Support validating api keys in auth.require_user

[emgeee]

Currently the require_user middleware is only able to check Auth Tokens and not API keys. It would be convenient to either create a separate FastAPI middleware to check validate against an API key that could be used in conjunction with the current require_user or integrate this check into the existing middleware.

[andrew-propelauth]

That's a great idea! We'll add it to our roadmap and make sure it gets into the library officially. That being said, here's a quick example if you want to do this in your product now:

from fastapi import Depends, HTTPException
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from propelauth_fastapi import Auth
from propelauth_py.errors import EndUserApiKeyException

security = HTTPBearer(auto_error=False)

class RequiresApiKeyDependency:
    def __init__(self, auth: Auth):
        self.auth = auth

    def __call__(self, credentials: HTTPAuthorizationCredentials = Depends(security)):
        try:
            if credentials is None:
                raise HTTPException(status_code=401)

            # Alternatively use validate_api_key or validate_org_api_key
            personal_api_key = self.auth.validate_personal_api_key(credentials.credentials)
            return personal_api_key
        except EndUserApiKeyException as e:
            raise HTTPException(status_code=401)

and then in your routes:

require_api_key = RequiresApiKeyDependency(auth)


@app.get("/api/api_key_info")
async def api_key_info(api_key=Depends(require_api_key)):
    return api_key

[emgeee]

Awesome, thanks!

[roberthjaplaio]

It would be valuable to us to support this in the require_user dependency as well - especially a dependency that would accept either an api key or a user and not just one or the other. I'm aware we could relatively easily roll this ourselves, but it would defeat the purpose of having a framework specific library.