You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi! I'm trying to use Fief in my FastAPI pet-project, but I faced with some frustration while trying to figure things out.
I would like to specify clients settings in file config. I want to store this config in my project repository so the Fief can be set up without manually editing the settings in the admin web UI. I guess, to achieve this, I have to write the script that uses admin API, but the config file would be much more convenient.
My project is currently just a public REST API, so I assume I won’t need any private clients at all. My JS frontend and Swagger UI at /docs can access Fief with public client (also marked as first-party) and there is nothing wrong with it. Is that correct?
In this docs page the auth.current_user is introduced inside a section "Web application example", what made skip it and look for it myself in the API reference. I think the part with getting and caching the user info should be in a separate section, after the "API"/"Web application" comparison.
In caching section, the wrong line is highlighted: fief, instead of get_userinfo_cache=get_memory_userinfo_cache,, which made me curious about the magic happening there. Also, I would like to know about cache invalidation strategies. For example, a user changes his e-mail. My backend doesn't know about it and keeps using the cache with an old e-mail (while the session is alive, idk for how long). So, do I need to ask user to log out and log in to my application to display any changes in user-related data? Are there any other methods?
As I understand, public clients do have secrets, but if the PKCE is used, they can be ignored and omitted (?). I've configured the default client to work with my Fief Swagger (at :8050/docs) and with my project's Swagger (at :8050/docs).
When I use both client_id and client_secret in Swagger, it works. However, without the secret, it won't work: auth error[invalid_request]: g. . I'm confused -- is it OK to treat public's client secret as a publicly available parameter, or not? Or maybe should I treat it as a secret and use it in /docs, but at the frontend I should only use client_id and necessarily use PKCE?
Is there a way I can remember the client_id and client_secret in Swagger in my browser, so I won't need to authenicate each time?
Are there any commonly-spreaded things for testing a FastAPI application with OAuth authorization like in Fief? Maybe I should write a fixture that calls an Admin API, creates a user and access tokens for it and them just use it? Or maybe I should mock network requests to Fief completely (except when specifically testing auth part)? What requests should I mock in this case?
I will be very pleased if I get answers to these questions, because Fief seems to me a very convenient service. I think other newcomers may have some of these questions too, and it would be useful to take this into account in the documentation. Thanks!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Fief
-
Hi! I'm trying to use Fief in my FastAPI pet-project, but I faced with some frustration while trying to figure things out.
I would like to specify clients settings in file config. I want to store this config in my project repository so the Fief can be set up without manually editing the settings in the admin web UI. I guess, to achieve this, I have to write the script that uses admin API, but the config file would be much more convenient.
My project is currently just a public REST API, so I assume I won’t need any private clients at all. My JS frontend and Swagger UI at
/docscan access Fief with public client (also marked as first-party) and there is nothing wrong with it. Is that correct?In this docs page the
auth.current_useris introduced inside a section "Web application example", what made skip it and look for it myself in the API reference. I think the part with getting and caching the user info should be in a separate section, after the "API"/"Web application" comparison.In caching section, the wrong line is highlighted:
fief,instead ofget_userinfo_cache=get_memory_userinfo_cache,, which made me curious about the magic happening there. Also, I would like to know about cache invalidation strategies. For example, a user changes his e-mail. My backend doesn't know about it and keeps using the cache with an old e-mail (while the session is alive, idk for how long). So, do I need to ask user to log out and log in to my application to display any changes in user-related data? Are there any other methods?As I understand, public clients do have secrets, but if the PKCE is used, they can be ignored and omitted (?). I've configured the default client to work with my Fief Swagger (at
:8050/docs) and with my project's Swagger (at:8050/docs).When I use both
client_idandclient_secretin Swagger, it works. However, without the secret, it won't work:auth error[invalid_request]: g.. I'm confused -- is it OK to treat public's client secret as a publicly available parameter, or not? Or maybe should I treat it as a secret and use it in /docs, but at the frontend I should only useclient_idand necessarily use PKCE?Is there a way I can remember the
client_idandclient_secretin Swagger in my browser, so I won't need to authenicate each time?Are there any commonly-spreaded things for testing a FastAPI application with OAuth authorization like in Fief? Maybe I should write a fixture that calls an Admin API, creates a user and access tokens for it and them just use it? Or maybe I should mock network requests to Fief completely (except when specifically testing auth part)? What requests should I mock in this case?
I will be very pleased if I get answers to these questions, because Fief seems to me a very convenient service. I think other newcomers may have some of these questions too, and it would be useful to take this into account in the documentation. Thanks!
Beta Was this translation helpful? Give feedback.
All reactions