Coverage for fastapi/security/open_id_connect_url.py: 100%

22 statements  

« prev     ^ index     » next       coverage.py v7.6.1, created at 2025-12-04 08:29 +0000

1from typing import Optional 1abcdefg

2 

3from annotated_doc import Doc 1abcdefg

4from fastapi.openapi.models import OpenIdConnect as OpenIdConnectModel 1abcdefg

5from fastapi.security.base import SecurityBase 1abcdefg

6from starlette.exceptions import HTTPException 1abcdefg

7from starlette.requests import Request 1abcdefg

8from starlette.status import HTTP_401_UNAUTHORIZED 1abcdefg

9from typing_extensions import Annotated 1abcdefg

10 

11 

12class OpenIdConnect(SecurityBase): 1abcdefg

13 """ 

14 OpenID Connect authentication class. An instance of it would be used as a 

15 dependency. 

16 

17 **Warning**: this is only a stub to connect the components with OpenAPI in FastAPI, 

18 but it doesn't implement the full OpenIdConnect scheme, for example, it doesn't use 

19 the OpenIDConnect URL. You would need to to subclass it and implement it in your 

20 code. 

21 """ 

22 

23 def __init__( 1abcdefg

24 self, 

25 *, 

26 openIdConnectUrl: Annotated[ 

27 str, 

28 Doc( 

29 """ 

30 The OpenID Connect URL. 

31 """ 

32 ), 

33 ], 

34 scheme_name: Annotated[ 

35 Optional[str], 

36 Doc( 

37 """ 

38 Security scheme name. 

39 

40 It will be included in the generated OpenAPI (e.g. visible at `/docs`). 

41 """ 

42 ), 

43 ] = None, 

44 description: Annotated[ 

45 Optional[str], 

46 Doc( 

47 """ 

48 Security scheme description. 

49 

50 It will be included in the generated OpenAPI (e.g. visible at `/docs`). 

51 """ 

52 ), 

53 ] = None, 

54 auto_error: Annotated[ 

55 bool, 

56 Doc( 

57 """ 

58 By default, if no HTTP Authorization header is provided, required for 

59 OpenID Connect authentication, it will automatically cancel the request 

60 and send the client an error. 

61 

62 If `auto_error` is set to `False`, when the HTTP Authorization header 

63 is not available, instead of erroring out, the dependency result will 

64 be `None`. 

65 

66 This is useful when you want to have optional authentication. 

67 

68 It is also useful when you want to have authentication that can be 

69 provided in one of multiple optional ways (for example, with OpenID 

70 Connect or in a cookie). 

71 """ 

72 ), 

73 ] = True, 

74 ): 

75 self.model = OpenIdConnectModel( 1abcdefg

76 openIdConnectUrl=openIdConnectUrl, description=description 

77 ) 

78 self.scheme_name = scheme_name or self.__class__.__name__ 1abcdefg

79 self.auto_error = auto_error 1abcdefg

80 

81 def make_not_authenticated_error(self) -> HTTPException: 1abcdefg

82 return HTTPException( 1hijklmnopqrstu

83 status_code=HTTP_401_UNAUTHORIZED, 

84 detail="Not authenticated", 

85 headers={"WWW-Authenticate": "Bearer"}, 

86 ) 

87 

88 async def __call__(self, request: Request) -> Optional[str]: 1abcdefg

89 authorization = request.headers.get("Authorization") 1ChDEiFGvHIjJKkLMwNOlPQmRSxTUnVWoXYyZ0p12q34z56r78s9!A#$t%'u()B*

90 if not authorization: 1ChDEiFGvHIjJKkLMwNOlPQmRSxTUnVWoXYyZ0p12q34z56r78s9!A#$t%'u()B*

91 if self.auto_error: 1hivjkwlmxnoypqzrsAtuB

92 raise self.make_not_authenticated_error() 1hijklmnopqrstu

93 else: 

94 return None 1vwxyzAB

95 return authorization 1CDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%'()*