Authenticate FastAPI endpoints with a Github organization


May 29, 2024

FastAPI is a framework that simplifies building APIs in Python. Authentication via Google, Github and many more is provided by FastAPI-SSO.

We can also combine this with PyGithub to check if the user is a member of a specific organization and handle permissions on specific objects provided by an endpoint.

See the implementation in this Gist

Notice that on from your Developer Settings on Github you both need to create an OAuth app (with http://localhost:5000/auth/callback callback) and a Personal Access Token (classic) with read:orgs scope to query group membership and store all their credentials in

Once the app is running, try accessing, you should first get “Not authenticated”, now login at http://localhost:5000/auth/login, you should be redirected to Github for authentication, then you should see if you are or not a member of the ORG organization as defined in the source file.