diff --git a/docs/integration/configuration.md b/docs/integration/configuration.md index c7c18bf..2485ea3 100644 --- a/docs/integration/configuration.md +++ b/docs/integration/configuration.md @@ -10,6 +10,9 @@ The `OAuth2Config` class is used to define the middleware configuration, and it - `enable_ssr` - Whether enable server-side rendering or not. Defaults to `True`. - `allow_http` - Whether allow HTTP requests or not. Defaults to `False`. +- `same_site` - + The [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value) attribute + of the session cookie. Defaults to `lax`. - `jwt_secret` - Secret used to sign the JWT tokens. Defaults to an empty string. - `jwt_expires` - JWT lifetime in seconds. Defaults to 900 (15 minutes). - `jwt_algorithm` - The algorithm used to sign the JWT tokens. Defaults to `HS256`. diff --git a/examples/demonstration/router_api.py b/examples/demonstration/router_api.py index 984382e..537c15a 100644 --- a/examples/demonstration/router_api.py +++ b/examples/demonstration/router_api.py @@ -28,5 +28,6 @@ def sim_auth(request: Request): max_age=request.auth.expires, expires=request.auth.expires, httponly=request.auth.http, + samesite=request.auth.same_site, ) return response diff --git a/src/fastapi_oauth2/__init__.py b/src/fastapi_oauth2/__init__.py index c68196d..67bc602 100644 --- a/src/fastapi_oauth2/__init__.py +++ b/src/fastapi_oauth2/__init__.py @@ -1 +1 @@ -__version__ = "1.2.0" +__version__ = "1.3.0" diff --git a/src/fastapi_oauth2/config.py b/src/fastapi_oauth2/config.py index 6bdcac9..da9ffea 100644 --- a/src/fastapi_oauth2/config.py +++ b/src/fastapi_oauth2/config.py @@ -10,6 +10,7 @@ class OAuth2Config: enable_ssr: bool allow_http: bool + same_site: str jwt_secret: str jwt_expires: int jwt_algorithm: str @@ -20,6 +21,7 @@ def __init__( *, enable_ssr: bool = True, allow_http: bool = False, + same_site: str = "lax", jwt_secret: str = "", jwt_expires: Union[int, str] = 900, jwt_algorithm: str = "HS256", @@ -29,6 +31,7 @@ def __init__( os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1" self.enable_ssr = enable_ssr self.allow_http = allow_http + self.same_site = same_site self.jwt_secret = jwt_secret self.jwt_expires = int(jwt_expires) self.jwt_algorithm = jwt_algorithm diff --git a/src/fastapi_oauth2/core.py b/src/fastapi_oauth2/core.py index 1dbfaa3..9f27ed3 100644 --- a/src/fastapi_oauth2/core.py +++ b/src/fastapi_oauth2/core.py @@ -145,6 +145,7 @@ async def token_redirect(self, request: Request, **kwargs) -> RedirectResponse: expires=request.auth.expires, secure=not request.auth.http, httponly=True, + samesite=request.auth.same_site, ) return response diff --git a/src/fastapi_oauth2/middleware.py b/src/fastapi_oauth2/middleware.py index 76ee47e..b3166b4 100644 --- a/src/fastapi_oauth2/middleware.py +++ b/src/fastapi_oauth2/middleware.py @@ -39,6 +39,7 @@ class Auth(AuthCredentials): http: bool secret: str expires: int + same_site: str algorithm: str scopes: List[str] provider: OAuth2Core @@ -92,6 +93,7 @@ def __init__( Auth.http = config.allow_http Auth.secret = config.jwt_secret Auth.expires = config.jwt_expires + Auth.same_site = config.same_site Auth.algorithm = config.jwt_algorithm Auth.clients = { client.backend.name: OAuth2Core(client) diff --git a/tests/conftest.py b/tests/conftest.py index 5766231..a71bc0e 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -75,6 +75,7 @@ def auth(request: Request): max_age=request.auth.expires, expires=request.auth.expires, httponly=request.auth.http, + samesite=request.auth.same_site, ) return response