HTTPBearer token is set, Auth button not shown on /api/docs

oauth2_lib/fastapi.py

@@ -19,7 +19,7 @@
 
 from fastapi import HTTPException
 from fastapi.requests import Request
-from fastapi.security.http import HTTPBearer
+from fastapi.security.http import HTTPAuthorizationCredentials, HTTPBearer
 from httpx import AsyncClient, NetworkError
 from pydantic import BaseModel
 from starlette.requests import ClientDisconnect, HTTPConnection
@@ -126,7 +126,7 @@ class Authentication(ABC):
     """
 
     @abstractmethod
-    async def authenticate(self, request: HTTPConnection, token: str | None = None) -> dict | None:
+    async def authenticate(self, request: Request, token: str | None = None) -> dict | None:
         """Authenticate the user."""
         pass
 
@@ -142,17 +142,24 @@ async def extract(self, request: Request) -> str | None:
         pass
 
 
-class HttpBearerExtractor(IdTokenExtractor):
+class HttpBearerExtractor(HTTPBearer, IdTokenExtractor):
     """Extracts bearer tokens using FastAPI's HTTPBearer.
 
     Specifically designed for HTTP Authorization header token extraction.
     """
 
+    def __init__(self, auto_error: bool = False):
+        super().__init__(auto_error=auto_error)
+
+    async def __call__(self, request: Request) -> Optional[HTTPAuthorizationCredentials]:
+        """Extract the Credentials from the request."""
+        return await super().__call__(request)
+
     async def extract(self, request: Request) -> str | None:
-        http_bearer = HTTPBearer(auto_error=False)
-        credential = await http_bearer(request)
+        """Extract the token from the http_auth_credentials."""
+        http_auth_credentials = await super().__call__(request)
 
-        return credential.credentials if credential else None
+        return http_auth_credentials.credentials if http_auth_credentials else None
 
 
 class OIDCAuth(Authentication):
@@ -181,7 +188,7 @@ def __init__(
 
         self.openid_config: OIDCConfig | None = None
 
-    async def authenticate(self, request: HTTPConnection, token: str | None = None) -> OIDCUserModel | None:
+    async def authenticate(self, request: Request, token: str | None = None) -> OIDCUserModel | None:
         """Return the OIDC user from OIDC introspect endpoint.
 
         This is used as a security module in Fastapi projects
@@ -197,33 +204,16 @@ async def authenticate(self, request: HTTPConnection, token: str | None = None)
         if not oauth2lib_settings.OAUTH2_ACTIVE:
             return None
 
-        async with AsyncClient(http1=True, verify=HTTPX_SSL_CONTEXT) as async_client:
-            await self.check_openid_config(async_client)
-
-            # Handle WebSocket requests separately only to check for token presence.
-            if isinstance(request, WebSocket):
-                if token is None:
-                    raise HTTPException(
-                        status_code=HTTPStatus.FORBIDDEN,
-                        detail="Not authenticated",
-                    )
-                token_or_extracted_id_token = token
-            else:
-                request = cast(Request, request)
-
-                if await self.is_bypassable_request(request):
-                    return None
+        if await self.is_bypassable_request(request):
+            return None
 
-                if token is None:
-                    extracted_id_token = await self.id_token_extractor.extract(request)
-                    if not extracted_id_token:
-                        raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="Not authenticated")
+        if not token:
+            raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="Not authenticated")
 
-                    token_or_extracted_id_token = extracted_id_token
-                else:
-                    token_or_extracted_id_token = token
+        async with AsyncClient(http1=True, verify=HTTPX_SSL_CONTEXT) as async_client:
+            await self.check_openid_config(async_client)
 
-            user_info: OIDCUserModel = await self.userinfo(async_client, token_or_extracted_id_token)
+            user_info: OIDCUserModel = await self.userinfo(async_client, token)
             logger.debug("OIDCUserModel object.", user_info=user_info)
             return user_info
 

oauth2_lib/strawberry.py

@@ -56,7 +56,8 @@ async def get_current_user(self) -> OIDCUserModel | None:
             return None
 
         try:
-            return await self.auth_manager.authentication.authenticate(self.request)
+            token = await self.auth_manager.authentication.id_token_extractor.extract(self.request)
+            return await self.auth_manager.authentication.authenticate(self.request, token)
         except HTTPException as exc:
             logger.debug("User is not authenticated", status_code=exc.status_code, detail=exc.detail)
             return None

tests/test_fastapi.py

@@ -144,15 +144,15 @@ def test_oidc_auth_initialization_default_extractor(oidc_auth):
 async def test_extract_token_success():
     request = mock.MagicMock()
     request.headers = {"Authorization": "Bearer example_token"}
-    extractor = HttpBearerExtractor()
+    extractor = HttpBearerExtractor(auto_error=False)
     assert await extractor.extract(request) == "example_token", "Token extraction failed"
 
 
 @pytest.mark.asyncio
 async def test_extract_token_returns_none():
     request = mock.MagicMock()
     request.headers = {}
-    extractor = HttpBearerExtractor()
+    extractor = HttpBearerExtractor(auto_error=False)
     assert await extractor.extract(request) is None
 
 
@@ -165,7 +165,10 @@ async def test_authenticate_success(make_mock_async_client, discovery, oidc_auth
         request = mock.MagicMock(spec=Request)
         request.headers = {"Authorization": "Bearer valid_token"}
 
-        user = await oidc_auth.authenticate(request)
+        http_bearer_extractor = HttpBearerExtractor(auto_error=False)
+        token = await http_bearer_extractor(request)
+        # token = await oidc_auth.id_token_extractor.extract(request)
+        user = await oidc_auth.authenticate(request, token)
         assert user == user_info_matching, "Authentication failed for a valid token"