A user authentication system, implementing Google's Firebase_admin auth module inside python's FastAPI based backend. Furthe we have deployed the code on Google Cloud Run using Docker.
- Google's firebase-admin:
- to create/register dummy user, for token generation
- to authenticate user, for access
- FastAPI:
- implementing the backend logic to access database
- Poetry:
- for dependency management of our python environment
- MongoDb:
- an open source NoSql database storing our user information
- Google Cloud Platform:
- for deployment on Cloud Run
- Installation Instructions
- Usage Instructions
- Setup FastApi RESTapi
- Setup Firebase Auth
- Google Cloud Run Deployment
- Further Help
- License
We will be using poetry as our python package manager. you can follow the steps to get this project running on your system.
So we will start by setting up poetry on our local machine.
- First clone the repo to your local machine. In your git bash UI enter the commands:
> git clone <this-repo>
> cd this-project
> code .
- From the root directory we will install poetry if not already present in your system. Click here for the windows install command.
- After poetry gets installed, setup your virtual invironment.
> poetry env use python<version>
> poetry env use 3.8
- Next to install dependencies run:
> poetry install
Note : Poetry takes care of installing these dependencies in your virtual environment. You don't have to activate your virtual environment manually every time.
Before we could the test the setup we need following to be ready with us :
- Mongodb Atlas, to store user information to authenticate against. You can use free service provided by MongoDb for this project.
- Firebase Admin credentials to be able to generate tokens and verify against.
- create an empty
.env
file at the base directory of your project and update the.env.test
file.- provide mongodb connection string to
MONGODB_URL
- create firebase credentials.json file in the root directory of the project or, otherwise, provide the absolute path to credentials file in .env to
GOOGLE_APPLICATION_CREDENTIALS
- provide mongodb connection string to
We are all set to run our test.
Poetry provides for custom scripts to be run in cli. You can access/write these scripts in pyproject.toml.
To run locally run these commands:
> poetry run test (to setup environment test)
> poetry run server (to serve uvicorn)
FastApi provides Swagger UI: served at /docs. In your bowser go to :
You can register a dummy user using email and password to authenticate further, via :
http://localhost:5000/docs#/dummy/create_user_dummy_register_post
Next, login through above credentials to get token from firebase auth provider to authenticate, via :
Use the token obtained above to verify/register a user, via :
In response you get details of new player created in your database which can be acceesed/modified through token-based authentication only, via :
To get more familier with Fastapi you can go through their docs.
Here, we will be using uvicorn to serve our FastApi backend.
We have also used Beanie as an ODM interface to MongoDb, with async capabilities. "Beanie - is an Asynchronous Python object-document mapper (ODM) for MongoDB, based on Motor and Pydantic."You can follow the Beanie's documentation here.
One can use the Firebase Admin SDK to manage your users or to manage authentication tokens. As stated in their documentation, You can also use the service to identify these users on your own server. This lets you securely perform server-side logic on behalf of users that have signed in with Firebase Authentication.
To do this, you can retrieve an ID token from a client application signed in with Firebase Authentication and include the token in a request to your server. Your server then verifies the ID token and extracts the claims that identify the user (including their uid, the identity provider they logged in with, etc.). This identity information can then be used by your server to carry out actions on behalf of the user.
For this project we have used Google's Cloud Run to deploy my Dockerised FastApi. You can follow this link for more help:
- https://towardsdatascience.com/deploy-a-dockerized-fastapi-app-to-google-cloud-platform-24f72266c7ef
I will list the step-wise process involved in deployment:
- Pre-requisites :
- A Billing Account on GCP/GOOGLE CLOUD PLATFORM(though this setup will cost $0)
- Create Dockerfile to dockerise your fastapi code
- Create .dockerignore and .gcloudignore files(to enumerate what you need to push and what not)
- Note : Here we have also used .gitignore to whose restrictions .gcloudignore automatically inherits.
- Make sure you have not ignored .env and google_application_credentials.json
- Next follow the instruction in the link provided above.
- Also make sure gcloud cli is installed and configured on your system.
- gcloud cli commands to be entered for deployment:
Replace PROJECT-ID with your GCP project ID
TO view your project ID by running the command
> gcloud config get-value project
TO SET your project ID:
gcloud config set project PROJECT-ID
> gcloud config set project auth-test
TO BUILD:
gcloud builds submit --tag gcr.io/PROJECT-ID/container-name
> gcloud builds submit --tag gcr.io/auth-test/auth-api-container
TO DEPLOY:
gcloud run deploy --image gcr.io/PROJECT-ID/container-name --platform managed
> gcloud run deploy --image gcr.io/auth-test/auth-api-container --platform managed
TO DELETE:
gcloud deployment-manager deployments delete example-deployment --delete-policy=DELETE
This project is an open-source initiative by Junkie Labs team.
For any questions or suggestions send a mail to [email protected] or chat with the core-team on gitter.