Description
Is your feature request related to a problem? Please describe.
In light of us dropping the use of various third party middleware for authentication see #25, #33, #34 we should provide a reference implementation of an OAuth2 based password authentication system.
This will make #31 redundant.
The solution will study the
Describe the solution you'd like
Study the OAuth2 reference implementation outlined by the FastAPI docs and implement a set of handlers that adhere to the proposed standards.
Note that the work being proposed is around authentication and sessions, not sign up and password lifecycle.
The implementation ought to provide context around getting the current user, and possibly an alternative around getting an admin user. We should also look at documenting OAuth2 scopes.
There are two intents of this implementation:
- For use within production applications built using this template
- As a development alternative when the project aims to use systems like AWS Cognito
FastAPI uses python-jose for the JWT packages, which has not been updated in a while. pyJWT on the other hand is receiving updates, so it will be well worth considering using that.
Describe alternatives you've considered
See the issues and projects like #25, #33, #34 fastapi-jwt-auth
Additional context
Security researchers like @ScottHelme have been writing about the redundancy of CSRF since 2019:
other discussion around Starlettel:
Question to be asked as to why we have not been paying attention to this