diff --git a/docs/index.md b/docs/index.md index c5496f4..6e7c9ec 100644 --- a/docs/index.md +++ b/docs/index.md @@ -23,11 +23,14 @@ hero: features: - icon: 🛠️ title: Free and open source - details: Enjoy the freedom of our OSS project, giving you full access to its source code and allowing you to contribute to its development. + details: Dive into our OSS initiative, which not only grants complete access to the source code but also welcomes your contributions. - icon: 🧩 title: Easy to integrate details: Incorporate FastAPI OAuth2 into your existing projects with its straightforward integration process, saving you time. - icon: ⚡ title: Compatible with FastAPI 0.68.1+ details: The package is fully compatible with FastAPI v0.68.1 and above, ensuring smooth operation and integration with your application. + - icon: ⚙️ + title: Configurable Workflows + details: Customize authentication processes to align perfectly with your application's specific needs, ensuring flexibility and precision. --- \ No newline at end of file diff --git a/docs/integration/configuration.md b/docs/integration/configuration.md index 922bbf8..bab1d1e 100644 --- a/docs/integration/configuration.md +++ b/docs/integration/configuration.md @@ -8,6 +8,7 @@ Python's `dict` type with the same structure as these two classes. The `OAuth2Config` class is used to define the middleware configuration, and it has the following attributes: +- `enable_ssr` - Whether enable server-side rendering or not. Defaults to `True`. - `allow_http` - Whether allow HTTP requests or not. Defaults to `False`. - `jwt_secret` - Secret used to sign the JWT tokens. Defaults to an empty string. - `jwt_expires` - JWT lifetime in seconds. Defaults to 900 (15 minutes). diff --git a/docs/integration/integration.md b/docs/integration/integration.md index a33b48d..ca53dc1 100644 --- a/docs/integration/integration.md +++ b/docs/integration/integration.md @@ -50,8 +50,8 @@ choices, this kind of solution gives developers freedom. ## Router Router defines the endpoints that are used for the authentication and logout. The authentication is done by -the `/oauth2/{provider}/auth` endpoint and the logout is done by the `/oauth2/logout` endpoint. The `{provider}` is the -name of the provider that is going to be used for the authentication and coincides with the `name` attribute of +the `/oauth2/{provider}/authorize` endpoint and the logout is done by the `/oauth2/logout` endpoint. The `{provider}` is +the name of the provider that is going to be used for the authentication and coincides with the `name` attribute of the `backend` provided to the certain `OAuth2Client`. ```python diff --git a/docs/references/index.md b/docs/references/index.md index b81f60c..fac1483 100644 --- a/docs/references/index.md +++ b/docs/references/index.md @@ -13,28 +13,24 @@ the [documentation](https://python-social-auth.readthedocs.io/en/latest/backends ## SSR & REST APIs -::: tip Ticket #19 - -This upcoming feature is under development and will be available in the next release. You can track the progress in -the [#19](https://github.com/pysnippet/fastapi-oauth2/issues/19) issue. - -::: +It is compatible with both SSR and REST APIs. It means you can integrate it into your FastAPI templates and REST APIs. +By default, the `enable_ssr` parameter of the primary [configuration](/integration/configuration#oauth2config) is set +to `True`, which means that the application uses server-side rendering using Jinja2 templates and saves the access token +in the cookies. If you want to use it in your REST APIs, you should set the `enable_ssr` parameter to `False` and save +the access token on the client side. ## CSRF protection -CSRF protection is enabled by default which means when the user opens the `/oauth2/{provider}/auth` endpoint it +CSRF protection is enabled by default which means when the user opens the `/oauth2/{provider}/authorize` endpoint it redirects to the authorization endpoint of the IDP with an autogenerated `state` parameter and saves it in the session storage. After authorization, when the `/oauth2/{provider}/token` callback endpoint gets called with the provided `state`, the `oauthlib` validates it and then redirects to the `redirect_uri`. ## PKCE support -::: tip Ticket #18 - -PKCE support is under development and will be available in the next release. You can track the progress in -the [#18](https://github.com/pysnippet/fastapi-oauth2/issues/18) issue. - -::: +PKCE can be enabled by providing the `code_challenge` and `code_challenge_method` parameters to +the `/oauth2/{provider}/authorize` endpoint. Then, after the authorization passes, the `code_verifier` should be +provided to the `/oauth2/{provider}/token` endpoint to complete the authentication process.