An Omnivector initiative
Adding a security layer on top of your API can be difficult, especially when working with an OIDC platform. It's hard enough to get your OIDC provider configured correctly. Armasec aims to take the pain out of securing your APIs routes.
Armasec is an opinionated library that attempts to use the most obvious and commonly used workflows when working with OIDC and making configuration as simple as possible.
When using the Armasec helper class, you only need two configuration settings to get going:
- Domain: the domain of your OIDC provider
- Audience: An optional setting that restricts tokens to those intended for your API.
That's it! Once you have those settings dialed in, you can just worry about checking the permissions scopes of your endpoints
Documentation is hosted hosted on github.io at
the Armasec homepage.
- Install
armasecanduvicorn:
pip install armasec uvicorn- Save th Minimal Example (example.py) locally:
import os
from armasec import Armasec
from fastapi import FastAPI, Depends
app = FastAPI()
armasec = Armasec(
domain=os.environ.get("ARMASEC_DOMAIN"),
audience=os.environ.get("ARMASEC_AUDIENCE"),
)
@app.get("/stuff", dependencies=[Depends(armasec.lockdown("read:stuff"))])
async def check_access():
return dict(message="Successfully authenticated!")- Set the Armasec environment variables:
- ARMASEC_DOMAIN
- ARMASEC_AUDIENCE
- Run the app
uvicorn --host 0.0.0.0 example:appDistributed under the MIT License. See LICENSE for more information.