Authenticating API and frontend using Fief(Fastapi)

[swanny69420]

Is there a way to use cookie authentication to authenticate browser api users (webapp hosted with fastapi, that makes js requests to the fastapi backend) I was wondering if I can use cookies instead of having both Oauth and Cookie authentication, but I couldn't seem to get it working.
@router.post('/create', name='Create Event') async def create_event(event: Eventbs, user: FiefUserInfo = Depends(auth.current_user)): try: print(user) event_id = Event.from_json(event.dict()).create_event() return event_id except Exception as e: raise e

This just doesn't require authentication, but i was under the impression it should, but I'm probably doing something wrong, I am good at that.

[fief-bailiff[bot]]

Hail, @swanny69420 👋 Welcome to Fief's kingdom!

Our team will get back to you very soon to help.

In the meantime, take a minute to star our repository ⭐️

Want to support us?

Subscribe to one of our paid plan to help us continue our work and receive exclusive information and benefits! Starts at $5/month 🪙

Farewell!

[frankie567]

Fief doesn't really care how you pass the token. It can be in an Authorization header or a cookie, it doesn't matter. What you need to do is to tell the SDK where to actually look for it.

The FastAPI Web application example will show you how to configure it for a cookie: https://docs.fief.dev/integrate/python/fastapi/#web-application-example

[swanny69420]

I followed those instructions, but I couldn't find a way to get that to work with post requests. I put user: FiefUserInfo = Depends(auth.current_user) in the request, but it continued to work in an incognito tag with no cookies.

[swanny69420]

FIXED:
For those trying to recreate this method, here is what I did.
for every api endpoint you want to require auth, chuck this in the function declaration: user: FiefUserInfo = Depends(auth.authenticated())
Then, append your get_unauthorized_response function to include this handler, so it dosen't try and redirect API requests to the login page:
if request.url.path.startswith("/api"): raise HTTPException(status_code=HTTP_401_UNAUTHORIZED) (this only works if your API is behind the prefix /API.
From memory that is all that I did to make it work, but I might have done other things, I will keep you updated if i did.