CLI¶
Command Line Tools are really useful for tech users to easily interact with your product and integrate it in scripts or workflows.
The Fief Python client provides tools to help you integration Fief authentication in your CLI application. Let's see how to use them!
Install the client¶
Install the Fief client with the optional CLI dependencies:
Example¶
This is for you if...
- You want your CLI to make authenticated requests to your backend.
Prerequisites
- Make sure your Fief Client is Public.
- Check that the following Redirect URI is allowed on your Fief Client:
http://localhost:51562/callback
For this example, we used Click, a widely used library to build CLI tools in Python.
import click
from fief_client import Fief
from fief_client.integrations.cli import FiefAuth, FiefAuthNotAuthenticatedError
fief = Fief( # (1)!
"https://fief.mydomain.com",
"YOUR_CLIENT_ID",
)
fief_auth = FiefAuth(fief, "./credentials.json") # (2)!
@click.group()
def cli():
pass
@cli.command()
def login():
fief_auth.authorize() # (3)!
@cli.command()
def hello():
try:
userinfo = fief_auth.current_user() # (4)!
click.echo(f"Hello {userinfo['email']} 👋")
except FiefAuthNotAuthenticatedError as e: # (5)!
raise click.UsageError("You're not authenticated") from e
@cli.command()
@click.argument("api_route")
def call_api(api_route: str):
try:
access_token_info = fief_auth.access_token_info() # (6)!
access_token = access_token_info["access_token"]
click.echo(f"Make API call to {api_route} with access token {access_token}...")
except FiefAuthNotAuthenticatedError as e:
raise click.UsageError("You're not authenticated") from e
if __name__ == "__main__":
cli()
-
Fief client instantiation
As we showed in the standard Python section, we instantiate here a Fief client here with the base tenant URL and client ID.
Notice here that we don't set the client secret. Since the CLI app will be installed on the user's machine, it can't be considered as safe. That's why you have to use a public client.
-
Fief helper for CLI tools
This is the helper doing the tedious work for you. It first needs an instance of the Fief client we created above and the path where the credentials will be saved on the user's machine.
We put here directly in the current working directory, but a proper way to manage this is probably to use the operating sytem directories dedicated for this kind of data. Libraries like appdir can help you to determine a reasonable path depending on the user's operating system.
-
Authenticate the user
The method
authorizeon the helper performs all the operations needed to authenticate your CLI application: it'll open the authorization page in the browser, catch the redirection, get tokens and save them on disk.Under the hood, it'll temporarily open a web server to catch the redirection. By default, it'll be opened on
localhost:51562. You can customize this but don't forget then to update your client's redirect URI. -
Get info about the authenticated user
The method
current_userreturns you aFiefUserInfodictionary containing the data of the user. -
FiefAuthNotAuthenticatedErroris raised if the CLI is not authenticatedIf there is no credentials saved on disk,
FiefAuthNotAuthenticatedErroris raised. In this case, you can explain the problem to the user and ask them to authenticate. -
Get the access token
In general, you'll need an access token to make authenticated request to your server. The method
access_token_inforeturns you aFiefAccessTokenInfodictionary, containing the access token.By default, if the access token is expired, it'll automatically ask for a fresh one using the refresh token and update it on disk.
That's it! The tedious work is mostly done by the helper. If you run the following command, you'll be taken through the authentication process:
A browser window will automatically open to the Fief authentication page. After signing in, you can go back to the CLI: you're now authenticated!