A comprehensive FastAPI project with OAuth authentication and user recognition. This project provides a foundation for defining and testing APIs using Python FastAPI and includes a web-based testing interface with authentication features.
- 🚀 FastAPI backend with multiple endpoints
- 🔐 JWT-based authentication system
- 🌐 OAuth integration (GitHub, Google)
- 👤 User registration and login
- 📝 CORS enabled for cross-origin requests
- 🎯 Protected and public API endpoints
- 📊 API status and health check endpoints
- 🔒 Secure password hashing with bcrypt
apitesting/
├── main.py # FastAPI application with auth endpoints
├── auth.py # Authentication logic and utilities
├── models.py # Pydantic models for requests/responses
├── config.py # Configuration settings
├── requirements.txt # Python dependencies
├── start.sh # Startup script
├── static/
│ └── index.html # Web testing client with auth UI
└── README.md # This file
GET /- Root endpoint with optional user contextGET /hello/{name}- Personalized greeting with optional user contextGET /api/status- API health check and endpoint listingGET /test- Web testing client interfacePOST /auth/register- Register new user accountPOST /auth/login- Login with username/password
GET /protected- Sample protected endpointGET /auth/me- Get current user information
GET /auth/{provider}- Initiate OAuth flow (github, google, microsoft)GET /auth/{provider}/callback- OAuth callback handler with OIDC support
-
Install Python dependencies:
pip install -r requirements.txt
-
Run the FastAPI server:
python main.py
Or using uvicorn directly:
uvicorn main:app --reload --host 0.0.0.0 --port 8000
-
Access the application:
- API Documentation: http://localhost:8001/docs
- Web Testing Client: http://localhost:8001/test
- Root API: http://localhost:8001/
- Start the server
- Navigate to http://localhost:8001/test
- Use the interactive web interface to test different endpoints
# Test root endpoint
curl http://localhost:8001/
# Test personalized hello
curl http://localhost:8001/hello/YourName
# Test API status
curl http://localhost:8001/api/statusVisit http://localhost:8001/docs for Swagger UI documentation where you can test all endpoints interactively.
To extend this project:
- Add new endpoints in
main.py - Update the web client in
static/index.htmlto test new endpoints - Add more sophisticated testing by creating additional HTML pages or using tools like Postman
- Secure JWT tokens with configurable expiration
- Password hashing using bcrypt
- User registration and login endpoints
- Protected endpoint authentication
- GitHub OAuth authentication (OAuth 2.0)
- Google OAuth authentication (OpenID Connect/OIDC)
- Microsoft OAuth authentication (OpenID Connect/OIDC)
- Automatic user creation from OAuth profiles
- OIDC ID token validation and claims processing
- JWKS (JSON Web Key Set) validation for secure token verification
- Seamless integration with JWT tokens
- All endpoints recognize authenticated users
- Optional authentication (endpoints work with or without auth)
- User information included in API responses when authenticated
- Protected endpoints for sensitive operations
To enable OAuth authentication, you need to configure OAuth applications:
- Go to GitHub Settings > Developer settings > OAuth Apps
- Create a new OAuth App with:
- Homepage URL:
http://localhost:8001 - Authorization callback URL:
http://localhost:8001/auth/github/callback
- Homepage URL:
- Update
config.pywith your GitHub client ID and secret
- Go to Google Cloud Console > APIs & Services > Credentials
- Create OAuth 2.0 Client ID with:
- Authorized redirect URIs:
http://localhost:8001/auth/google/callback
- Authorized redirect URIs:
- Update
config.pywith your Google client ID and secret
- Go to Azure Portal > App registrations
- Create a new app registration with:
- Redirect URI:
http://localhost:8002/auth/microsoft/callback - Supported account types: Accounts in any organizational directory and personal Microsoft accounts
- Redirect URI:
- Generate a client secret in Certificates & secrets
- Update
config.pywith your Microsoft client ID and secret
For production, use environment variables instead of hardcoded values in config.py:
export SECRET_KEY="your-super-secret-key"
export GITHUB_CLIENT_ID="your-github-client-id"
export GITHUB_CLIENT_SECRET="your-github-client-secret"
export GOOGLE_CLIENT_ID="your-google-client-id"
export GOOGLE_CLIENT_SECRET="your-google-client-secret"
export MICROSOFT_CLIENT_ID="your-microsoft-client-id"
export MICROSOFT_CLIENT_SECRET="your-microsoft-client-secret"- Navigate to http://localhost:8001/test
- Register a new account or login with existing credentials
- Try OAuth login with GitHub or Google
- Test protected endpoints with your authentication token
# Register a new user
curl -X POST "http://localhost:8001/auth/register" \
-H "Content-Type: application/json" \
-d '{"username": "testuser", "email": "test@example.com", "full_name": "Test User", "password": "testpass123"}'
# Login to get token
curl -X POST "http://localhost:8001/auth/login" \
-H "Content-Type: application/json" \
-d '{"username": "testuser", "password": "testpass123"}'
# Use token to access protected endpoint
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
http://localhost:8001/protected
# Get current user info
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
http://localhost:8001/auth/me- Python 3.7+
- FastAPI 0.104.1+
- Uvicorn with standard extras
- python-jose[cryptography] for JWT handling
- passlib[bcrypt] for password hashing
- httpx for OAuth HTTP requests
- python-multipart for form data handling
- python-dotenv for environment variables
This project is for educational and testing purposes.