Skip to main content

FastAPI Authorization

Authorize FastAPI services using Cognito User Pool and Identity Pool

Pasword reset#

Navigate to https://sherlock-auth.auth.us-east-1.amazoncognito.com/login?client_id=58g52nuqcu1r9pa5ce18g42vnb&response_type=code&scope=aws.cognito.signin.user.admin+openid&redirect_uri=https://stac-search-web.c-core.app to reset password.

Example flow for a user#

Navigate to https://auth-debug.c-core.app/docs

Attempt to execute protected endpoint#

Under the /users/me endpoint click Try it out and Execute.

Not authenticated

Note the Error: Unauthorized in the error response.

Sign in as an authorized user#

Try signing in as an authorized user. Click Authorize in the top right.

Authorize

Type TestAdmin username and TestAdmin for password. Then click Authorize.

Login

If authorization is successful, a summary of your authentication is displayed. Click Close to close the summary.

Available authorizations

Successfully execute protected endpoint#

Go back to the /users/me endpoint and click Execute again. The request should succeed and the resopnse body contains your authorization access token from Cognito.

Get user

Machine to machine example#

An example of authenticating and posting to a protected endpoint in javascript. The code below can be copy and pasted into a browser console.

// Get jwt access tokenconst response = await fetch(  'https://auth-debug.c-core.app/login',  {    method:'POST',    body: JSON.stringify({ username:'TestAdmin', password:'TestAdmin' })  })const json = await response.json()const { access_token } = json
// Call protected endpoint with bearer token headerconst protected_response = await fetch(  'https://auth-debug.c-core.app/users/me',  {    headers: new Headers({ 'Authorization': `Bearer ${access_token}` })  })const protected_json = await protected_response.json()
console.log(protected_json)

The expected output is:

{  "sub": "f93daf71-bb53-4fb6-a49c-d0a9f319e43e",  "cognito:groups": [    "Admin"  ],  "event_id": "46374368-5a90-45e1-82af-eafc5af9dbd3",  "token_use": "access",  "scope": "aws.cognito.signin.user.admin",  "auth_time": 1589384528,  "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_YT4Hv9PTG",  "exp": 1589388128,  "iat": 1589384528,  "jti": "236f7533-82aa-4b74-998d-a1e2eb8da703",  "client_id": "6k3vdsah9095frbv7pos547aeh",  "username": "TestAdmin"}