OpenIdConnect Class — fastapi Architecture

Architecture documentation for the OpenIdConnect class in open_id_connect_url.py from the fastapi codebase.

Class python Security

Entity Profile

Security→ OpenIdConnect Class — fastapi Architecture

Dependency Diagram

graph TD
  76b111a9_5b62_f8e0_e44a_b9a33f6470f7["OpenIdConnect"]
  28c8873a_5ba4_867f_0824_7abcac157a85["SecurityBase"]
  76b111a9_5b62_f8e0_e44a_b9a33f6470f7 -->|extends| 28c8873a_5ba4_867f_0824_7abcac157a85
  41fcb02b_3db0_cf0b_0554_183bc646a21d["open_id_connect_url.py"]
  76b111a9_5b62_f8e0_e44a_b9a33f6470f7 -->|defined in| 41fcb02b_3db0_cf0b_0554_183bc646a21d
  c07383fd_7f62_a8ad_5b3a_2df063400ebe["__init__()"]
  76b111a9_5b62_f8e0_e44a_b9a33f6470f7 -->|method| c07383fd_7f62_a8ad_5b3a_2df063400ebe
  a3fd30fc_12b7_e7b8_72e3_011111e9cb1d["make_not_authenticated_error()"]
  76b111a9_5b62_f8e0_e44a_b9a33f6470f7 -->|method| a3fd30fc_12b7_e7b8_72e3_011111e9cb1d
  e6c5d403_450e_c23e_aaf9_43e3a3bdac2a["__call__()"]
  76b111a9_5b62_f8e0_e44a_b9a33f6470f7 -->|method| e6c5d403_450e_c23e_aaf9_43e3a3bdac2a

Relationship Graph

Source Code

fastapi/security/open_id_connect_url.py lines 11–94

class OpenIdConnect(SecurityBase):
    """
    OpenID Connect authentication class. An instance of it would be used as a
    dependency.

    **Warning**: this is only a stub to connect the components with OpenAPI in FastAPI,
    but it doesn't implement the full OpenIdConnect scheme, for example, it doesn't use
    the OpenIDConnect URL. You would need to to subclass it and implement it in your
    code.
    """

    def __init__(
        self,
        *,
        openIdConnectUrl: Annotated[
            str,
            Doc(
                """
            The OpenID Connect URL.
            """
            ),
        ],
        scheme_name: Annotated[
            Optional[str],
            Doc(
                """
                Security scheme name.

                It will be included in the generated OpenAPI (e.g. visible at `/docs`).
                """
            ),
        ] = None,
        description: Annotated[
            Optional[str],
            Doc(
                """
                Security scheme description.

                It will be included in the generated OpenAPI (e.g. visible at `/docs`).
                """
            ),
        ] = None,
        auto_error: Annotated[
            bool,
            Doc(
                """
                By default, if no HTTP Authorization header is provided, required for
                OpenID Connect authentication, it will automatically cancel the request
                and send the client an error.

                If `auto_error` is set to `False`, when the HTTP Authorization header
                is not available, instead of erroring out, the dependency result will
                be `None`.

                This is useful when you want to have optional authentication.

                It is also useful when you want to have authentication that can be
                provided in one of multiple optional ways (for example, with OpenID
                Connect or in a cookie).
                """
            ),
        ] = True,
    ):
        self.model = OpenIdConnectModel(
            openIdConnectUrl=openIdConnectUrl, description=description
        )
        self.scheme_name = scheme_name or self.__class__.__name__
        self.auto_error = auto_error

    def make_not_authenticated_error(self) -> HTTPException:
        return HTTPException(
            status_code=HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "Bearer"},
        )

    async def __call__(self, request: Request) -> Optional[str]:
        authorization = request.headers.get("Authorization")
        if not authorization:
            if self.auto_error:
                raise self.make_not_authenticated_error()