Authentication
Swiple uses FastAPI Users and HTTPX OAuth to manage Username/Password and OAuth access. One or multiple OAuth providers can be used at a time.
Supported OAuth Providers​
OAuth​
To set up OAuth, add an OAuth provider to docker/.env.
Do not check in OAUTH_SECRET or SECRET_KEY to your codebase. The examples below are for testing only.
For production, please use a secrets store like AWS Parameter Store or AWS Secrets Manager. Please see Retrieving OAUTH_SECRET and SECRET_KEY for examples.
All providers will require a redirect URL. The redirect URL structure is as follows:
{UI_HOST_URL}/login?provider={provider_name}
Github​
GITHUB_OAUTH_ENABLED=true
GITHUB_OAUTH_CLIENT_ID="---Redacted---"
GITHUB_OAUTH_SECRET="---Redacted---"
Redirect URL: {UI_HOST_URL}/login?provider=github
Google​
GOOGLE_OAUTH_ENABLED=true
GOOGLE_OAUTH_CLIENT_ID="---Redacted---"
GOOGLE_OAUTH_SECRET="---Redacted---"
Redirect URL: {UI_HOST_URL}/login?provider=google
Microsoft​
MICROSOFT_OAUTH_ENABLED=true
MICROSOFT_OAUTH_CLIENT_ID="---Redacted---"
MICROSOFT_OAUTH_SECRET="---Redacted---"
MICROSOFT_OAUTH_TENANT=null # defaults to "common" when not set
Redirect URL: {UI_HOST_URL}/login?provider=microsoft
Okta​
OKTA_OAUTH_ENABLED=true
OKTA_OAUTH_CLIENT_ID="---Redacted---"
OKTA_OAUTH_SECRET="---Redacted---"
OKTA_OAUTH_BASE_URL="[Redacted].okta.com" # do not include HTTP/HTTPS. HTTPS is used.
Redirect URL: {UI_HOST_URL}/login?provider=okta
Do you use an OAuth provider that isn't above? Add it to HTTPX OAuth here.