Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How to use XSUAA in FastAPI Python app

Mohan-Sharma
Product and Topic Expert
Product and Topic Expert

‎2024 Sep 16 6:21 AM - edited ‎2024 Sep 16 6:27 AM

0 Likes
1,975

Hi there, 

I have a fastapi app with 2 routes, one for rendering an html page and one for serving a request. I am using Jinja2 for templating.

Example of one of the route:

@router.get("/", response_class=HTMLResponse)
async def read_root(request: Request):
    return templates.TemplateResponse("index.html", {"request": request})

My manifest.yaml for deploying it to cloud foundry:

---
applications:
- name: fastapi-app
  disk_quota: 2048M
  memory: 256M
  path: ./
  routes:
    -   route: fastapi-app.cfapps.eu10.hana.ondemand.com
  buildpacks:
  - python_buildpack
  command: uvicorn com.crack.snap.make.app:app --host 0.0.0.0 --port $PORT
  services:
    - app-xsuaa
    - app-logging-service
  logging:
    level: error
  env:
    PYTHONUNBUFFERED: true
    xsuaa_connectivity_instance_name: "app-xsuaa"
    xsuaa_destination_instance_name: "app-xsuaa"

How do I protect these fastapi routes directly using XSUAA, without having to create one more webapp then use app-router and then forwarding the request to fastapi app?

Also I want the fastapi to use the sub-account's default authentication which we do by using redirect-url of xs-security.json

{
	"xsappname": "fastapi-app",
	"tenant-mode": "dedicated",
	"scopes": [{
		"name": "$XSAPPNAME.fastapi_scope"
	}],
	"role-templates": [{
		"name": "FastAPIRoleTemplate",
		"default-role-name": "FastAPIRole",
		"description": "Role template for app users",
		"scope-references": ["$XSAPPNAME.fastapi_scope"]
	}
	],
	"oauth2-configuration": {
		"redirect-uris": [
			"https://*.cfapps.eu10.hana.ondemand.com/**"
		]
	}
}

Any help on achieving this will be really appreciated, we can also have a blog post on the same topic

SAP BTP, Cloud Foundry runtime and environment Python SAP BTP Security 

SAP BTP, Cloud Foundry runtime and environment
SAP BTP, Cloud Foundry runtime and environment
SAP Business Technology Platform
Python
Python
Programming Tool
SAP BTP Security
SAP BTP Security
Software Product Function

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
gregorw
SAP Mentor
SAP Mentor
‎2024 Sep 16 8:47 AM
0 Likes

The tutorial Create an Application with Cloud Foundry Python Buildpack provides an example using Flask. Maybe you can adopt that to FastAPI. Would be great if you share it afterwards.

Show replies
Show replies
Mohan-Sharma
Product and Topic Expert
Product and Topic Expert
‎2024 Sep 16 9:00 AM
0 Likes
@gregorw, thank you for the prompt help.. But the problem with the approach defined above is we need to create a separate webapp for user landing, then forward the user to the actual fastapi app. The fastapi alone is capable to having the frontend templates, then do we really need to have a separate node app(app router) just for landing the user?
gregorw
SAP Mentor
SAP Mentor
‎2024 Sep 16 3:06 PM
Using the Approuter is the best practice. It implements the user authentication flow for you and you can use destinations to call the backend.
Ask a Question