max_age (int) : Maximum age for a session [default: 86400] (Can be set by SESSION_MAX_AGE environment variable)