Skip to content

phi-beta/apitesting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
__pycache__
__pycache__
Β 
Β 
static
static
Β 
Β 
venv
venv
Β 
Β 
README.md
README.md
Β 
Β 
auth.py
auth.py
Β 
Β 
config.py
config.py
Β 
Β 
main.py
main.py
Β 
Β 
models.py
models.py
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
start.sh
start.sh
Β 
Β 

Repository files navigation

API Testing Project with OAuth Authentication

A comprehensive FastAPI project with OAuth authentication and user recognition. This project provides a foundation for defining and testing APIs using Python FastAPI and includes a web-based testing interface with authentication features.

Features

  • πŸš€ FastAPI backend with multiple endpoints
  • πŸ” JWT-based authentication system
  • 🌐 OAuth integration (GitHub, Google)
  • πŸ‘€ User registration and login
  • πŸ“ CORS enabled for cross-origin requests
  • 🎯 Protected and public API endpoints
  • πŸ“Š API status and health check endpoints
  • πŸ”’ Secure password hashing with bcrypt

Project Structure

apitesting/
β”œβ”€β”€ main.py              # FastAPI application with auth endpoints
β”œβ”€β”€ auth.py              # Authentication logic and utilities
β”œβ”€β”€ models.py            # Pydantic models for requests/responses
β”œβ”€β”€ config.py            # Configuration settings
β”œβ”€β”€ requirements.txt     # Python dependencies
β”œβ”€β”€ start.sh            # Startup script
β”œβ”€β”€ static/
β”‚   └── index.html      # Web testing client with auth UI
└── README.md           # This file

API Endpoints

Public Endpoints

  • GET / - Root endpoint with optional user context
  • GET /hello/{name} - Personalized greeting with optional user context
  • GET /api/status - API health check and endpoint listing
  • GET /test - Web testing client interface
  • POST /auth/register - Register new user account
  • POST /auth/login - Login with username/password

Protected Endpoints (Require Authentication)

  • GET /protected - Sample protected endpoint
  • GET /auth/me - Get current user information

OAuth Endpoints

  • GET /auth/{provider} - Initiate OAuth flow (github, google, microsoft)
  • GET /auth/{provider}/callback - OAuth callback handler with OIDC support

Setup Instructions

  1. Install Python dependencies:

    pip install -r requirements.txt

  2. Run the FastAPI server:

    python main.py

    Or using uvicorn directly:

    uvicorn main:app --reload --host 0.0.0.0 --port 8000

  3. Access the application:

Testing the API

Using the Web Client

  1. Start the server
  2. Navigate to http://localhost:8001/test
  3. Use the interactive web interface to test different endpoints

Using curl

# Test root endpoint
curl http://localhost:8001/

# Test personalized hello
curl http://localhost:8001/hello/YourName

# Test API status
curl http://localhost:8001/api/status

Using FastAPI's Interactive Documentation

Visit http://localhost:8001/docs for Swagger UI documentation where you can test all endpoints interactively.

Development

To extend this project:

  1. Add new endpoints in main.py
  2. Update the web client in static/index.html to test new endpoints
  3. Add more sophisticated testing by creating additional HTML pages or using tools like Postman

Authentication Features

JWT Authentication

  • Secure JWT tokens with configurable expiration
  • Password hashing using bcrypt
  • User registration and login endpoints
  • Protected endpoint authentication

OAuth Integration

  • GitHub OAuth authentication (OAuth 2.0)
  • Google OAuth authentication (OpenID Connect/OIDC)
  • Microsoft OAuth authentication (OpenID Connect/OIDC)
  • Automatic user creation from OAuth profiles
  • OIDC ID token validation and claims processing
  • JWKS (JSON Web Key Set) validation for secure token verification
  • Seamless integration with JWT tokens

User Recognition

  • All endpoints recognize authenticated users
  • Optional authentication (endpoints work with or without auth)
  • User information included in API responses when authenticated
  • Protected endpoints for sensitive operations

OAuth Setup

To enable OAuth authentication, you need to configure OAuth applications:

GitHub OAuth Setup

  1. Go to GitHub Settings > Developer settings > OAuth Apps
  2. Create a new OAuth App with:
    • Homepage URL: http://localhost:8001
    • Authorization callback URL: http://localhost:8001/auth/github/callback
  3. Update config.py with your GitHub client ID and secret

Google OAuth Setup

  1. Go to Google Cloud Console > APIs & Services > Credentials
  2. Create OAuth 2.0 Client ID with:
    • Authorized redirect URIs: http://localhost:8001/auth/google/callback
  3. Update config.py with your Google client ID and secret

Microsoft OAuth Setup (OIDC)

  1. Go to Azure Portal > App registrations
  2. Create a new app registration with:
    • Redirect URI: http://localhost:8002/auth/microsoft/callback
    • Supported account types: Accounts in any organizational directory and personal Microsoft accounts
  3. Generate a client secret in Certificates & secrets
  4. Update config.py with your Microsoft client ID and secret

Environment Variables (Recommended)

For production, use environment variables instead of hardcoded values in config.py:

export SECRET_KEY="your-super-secret-key"
export GITHUB_CLIENT_ID="your-github-client-id"
export GITHUB_CLIENT_SECRET="your-github-client-secret"
export GOOGLE_CLIENT_ID="your-google-client-id"
export GOOGLE_CLIENT_SECRET="your-google-client-secret"
export MICROSOFT_CLIENT_ID="your-microsoft-client-id"
export MICROSOFT_CLIENT_SECRET="your-microsoft-client-secret"

Authentication Testing

Web Client Authentication

  1. Navigate to http://localhost:8001/test
  2. Register a new account or login with existing credentials
  3. Try OAuth login with GitHub or Google
  4. Test protected endpoints with your authentication token

API Authentication Testing

# Register a new user
curl -X POST "http://localhost:8001/auth/register" \
  -H "Content-Type: application/json" \
  -d '{"username": "testuser", "email": "test@example.com", "full_name": "Test User", "password": "testpass123"}'

# Login to get token
curl -X POST "http://localhost:8001/auth/login" \
  -H "Content-Type: application/json" \
  -d '{"username": "testuser", "password": "testpass123"}'

# Use token to access protected endpoint
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  http://localhost:8001/protected

# Get current user info
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  http://localhost:8001/auth/me

Requirements

  • Python 3.7+
  • FastAPI 0.104.1+
  • Uvicorn with standard extras
  • python-jose[cryptography] for JWT handling
  • passlib[bcrypt] for password hashing
  • httpx for OAuth HTTP requests
  • python-multipart for form data handling
  • python-dotenv for environment variables

License

This project is for educational and testing purposes.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages