Skip to content

Python

We provide an official client for Python. You can install it with pip:

pip install fief-client

Create a Fief client

Prerequisites

  • Allow the following Redirect URI on your Fief Client: http://localhost:8000/callback

The Fief client provides all the necessary methods to manage OAuth2 authentication, validate access tokens and refresh them.

client.py
from fief_client import Fief

fief = Fief(
    "https://fief.mydomain.com",  # (1)!
    "YOUR_CLIENT_ID",  # (2)!
    "YOUR_CLIENT_SECRET",  # (3)!
)

redirect_url = "http://localhost:8000/callback"

auth_url = fief.auth_url(redirect_url, scope=["openid"])
print(f"Open this URL in your browser: {auth_url}")

code = input("Paste the callback code: ")

tokens, userinfo = fief.auth_callback(code, redirect_url)
print(f"Tokens: {tokens}")
print(f"Userinfo: {userinfo}")

  1. Base URL of your Fief tenant

    You can find it in the admin dashboard, in the Tenants list. More info

    Find base URL in admin dashboard

  2. ID of your Fief client

    You can find it in the admin dashboard, in the Clients list. More info

    Find Client ID in admin dashboard

    Info

    A first client is always created for you when you create your instance. When getting started, you should use this one.

  3. Secret of your Fief client

    You can find it in the admin dashboard, in the Clients list. More info

    Find Client Secret in admin dashboard

    Info

    A first client is always created for you when you create your instance. When getting started, you should use this one.

Avoid to hardcode your secrets in your code

It's usually not recommended to hardcode secrets like Client ID and Secret in your code like this. If your code gets published on the web, for example on GitHub, the security of your instance would be compromised.

Besides, it'll be harder if you need to deploy on several environments, like a staging or testing one, in addition to your production environment.

A standard and widely-used approach is to use environment variables.

Async support

For asyncio enthusiasts, we also provide a FiefAsync class with the same methods.

Perform an OAuth2 flow manually

The simple script below shows you how to authenticate with OAuth2 "manually". The goal is to show you how to use the client. You'll then be able to integrate it in your own project with your framework and stack.

The first step is to generate an authorization URL, which is an URL on the Fief server that'll ask you for your email address and password.

client.py
from fief_client import Fief

fief = Fief(
    "https://fief.mydomain.com",  # (1)!
    "YOUR_CLIENT_ID",  # (2)!
    "YOUR_CLIENT_SECRET",  # (3)!
)

redirect_url = "http://localhost:8000/callback"

auth_url = fief.auth_url(redirect_url, scope=["openid"])
print(f"Open this URL in your browser: {auth_url}")

code = input("Paste the callback code: ")

tokens, userinfo = fief.auth_callback(code, redirect_url)
print(f"Tokens: {tokens}")
print(f"Userinfo: {userinfo}")

Then, we make the script prompt for the authorization code.

client.py
from fief_client import Fief

fief = Fief(
    "https://fief.mydomain.com",  # (1)!
    "YOUR_CLIENT_ID",  # (2)!
    "YOUR_CLIENT_SECRET",  # (3)!
)

redirect_url = "http://localhost:8000/callback"

auth_url = fief.auth_url(redirect_url, scope=["openid"])
print(f"Open this URL in your browser: {auth_url}")

code = input("Paste the callback code: ")

tokens, userinfo = fief.auth_callback(code, redirect_url)
print(f"Tokens: {tokens}")
print(f"Userinfo: {userinfo}")

This temporary code is generated by Fief upon successful login and can be used to obtain valid tokens. Fief returns both an access token and an ID token, which contains information about the user.

client.py
from fief_client import Fief

fief = Fief(
    "https://fief.mydomain.com",  # (1)!
    "YOUR_CLIENT_ID",  # (2)!
    "YOUR_CLIENT_SECRET",  # (3)!
)

redirect_url = "http://localhost:8000/callback"

auth_url = fief.auth_url(redirect_url, scope=["openid"])
print(f"Open this URL in your browser: {auth_url}")

code = input("Paste the callback code: ")

tokens, userinfo = fief.auth_callback(code, redirect_url)
print(f"Tokens: {tokens}")
print(f"Userinfo: {userinfo}")

Test it

You can run this script from a command line:

python client.py

You'll get the following output:

Open this URL in your browser: https://fief.mydomain.com/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcallback&scope=openid
Paste the callback code:

You can copy and paste this URL manually in your browser. You'll be redirected to a Fief login page.

Fief login page

Upon successful login, Fief will redirect to the redirect URL you defined above, including a query parameter named code. It'll look like this:

http://localhost:8000/redirect?code=wPEDiSRkoYOtA-4QCJHpsLne0P2PXVYAlW6hcH5OVBg

Your browser will probably show an error at this point

In this simple implementation, we don't have a web server running on our local machine, so the browser won't be able to open the redirect URL. It's not a problem: what we care about is retrieving the authorization code by hand.

Copy the code value, get back to the command line where the script is running and paste it. You'll get the following output:

Paste the callback code: wPEDiSRkoYOtA-4QCJHpsLne0P2PXVYAlW6hcH5OVBg
Tokens: {'access_token': 'eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsiRE9JaGpfNzJIYTlyWWg5dURnbmRTdTYyRVhKdUZmUTVsa2t4MS1rc1VJbyJdLCJhenAiOiJET0loal83MkhhOXJZaDl1RGduZFN1NjJFWEp1RmZRNWxra3gxLWtzVUlvIiwiZXhwIjoxNjQ4MDUwNDIzLCJpYXQiOjE2NDgwNDY4MjMsImlzcyI6Imh0dHBzOi8vZXhhbXBsZS5maWVmLmRldiIsInNjb3BlIjoib3BlbmlkIiwic3ViIjoiYTM4NDZjYzEtN2MwOC00Mzg5LThjOGUtYzBlNzlmNzA3NWZlIn0.R5JnZW9Vq6lWai-FZcqsihYxmtFRbIjZ7D0Ck9XAG0d2YnQQ7ms3bUwtXEAnLhos4C3paGDa0PzQRtXSAx4IH85ZdeVJoBk9GrOj1ZV7E6dtZZSZlvtY2msMeXFC9gNg-A86R9ZU_T0PoROof0u1eJHYVlmo_dv2fodyNqkDB8V6HK3vqf7jaqNQtk8Fg6eHKhwb-3bAtjb5cpWAAWhMSrHZzTWIYUvYsvwAas5ihgenv3UOkpcl_p7b7G9SDhGE5abPQQ7lvyfhYZE7CV1DzVRU6UL4N0D2l4uI3RJNOQoECvltfo2etYzp5viwAwvg9LUS3466Ra1i8beBKXsPFQ', 'id_token': 'eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsiRE9JaGpfNzJIYTlyWWg5dURnbmRTdTYyRVhKdUZmUTVsa2t4MS1rc1VJbyJdLCJhenAiOiJET0loal83MkhhOXJZaDl1RGduZFN1NjJFWEp1RmZRNWxra3gxLWtzVUlvIiwiZW1haWwiOiJmcmFuY29pcyt0ZXN0QGZpZWYuZGV2IiwiZXhwIjoxNjQ4MDUwNDIzLCJpYXQiOjE2NDgwNDY4MjMsImlzcyI6Imh0dHBzOi8vZXhhbXBsZS5maWVmLmRldiIsInN1YiI6ImEzODQ2Y2MxLTdjMDgtNDM4OS04YzhlLWMwZTc5ZjcwNzVmZSIsInRlbmFudF9pZCI6IjcwNDEzNWI2LTRiZmQtNGM1NS04MDkwLWM2MzhhNmJhNTNhMiJ9.ULQy7TlgF5_oQwwgA6ydTahTYE31obr4F3olJy-mgyPw67XstoJLM1VwUNawzyz2Iu2QDmgcBrH3OMVfgCkBAFk2sp-QQIDr9arIF1QXNKG65El3zgPQ5-niTTsIuAkemyjNGcpdrcN2b9FaeodzauO5eOjno60h5dTBbcLnqv00V-Jv6sq8lB8_o5JXHKWUoZZA2VFEDox9MXfhDqrvyHcitsIRWIy7XhILKcZ-JG_AMcXnuDcyMnsoy91-gJznvMk7_ty9eNWs8Cm0ZhK3nMqEKML4tXIREmIN-vYUGDtbDWX3O45N98ovu9gJi9S3aVOh-gZQsnwauJmlW82ZQQ', 'token_type': 'bearer', 'expires_in': 3600}
Userinfo: {'aud': ['YOUR_CLIENT_ID'], 'azp': 'YOUR_CLIENT_ID', 'email': 'anne@bretagne.duchy', 'exp': 1648050423, 'iat': 1648046823, 'iss': 'https://fief.mydomain.com', 'sub': 'a3846cc1-7c08-4389-8c8e-c0e79f7075fe', 'tenant_id': '704135b6-4bfd-4c55-8090-c638a6ba53a2'}

As you can see, we obtained a first dictionary tokens containing an access token, an ID token and other standard OAuth2 information.

The second variable, userinfo, is a dictionary with the user data. It's actually the information contained in the ID token that the client decoded for you.

What's next?

You have the fundamental basics for performing an OAuth2 authentication with the Fief Python client.

To help you further, we provide you helpers and examples for popular Python frameworks like Flask or FastAPI.

Integrate with FastAPI Integrate with Flask