# FastAPI OAuthlib *** **1. Access Token Introspection** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI, Request app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key") @app.post("/token/introspection") async def token_introspection(request: Request, token: str = Form(...)): return await oauth2.introspect_token(request, token) ``` **2. OAuth 2.0 Implicit Grant** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( secret_key="my-secret-key", authorization_code="implicit", authorization_endpoint="https://example.com/authorize", ) @app.get("/auth/implicit") async def implicit_grant(request: Request, redirect_uri: str = Query(...)): return await oauth2.authorize_implicit(request, redirect_uri) ``` **3. OAuth 2.0 Authorization Code Grant** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( secret_key="my-secret-key", authorization_code="code", authorization_endpoint="https://example.com/authorize", token_endpoint="https://example.com/token", ) @app.get("/auth/code") async def code_grant(request: Request): return await oauth2.authorize_code(request) ``` **4. OAuth 2.0 Client Credentials Grant** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( secret_key="my-secret-key", authorization_code="credentials", token_endpoint="https://example.com/token", ) @app.post("/auth/credentials") async def credentials_grant(request: Request): return await oauth2.authorize_credentials(request) ``` **5. OAuth 2.0 Password Credentials Grant** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( secret_key="my-secret-key", authorization_code="password", token_endpoint="https://example.com/token", ) @app.post("/auth/password") async def password_grant(request: Request): return await oauth2.authorize_password(request) ``` **6. OAuth 2.0 Refresh Token Grant** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( secret_key="my-secret-key", authorization_code="refresh_token", token_endpoint="https://example.com/token", ) @app.post("/auth/refresh") async def refresh_grant(request: Request): return await oauth2.authorize_refresh(request) ``` **7. OAuth 2.0 Bearer Token Validation** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key") @app.get("/protected") async def protected_resource(request: Request): return await oauth2.verify_token(request) ``` **8. OAuth 2.0 Scope Validation** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key") @app.get("/protected") async def protected_resource(request: Request): scopes = await oauth2.verify_token(request) if "read" in scopes: return "Read access granted" ``` **9. OAuth 2.0 User Info Endpoint** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( secret_key="my-secret-key", userinfo_endpoint="https://example.com/userinfo", ) @app.get("/userinfo") async def userinfo(request: Request): return await oauth2.get_userinfo(request) ``` **10. OAuth 2.0 Redirect URI Validation** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( secret_key="my-secret-key", redirect_uris=["https://example.com/callback"], ) @app.get("/auth/code") async def code_grant(request: Request): if not oauth2.validate_redirect_uri(request): raise HTTPException(status_code=400, detail="Invalid redirect URI") ``` **11. OAuth 2.0 Client Metadata** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( secret_key="my-secret-key", client_metadata={"allowed_origins": ["https://example.com"]} ) @app.get("/protected") async def protected_resource(request: Request): if not oauth2.verify_client_metadata(request): raise HTTPException(status_code=400, detail="Invalid client metadata") ``` **12. OAuth 2.0 Token Introspection in Python** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key") @app.post("/introspect") async def token_introspect(request: Request, token: str = Form(...)): introspection_request = oauth2.introspection_endpoint(request, token) result = await introspection_request.send() return result.content ``` **13. OAuth 2.0 Authorization Code Flow** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI from fastapi.responses import RedirectResponse app = FastAPI() oauth2 = OAuth2(authorization_endpoint="https://example.com/authorize") @app.get("/auth/code") async def authorization_code(request: Request): return oauth2.authorization_code(request) @app.get("/callback") async def oauth_callback(request: Request): code = request.query_params["code"] token = await oauth2.oauth_token(code) return RedirectResponse(url="/protected", status_code=302) ``` **14. OAuth 2.0 Resource Server** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key") @app.get("/protected") async def protected_resource(request: Request): if not oauth2.verify_bearer_token(request): raise HTTPException(status_code=401, detail="Invalid or expired token") ``` **15. OAuth 2.0 Client Credentials** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(token_endpoint="https://example.com/token") @app.post("/auth/client") async def client_credentials(request: Request): token = await oauth2.client_credentials(request) return token ``` **16. OAuth 2.0 Device Flow** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( authorization_endpoint="https://example.com/device/authorize", token_endpoint="https://example.com/device/token" ) @app.get("/auth/device") async def device_auth(request: Request): return oauth2.device_auth(request) ``` **17. OAuth 2.0 PKCE** ```python from fastapi_oauth2 import OAuth2, PKCE from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( authorization_endpoint="https://example.com/authorize", token_endpoint="https://example.com/token", pkce=PKCE() ) @app.get("/auth/code") async def authorization_code(request: Request): code = oauth2.authorization_code(request) code_verifier = request.query_params["code_verifier"] return await oauth2.oauth_token(code, pkce_verifier=code_verifier) ``` **18. OAuth 2.0 Refresh Token** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(token_endpoint="https://example.com/token") @app.post("/auth/refresh") async def refresh_token(request: Request): token = await oauth2.refresh_token(request) return token ``` **19. OAuth 2.0 Custom Token Request** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( token_endpoint="https://example.com/token", extra_grant_types={ "my_grant_type": "my_handler_function" } ) async def my_handler_function(request: Request): # Your custom token request logic # For example, you can verify username and password and return access and refresh tokens access_token = "my_access_token" refresh_token = "my_refresh_token" return {"access_token": access_token, "refresh_token": refresh_token} ``` **20. OAuth 2.0 Token Introspection** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(introspection_endpoint="https://example.com/introspect") @app.post("/introspect") async def token_introspection(request: Request, token: str = Form(...)): result = await oauth2.introspection(token) return result ``` **21. OAuth 2.0 Client ID Verification** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(client_id="your_client_id") @app.get("/protected") async def protected_resource(request: Request): if not oauth2.verify_client_id(request): raise HTTPException(status_code=401, detail="Invalid or expired client ID") ``` **22. OAuth 2.0 Bearer Token Validation with Scopes** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key") @app.get("/protected") async def protected_resource(request: Request): scopes = await oauth2.verify_token(request) if "read" in scopes: return "Read access granted" raise HTTPException(status_code=403, detail="Insufficient scope") ``` **23. OAuth 2.0 Refresh Token Rotation** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key") @app.post("/auth/refresh") async def refresh_token(request: Request): new_access_token, new_refresh_token = await oauth2.refresh_token(request) return {"access_token": new_access_token, "refresh_token": new_refresh_token} ``` **24. OAuth 2.0 Custom User Info Endpoint** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( userinfo_endpoint="https://example.com/userinfo", userinfo_handler=lambda token: { "sub": "user1", "name": "John Doe", "email": "user1@example.com", } ) @app.get("/userinfo") async def userinfo(request: Request): userinfo = await oauth2.userinfo(request) return userinfo ``` **25. OAuth 2.0 JWT Token Validation** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key", issuer="https://example.com") @app.get("/protected") async def protected_resource(request: Request): await oauth2.verify_token(request) ``` **26. OAuth 2.0 API Gateway Integration** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( authorization_endpoint="https://example.com/authorize", token_endpoint="https://example.com/token", api_gateway_header="x-api-key" ) @app.get("/protected") async def protected_resource(request: Request): await oauth2.verify_token(request) ``` **27. OAuth 2.0 Resource Server with Multiple Scopes** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key", scopes={"read": "read access", "write": "write access"}) @app.get("/protected") async def protected_resource(request: Request): scopes = await oauth2.verify_token(request) if "read" in scopes: return "Read access granted" elif "write" in scopes: return "Write access granted" ``` **28. OAuth 2.0 Client Credentials with JWT Access Tokens** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( token_endpoint="https://example.com/token", grant_type="client_credentials", token_type="jwt" ) @app.get("/protected") async def protected_resource(request: Request): await oauth2.verify_token(request) ``` **29. OAuth 2.0 Authorization Code Grant with PKCE** ```python from fastapi_oauth2 import OAuth2, PKCE from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( authorization_endpoint="https://example.com/authorize", token_endpoint="https://example.com/token", pkce=PKCE() ) @app.get("/auth/code") async def authorization_code(request: Request): code = oauth2.authorization_code(request) code_verifier = request.query_params["code_verifier"] return await oauth2.oauth_token(code, pkce_verifier=code_verifier) ``` **30. OAuth 2.0 Refresh Token Rotation with JWT Access Tokens** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( token_endpoint="https://example.com/token", refresh_token_endpoint="https://example.com/refresh", token_type="jwt" ) @app.post("/auth/refresh") async def refresh_token(request: Request): new_access_token = await oauth2.refresh_token(request) return {"access_token": new_access_token} ``` **31. OAuth 2.0 Bearer Token Validation with Scopes and Claims** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2(secret_key="my-secret-key", claims={"role": "admin"}) @app.get("/protected") async def protected_resource(request: Request): claims = await oauth2.verify_token(request) if claims["role"] == "admin": return "Admin access granted" ``` **32. OAuth 2.0 Client Credentials Grant with JWT Access Tokens and Custom Token Claims** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( token_endpoint="https://example.com/token", grant_type="client_credentials", token_type="jwt", token_claims={"role": "client"} ) @app.get("/protected") async def protected_resource(request: Request): await oauth2.verify_token(request) ``` **33. OAuth 2.0 Token Introspection with JWT Access Tokens** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( introspection_endpoint="https://example.com/introspect", token_type="jwt" ) @app.post("/introspect") async def token_introspection(request: Request, token: str = Form(...)): result = await oauth2.introspection(token) return result ``` **34. OAuth 2.0 Resource Server with Multiple Authorization Servers** ```python from fastapi_oauth2 import OAuth2, MultipleOAuth2 from fastapi import FastAPI app = FastAPI() oauth2_a = OAuth2(secret_key="my-secret-key-a", authorization_endpoint="https://example.com/authorize-a") oauth2_b = OAuth2(secret_key="my-secret-key-b", authorization_endpoint="https://example.com/authorize-b") multiple_oauth2 = MultipleOAuth2([oauth2_a, oauth2_b]) @app.get("/protected") async def protected_resource(request: Request): await multiple_oauth2.verify_token(request) ``` **35. OAuth 2.0 Proxy** ```python from fastapi_oauth2 import OAuth2, ProxyOAuth2 from fastapi import FastAPI app = FastAPI() oauth2_a = OAuth2(secret_key="my-secret-key-a", authorization_endpoint="https://example.com/authorize-a") oauth2_b = OAuth2(secret_key="my-secret-key-b", authorization_endpoint="https://example.com/authorize-b") proxy_oauth2 = ProxyOAuth2([oauth2_a, oauth2_b], path="protected") @app.get("/protected") async def protected_resource(request: Request): await proxy_oauth2.verify_token(request) ``` **36. OAuth 2.0 API Gateway Integration with Authorization Code** ```python from fastapi_oauth2 import OAuth2 from fastapi import FastAPI app = FastAPI() oauth2 = OAuth2( authorization_endpoint="https://example.com/authorize", token_endpoint="https://example.com/token", api_gateway_query="code" ) @app.get("/protected") async def protected_resource(request: Request): await oauth2.verify_token(request) ```