Integration testing with OAuth gets a little hairy, so it really depends on what kind of testing you'd like to do. Offhand, there's a few options available (not in any particular order, I'll add more if I think of any) 1. Create a mock token for the OAuth provider and use a mock server to replicate the functionality 2. Create test user(s) for use in your tests so "real" interactions can occur 3. Create an application token through the oauth provider (like oauth-playground in Googles GCP. I've never used these but they might be promising) I've seen numbers 1 & 2 in practice. I think the question you need to answer is "Am I testing the OAuth provider as well as my code?" - If you answer no (most cases), then a mock token/server is likely a good option. If yes, creating a test user(s) might be the way to go. Hope this helps! Thanks for watching!
@@EstesAdvTech Thanks for the answer. Another question. Does Github support OIDC. Because I don't get any refresh token back nor an ID token. Any ideas ?
Thank you very much, very informative Can you please make a video what to do when there are several oauth providers on the site how to create a database and store users?
Hi - Are you referring to timestamp 4:08 where I create the OAuth app? There are 2 URLs to enter, the homepage and callback. The callback is what tells it to go the the /github-code URL in my application after authorization
@@alikemalagrman1067 You can use a refresh_token. See docs here: docs.github.com/en/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens I'll see what I can do about making another long-length video for you. Is there anything specific you'd want to see?
i’m trying with gitlab and oauth2 but otherwise the processes are similar i’ve set up the cors middleware to allow all origins but when i try it manually i’m told that the callback url on gitlab’s side isn’t valid
@@ParacelsusCaspari Can you set the middleware to allow all origins? Does something like this help: github.com/tiangolo/fastapi/discussions/7319#discussioncomment-5135945
Unfortunately I do t have much time to make new videos. But here’s a blog that might get you going: blog.hanchon.live/guides/google-login-with-fastapi/
Very good tutorial, thanks!!!
thx this is so cool and your instructions are clear keep up
Great video!
Hi Will. Thanks for the mazing video. I was wondering how do you go about implementing integration testing with Oauth ?
Integration testing with OAuth gets a little hairy, so it really depends on what kind of testing you'd like to do. Offhand, there's a few options available (not in any particular order, I'll add more if I think of any)
1. Create a mock token for the OAuth provider and use a mock server to replicate the functionality
2. Create test user(s) for use in your tests so "real" interactions can occur
3. Create an application token through the oauth provider (like oauth-playground in Googles GCP. I've never used these but they might be promising)
I've seen numbers 1 & 2 in practice.
I think the question you need to answer is "Am I testing the OAuth provider as well as my code?" - If you answer no (most cases), then a mock token/server is likely a good option. If yes, creating a test user(s) might be the way to go.
Hope this helps!
Thanks for watching!
@@EstesAdvTech Thanks for the answer. Another question. Does Github support OIDC. Because I don't get any refresh token back nor an ID token. Any ideas ?
@@nischalsehrawat2130 I was able to find this: docs.github.com/en/rest/actions/oidc?apiVersion=2022-11-28
Hope this helps!
great tutorial. if you could post the code in git or gist, would make it even better!
@@romanmikhailov5932 thanks! That is my one regret about this video, didn’t save the code 😞😞
awesome tutorial man
Thanks dude, your video help me a lot
Appreciate it! Let me know if there’s other content you’d be interested in 👍
Thank you very much, very informative
Can you please make a video what to do when there are several oauth providers on the site how to create a database and store users?
Multiple OAuth providers and a DB? Got it. I’ll try to get something out for you 👍
Extremely helpful! Thanks a lot!
Failed to follow the example code, how the app know it should go to github-code after clicking the authorization button of github-login?
Hi - Are you referring to timestamp 4:08 where I create the OAuth app? There are 2 URLs to enter, the homepage and callback. The callback is what tells it to go the the /github-code URL in my application after authorization
Can you please tell me how to do same with Google
thank you ❤
thank you it's perfect
Thank you so much, if multiple github users use this app, does github send different tokens, or everytime the same token.
It’ll be a different token for each user.
@@EstesAdvTech How can we refresh token without prompting to user? Can you also make a video about how security schemes work?
@@alikemalagrman1067 You can use a refresh_token. See docs here: docs.github.com/en/developers/apps/building-github-apps/refreshing-user-to-server-access-tokens
I'll see what I can do about making another long-length video for you. Is there anything specific you'd want to see?
what if i get a CORS error? i can't even trigger the redirect
did you double both your urls in github? I didnt setup any configurations for CORS so my guess is it's specific to your environment?
i’m trying with gitlab and oauth2 but otherwise the processes are similar
i’ve set up the cors middleware to allow all origins but when i try it manually i’m told that the callback url on gitlab’s side isn’t valid
@@ParacelsusCaspari Can you set the middleware to allow all origins? Does something like this help: github.com/tiangolo/fastapi/discussions/7319#discussioncomment-5135945
what if the token is expired?
You can use a refresh token: docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens
How can I oauth with Google sign in
Unfortunately I do t have much time to make new videos. But here’s a blog that might get you going: blog.hanchon.live/guides/google-login-with-fastapi/
@@EstesAdvTech this code is very old i tried but it's didn't work
@@a.s8840 sorry bud. I’ll see if I can get a new video soon for this.
Just posted