Spaces:
Sleeping
Sleeping
File size: 3,608 Bytes
980dc8d |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
---
title: "Authentication: Google Auth"
original_url: "https://tds.s-anand.net/#/google-auth?id=google-authentication-with-fastapi"
downloaded_at: "2025-06-08T23:25:42.202598"
---
[Google Authentication with FastAPI](#/google-auth?id=google-authentication-with-fastapi)
-----------------------------------------------------------------------------------------
Secure your API endpoints using Google ID tokens to restrict access to specific email addresses.
[](https://youtu.be/4ExQYRCwbzw)
Google Auth is the most commonly implemented single sign-on mechanism because:
* It’s popular and user-friendly. Users can log in with their existing Google accounts.
* It’s secure: Google supports OAuth2 and OpenID Connect to handle authentication.
Here’s how you build a FastAPI app that identifies the user.
1. Go to the [Google Cloud Console – Credentials](https://console.developers.google.com/apis/credentials) and click **Create Credentials > OAuth client ID**.
2. Choose **Web application**, set your authorized redirect URIs (e.g., `http://localhost:8000/`).
3. Copy the **Client ID** and **Client Secret** into a `.env` file:
```
GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-client-secretCopy to clipboardErrorCopied
```
4. Create your FastAPI `app.py`:
```
# /// script
# dependencies = ["python-dotenv", "fastapi", "uvicorn", "itsdangerous", "httpx", "authlib"]
# ///
import os
from dotenv import load_dotenv
from fastapi import FastAPI, Request
from fastapi.responses import RedirectResponse
from starlette.middleware.sessions import SessionMiddleware
from authlib.integrations.starlette_client import OAuth
load_dotenv()
app = FastAPI()
app.add_middleware(SessionMiddleware, secret_key="create-a-random-secret-key")
oauth = OAuth()
oauth.register(
name="google",
client_id=os.getenv("GOOGLE_CLIENT_ID"),
client_secret=os.getenv("GOOGLE_CLIENT_SECRET"),
server_metadata_url="https://accounts.google.com/.well-known/openid-configuration",
client_kwargs={"scope": "openid email profile"},
)
@app.get("/")
async def application(request: Request):
user = request.session.get("user")
# 3. For authenticated users: say hello
if user:
return f"Hello {user['email']}"
# 2. For users who have just logged in, save their details in the session
if "code" in request.query_params:
token = await oauth.google.authorize_access_token(request)
request.session["user"] = token["userinfo"]
return RedirectResponse("/")
# 1. For users who are logging in for the first time, redirect to Google login
return await oauth.google.authorize_redirect(request, request.url)
if __name__ == "__main__":
import uvicorn
uvicorn.run(app, port=8000)Copy to clipboardErrorCopied
```
Now, run `uv run app.py`.
1. When you visit <http://localhost:8000/> you’ll be redirected to a Google login page.
2. When you log in, you’ll be redirected back to <http://localhost:8000/>
3. Now you’ll see the email ID you logged in with.
Instead of displaying the email, you can show different content based on the user. For example:
* Allow access to specfic users and not others
* Fetch the user’s personalized information
* Display different content based on the user
[Previous
Web Framework: FastAPI](#/fastapi)
[Next
Local LLMs: Ollama](#/ollama) |