Auth Helpers
This is a library designed to help Python developers building FastAPI services for SKAO secure their applications. You don’t need to be familiar with the details of OAuth2, but in a nutshell, clients will be sending access tokens to your applications – these are JWTs containing claims about users – and this library will help you interpret those tokens and either grant or deny access to your application’s protected resources.
To use this library
If you are an SKAO application developer looking to use this library to secure your application.
Installation
Add it to your project dependencies in pyproject.toml, requirements.txt or similar.
For example:
uv add ska_aaa_authhelpers
If you’re using a different package manager, add ska_aaa_authhelpers with the equivalent command for that tool.
Usage
See the Cheatsheet – If you just want a quick copy-paste example, or…
Read Securing your application – for a step-by-step guide to adding authorisation to your app.
To improve this library
Merge requests are very much welcome! If you’re interested in making contributions or fixing bugs in these tools, please see Developing Authhelpers
Other resources
Refer to the Solution Intent in Confluence to understand the overall design of our Authentication, Authorisation and Auditing Architecture
If you’re a frontend developer looking to implement a React SPA client (as opposed to an API service), you’ll probably want this repository instead.
This library relies heavily on FastAPI’s native dependency injection and Security() tools. See the tutorial and API reference to understand those pieces better.
Because we have chosen Microsoft Entra ID as the authentication provider for SKAO, the Microsoft docs may also be helpful.
If you have questions or need help, join the
#tmp-aaa-questionson the SKAO Slack.