automatic import of python-fastapi-cloudauth

3 files changed, 935 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..49d3e39 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/fastapi-cloudauth-0.4.3.tar.gz
diff --git a/python-fastapi-cloudauth.spec b/python-fastapi-cloudauth.spec
new file mode 100644
index 0000000..7ce4bb3
--- /dev/null
+++ b/python-fastapi-cloudauth.spec
@@ -0,0 +1,933 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-fastapi-cloudauth
+Version:	0.4.3
+Release:	1
+Summary:	fastapi-cloudauth supports simple integration between FastAPI and cloud authentication services (AWS Cognito, Auth0, Firebase Authentication).
+License:	MIT
+URL:		https://github.com/tokusumi/fastapi-cloudauth
+Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/aa/f8/237f3d6d34b902e5e9b3ccc9b84f1d364af026b665638338cc4b126f5be4/fastapi-cloudauth-0.4.3.tar.gz
+BuildArch:	noarch
+
+Requires:	python3-fastapi
+Requires:	python3-jose[cryptography]
+Requires:	python3-requests
+
+%description
+# FastAPI Cloud Auth
+
+![Tests](https://github.com/tokusumi/fastapi-cloudauth/workflows/Tests/badge.svg)
+[![codecov](https://codecov.io/gh/tokusumi/fastapi-cloudauth/branch/master/graph/badge.svg)](https://codecov.io/gh/tokusumi/fastapi-cloudauth)
+[![PyPI version](https://badge.fury.io/py/fastapi-cloudauth.svg)](https://badge.fury.io/py/fastapi-cloudauth)
+
+fastapi-cloudauth standardizes and simplifies the integration between FastAPI and cloud authentication services (AWS Cognito, Auth0, Firebase Authentication).
+
+## Features
+
+* [X] Verify access/id token: standard JWT validation (signature, expiration), token audience claims, etc.
+* [X] Verify permissions based on scope (or groups) within access token and extract user info 
+* [X] Get the detail of login user info (name, email, etc.) within ID token
+* [X] Dependency injection for verification/getting user, powered by [FastAPI](https://github.com/tiangolo/fastapi)
+* [X] Support for:
+    * [X] [AWS Cognito](https://aws.amazon.com/jp/cognito/)
+    * [X] [Auth0](https://auth0.com/jp/)
+    * [x] [Firebase Auth](https://firebase.google.com/docs/auth) (Only ID token)
+
+## Requirements
+
+Python 3.6+
+
+## Install
+
+```console
+$ pip install fastapi-cloudauth
+```
+
+## Example (AWS Cognito)
+
+### Pre-requirements
+
+* Check `region`, `userPoolID` and `AppClientID` of AWS Cognito that you manage to
+* Create a user's assigned `read:users` permission in AWS Cognito 
+* Get Access/ID token for the created user
+
+NOTE: access token is valid for verification, scope-based authentication, and getting user info (optional). ID token is valid for verification and getting full user info from claims.
+
+### Create it
+
+Create a *main.py* file with the following content:
+
+```python3
+import os
+from pydantic import BaseModel
+from fastapi import FastAPI, Depends
+from fastapi_cloudauth.cognito import Cognito, CognitoCurrentUser, CognitoClaims
+
+app = FastAPI()
+auth = Cognito(
+    region=os.environ["REGION"], 
+    userPoolId=os.environ["USERPOOLID"],
+    client_id=os.environ["APPCLIENTID"]
+)
+
+@app.get("/", dependencies=[Depends(auth.scope(["read:users"]))])
+def secure():
+    # access token is valid
+    return "Hello"
+
+
+class AccessUser(BaseModel):
+    sub: str
+
+
+@app.get("/access/")
+def secure_access(current_user: AccessUser = Depends(auth.claim(AccessUser))):
+    # access token is valid and getting user info from access token
+    return f"Hello", {current_user.sub}
+
+
+get_current_user = CognitoCurrentUser(
+    region=os.environ["REGION"], 
+    userPoolId=os.environ["USERPOOLID"],
+    client_id=os.environ["APPCLIENTID"]
+)
+
+
+@app.get("/user/")
+def secure_user(current_user: CognitoClaims = Depends(get_current_user)):
+    # ID token is valid and getting user info from ID token
+    return f"Hello, {current_user.username}"
+```
+
+Run the server with:
+
+```console
+$ uvicorn main:app
+
+INFO:     Started server process [15332]
+INFO:     Waiting for application startup.
+INFO:     Application startup complete.
+INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
+```
+
+### Interactive API Doc
+
+Go to http://127.0.0.1:8000/docs.
+
+You will see the automatic interactive API documentation (provided by Swagger UI).
+
+`Authorize` :unlock: button can be available at the endpoint's injected dependency.
+
+You can supply a token and try the endpoint interactively.
+
+![Swagger UI](https://raw.githubusercontent.com/tokusumi/fastapi-cloudauth/master/docs/src/authorize_in_doc.jpg)
+
+
+## Example (Auth0)
+
+### Pre-requirement
+
+* Check `domain`, `customAPI` (Audience) and `ClientID` of Auth0 that you manage to
+* Create a user assigned `read:users` permission in Auth0 
+* Get Access/ID token for the created user
+
+### Create it
+
+Create a file main.py with:
+
+```python3
+import os
+from pydantic import BaseModel
+from fastapi import FastAPI, Depends
+from fastapi_cloudauth.auth0 import Auth0, Auth0CurrentUser, Auth0Claims
+
+app = FastAPI()
+
+auth = Auth0(domain=os.environ["DOMAIN"], customAPI=os.environ["CUSTOMAPI"])
+
+
+@app.get("/", dependencies=[Depends(auth.scope(["read:users"]))])
+def secure():
+    # access token is valid
+    return "Hello"
+
+
+class AccessUser(BaseModel):
+    sub: str
+
+
+@app.get("/access/")
+def secure_access(current_user: AccessUser = Depends(auth.claim(AccessUser))):
+    # access token is valid and getting user info from access token
+    return f"Hello", {current_user.sub}
+
+
+get_current_user = Auth0CurrentUser(
+    domain=os.environ["DOMAIN"],
+    client_id=os.environ["CLIENTID"]
+)
+
+
+@app.get("/user/")
+def secure_user(current_user: Auth0Claims = Depends(get_current_user)):
+    # ID token is valid and getting user info from ID token
+    return f"Hello, {current_user.username}"
+```
+
+Try to run the server and see interactive UI in the same way.
+
+
+## Example (Firebase Authentication)
+
+### Pre-requirement
+
+* Create a user in Firebase Authentication and get `project ID`
+* Get ID token for the created user
+
+### Create it
+
+Create a file main.py with:
+
+```python3
+from fastapi import FastAPI, Depends
+from fastapi_cloudauth.firebase import FirebaseCurrentUser, FirebaseClaims
+
+app = FastAPI()
+
+get_current_user = FirebaseCurrentUser(
+    project_id=os.environ["PROJECT_ID"]
+)
+
+
+@app.get("/user/")
+def secure_user(current_user: FirebaseClaims = Depends(get_current_user)):
+    # ID token is valid and getting user info from ID token
+    return f"Hello, {current_user.user_id}"
+```
+
+Try to run the server and see the interactive UI in the same way.
+
+## Additional User Information
+
+We can get values for the current user from access/ID token by writing a few lines.
+
+### Custom Claims
+
+For Auth0, the ID token contains the following extra values (Ref at [Auth0 official doc](https://auth0.com/docs/tokens)):
+
+```json
+{
+  "iss": "http://YOUR_DOMAIN/",
+  "sub": "auth0|123456",
+  "aud": "YOUR_CLIENT_ID",
+  "exp": 1311281970,
+  "iat": 1311280970,
+  "name": "Jane Doe",
+  "given_name": "Jane",
+  "family_name": "Doe",
+  "gender": "female",
+  "birthdate": "0000-10-31",
+  "email": "janedoe@example.com",
+  "picture": "http://example.com/janedoe/me.jpg"
+}
+```
+
+By default, `Auth0CurrentUser` gives `pydantic.BaseModel` object, which has `username` (name) and `email` fields.
+
+Here is sample code for extracting extra user information (adding `user_id`) from ID token:
+
+```python3
+from pydantic import Field
+from fastapi_cloudauth.auth0 import Auth0Claims  # base current user info model (inheriting `pydantic`).
+
+# extend current user info model by `pydantic`.
+class CustomAuth0Claims(Auth0Claims):
+    user_id: str = Field(alias="sub")
+
+get_current_user = Auth0CurrentUser(domain=DOMAIN, client_id=CLIENTID)
+get_current_user.user_info = CustomAuth0Claims  # override user info model with a custom one.
+```
+
+Or, we can set new custom claims as follows:
+
+```python3
+get_user_detail = get_current_user.claim(CustomAuth0Claims)
+
+@app.get("/new/")
+async def detail(user: CustomAuth0Claims = Depends(get_user_detail)):
+    return f"Hello, {user.user_id}"
+```
+
+### Raw payload
+
+If you don't require `pydantic` data serialization (validation), `FastAPI-CloudAuth` has an option to extract the raw payload.
+
+All you need is:
+
+```python3
+get_raw_info = get_current_user.claim(None)
+
+@app.get("/new/")
+async def raw_detail(user = Depends(get_raw_info)):
+    # user has all items (ex. iss, sub, aud, exp, ... it depends on passed token) 
+    return f"Hello, {user.get('sub')}"
+```
+
+## Additional scopes
+
+Advanced user-SCOPE verification to protect your API.
+
+Supports:
+
+- all (default): required all scopes you set
+- any: At least one of the configured scopes is required
+
+Use as (`auth` is this instanse and `app` is fastapi.FastAPI instanse):
+
+```python3
+from fastapi import Depends
+from fastapi_cloudauth import Operator
+
+@app.get("/", dependencies=[Depends(auth.scope(["allowned", "scopes"]))])
+def api_all_scope():
+    return "user has 'allowned' and 'scopes' scopes"
+
+@app.get("/", dependencies=[Depends(auth.scope(["allowned", "scopes"], op=Operator._any))])
+def api_any_scope():
+    return "user has at least one of scopes (allowned, scopes)"
+```
+
+## Development - Contributing
+
+Please read [CONTRIBUTING](./CONTRIBUTING.md) for how to set up the development environment and testing.
+
+
+%package -n python3-fastapi-cloudauth
+Summary:	fastapi-cloudauth supports simple integration between FastAPI and cloud authentication services (AWS Cognito, Auth0, Firebase Authentication).
+Provides:	python-fastapi-cloudauth
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+%description -n python3-fastapi-cloudauth
+# FastAPI Cloud Auth
+
+![Tests](https://github.com/tokusumi/fastapi-cloudauth/workflows/Tests/badge.svg)
+[![codecov](https://codecov.io/gh/tokusumi/fastapi-cloudauth/branch/master/graph/badge.svg)](https://codecov.io/gh/tokusumi/fastapi-cloudauth)
+[![PyPI version](https://badge.fury.io/py/fastapi-cloudauth.svg)](https://badge.fury.io/py/fastapi-cloudauth)
+
+fastapi-cloudauth standardizes and simplifies the integration between FastAPI and cloud authentication services (AWS Cognito, Auth0, Firebase Authentication).
+
+## Features
+
+* [X] Verify access/id token: standard JWT validation (signature, expiration), token audience claims, etc.
+* [X] Verify permissions based on scope (or groups) within access token and extract user info 
+* [X] Get the detail of login user info (name, email, etc.) within ID token
+* [X] Dependency injection for verification/getting user, powered by [FastAPI](https://github.com/tiangolo/fastapi)
+* [X] Support for:
+    * [X] [AWS Cognito](https://aws.amazon.com/jp/cognito/)
+    * [X] [Auth0](https://auth0.com/jp/)
+    * [x] [Firebase Auth](https://firebase.google.com/docs/auth) (Only ID token)
+
+## Requirements
+
+Python 3.6+
+
+## Install
+
+```console
+$ pip install fastapi-cloudauth
+```
+
+## Example (AWS Cognito)
+
+### Pre-requirements
+
+* Check `region`, `userPoolID` and `AppClientID` of AWS Cognito that you manage to
+* Create a user's assigned `read:users` permission in AWS Cognito 
+* Get Access/ID token for the created user
+
+NOTE: access token is valid for verification, scope-based authentication, and getting user info (optional). ID token is valid for verification and getting full user info from claims.
+
+### Create it
+
+Create a *main.py* file with the following content:
+
+```python3
+import os
+from pydantic import BaseModel
+from fastapi import FastAPI, Depends
+from fastapi_cloudauth.cognito import Cognito, CognitoCurrentUser, CognitoClaims
+
+app = FastAPI()
+auth = Cognito(
+    region=os.environ["REGION"], 
+    userPoolId=os.environ["USERPOOLID"],
+    client_id=os.environ["APPCLIENTID"]
+)
+
+@app.get("/", dependencies=[Depends(auth.scope(["read:users"]))])
+def secure():
+    # access token is valid
+    return "Hello"
+
+
+class AccessUser(BaseModel):
+    sub: str
+
+
+@app.get("/access/")
+def secure_access(current_user: AccessUser = Depends(auth.claim(AccessUser))):
+    # access token is valid and getting user info from access token
+    return f"Hello", {current_user.sub}
+
+
+get_current_user = CognitoCurrentUser(
+    region=os.environ["REGION"], 
+    userPoolId=os.environ["USERPOOLID"],
+    client_id=os.environ["APPCLIENTID"]
+)
+
+
+@app.get("/user/")
+def secure_user(current_user: CognitoClaims = Depends(get_current_user)):
+    # ID token is valid and getting user info from ID token
+    return f"Hello, {current_user.username}"
+```
+
+Run the server with:
+
+```console
+$ uvicorn main:app
+
+INFO:     Started server process [15332]
+INFO:     Waiting for application startup.
+INFO:     Application startup complete.
+INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
+```
+
+### Interactive API Doc
+
+Go to http://127.0.0.1:8000/docs.
+
+You will see the automatic interactive API documentation (provided by Swagger UI).
+
+`Authorize` :unlock: button can be available at the endpoint's injected dependency.
+
+You can supply a token and try the endpoint interactively.
+
+![Swagger UI](https://raw.githubusercontent.com/tokusumi/fastapi-cloudauth/master/docs/src/authorize_in_doc.jpg)
+
+
+## Example (Auth0)
+
+### Pre-requirement
+
+* Check `domain`, `customAPI` (Audience) and `ClientID` of Auth0 that you manage to
+* Create a user assigned `read:users` permission in Auth0 
+* Get Access/ID token for the created user
+
+### Create it
+
+Create a file main.py with:
+
+```python3
+import os
+from pydantic import BaseModel
+from fastapi import FastAPI, Depends
+from fastapi_cloudauth.auth0 import Auth0, Auth0CurrentUser, Auth0Claims
+
+app = FastAPI()
+
+auth = Auth0(domain=os.environ["DOMAIN"], customAPI=os.environ["CUSTOMAPI"])
+
+
+@app.get("/", dependencies=[Depends(auth.scope(["read:users"]))])
+def secure():
+    # access token is valid
+    return "Hello"
+
+
+class AccessUser(BaseModel):
+    sub: str
+
+
+@app.get("/access/")
+def secure_access(current_user: AccessUser = Depends(auth.claim(AccessUser))):
+    # access token is valid and getting user info from access token
+    return f"Hello", {current_user.sub}
+
+
+get_current_user = Auth0CurrentUser(
+    domain=os.environ["DOMAIN"],
+    client_id=os.environ["CLIENTID"]
+)
+
+
+@app.get("/user/")
+def secure_user(current_user: Auth0Claims = Depends(get_current_user)):
+    # ID token is valid and getting user info from ID token
+    return f"Hello, {current_user.username}"
+```
+
+Try to run the server and see interactive UI in the same way.
+
+
+## Example (Firebase Authentication)
+
+### Pre-requirement
+
+* Create a user in Firebase Authentication and get `project ID`
+* Get ID token for the created user
+
+### Create it
+
+Create a file main.py with:
+
+```python3
+from fastapi import FastAPI, Depends
+from fastapi_cloudauth.firebase import FirebaseCurrentUser, FirebaseClaims
+
+app = FastAPI()
+
+get_current_user = FirebaseCurrentUser(
+    project_id=os.environ["PROJECT_ID"]
+)
+
+
+@app.get("/user/")
+def secure_user(current_user: FirebaseClaims = Depends(get_current_user)):
+    # ID token is valid and getting user info from ID token
+    return f"Hello, {current_user.user_id}"
+```
+
+Try to run the server and see the interactive UI in the same way.
+
+## Additional User Information
+
+We can get values for the current user from access/ID token by writing a few lines.
+
+### Custom Claims
+
+For Auth0, the ID token contains the following extra values (Ref at [Auth0 official doc](https://auth0.com/docs/tokens)):
+
+```json
+{
+  "iss": "http://YOUR_DOMAIN/",
+  "sub": "auth0|123456",
+  "aud": "YOUR_CLIENT_ID",
+  "exp": 1311281970,
+  "iat": 1311280970,
+  "name": "Jane Doe",
+  "given_name": "Jane",
+  "family_name": "Doe",
+  "gender": "female",
+  "birthdate": "0000-10-31",
+  "email": "janedoe@example.com",
+  "picture": "http://example.com/janedoe/me.jpg"
+}
+```
+
+By default, `Auth0CurrentUser` gives `pydantic.BaseModel` object, which has `username` (name) and `email` fields.
+
+Here is sample code for extracting extra user information (adding `user_id`) from ID token:
+
+```python3
+from pydantic import Field
+from fastapi_cloudauth.auth0 import Auth0Claims  # base current user info model (inheriting `pydantic`).
+
+# extend current user info model by `pydantic`.
+class CustomAuth0Claims(Auth0Claims):
+    user_id: str = Field(alias="sub")
+
+get_current_user = Auth0CurrentUser(domain=DOMAIN, client_id=CLIENTID)
+get_current_user.user_info = CustomAuth0Claims  # override user info model with a custom one.
+```
+
+Or, we can set new custom claims as follows:
+
+```python3
+get_user_detail = get_current_user.claim(CustomAuth0Claims)
+
+@app.get("/new/")
+async def detail(user: CustomAuth0Claims = Depends(get_user_detail)):
+    return f"Hello, {user.user_id}"
+```
+
+### Raw payload
+
+If you don't require `pydantic` data serialization (validation), `FastAPI-CloudAuth` has an option to extract the raw payload.
+
+All you need is:
+
+```python3
+get_raw_info = get_current_user.claim(None)
+
+@app.get("/new/")
+async def raw_detail(user = Depends(get_raw_info)):
+    # user has all items (ex. iss, sub, aud, exp, ... it depends on passed token) 
+    return f"Hello, {user.get('sub')}"
+```
+
+## Additional scopes
+
+Advanced user-SCOPE verification to protect your API.
+
+Supports:
+
+- all (default): required all scopes you set
+- any: At least one of the configured scopes is required
+
+Use as (`auth` is this instanse and `app` is fastapi.FastAPI instanse):
+
+```python3
+from fastapi import Depends
+from fastapi_cloudauth import Operator
+
+@app.get("/", dependencies=[Depends(auth.scope(["allowned", "scopes"]))])
+def api_all_scope():
+    return "user has 'allowned' and 'scopes' scopes"
+
+@app.get("/", dependencies=[Depends(auth.scope(["allowned", "scopes"], op=Operator._any))])
+def api_any_scope():
+    return "user has at least one of scopes (allowned, scopes)"
+```
+
+## Development - Contributing
+
+Please read [CONTRIBUTING](./CONTRIBUTING.md) for how to set up the development environment and testing.
+
+
+%package help
+Summary:	Development documents and examples for fastapi-cloudauth
+Provides:	python3-fastapi-cloudauth-doc
+%description help
+# FastAPI Cloud Auth
+
+![Tests](https://github.com/tokusumi/fastapi-cloudauth/workflows/Tests/badge.svg)
+[![codecov](https://codecov.io/gh/tokusumi/fastapi-cloudauth/branch/master/graph/badge.svg)](https://codecov.io/gh/tokusumi/fastapi-cloudauth)
+[![PyPI version](https://badge.fury.io/py/fastapi-cloudauth.svg)](https://badge.fury.io/py/fastapi-cloudauth)
+
+fastapi-cloudauth standardizes and simplifies the integration between FastAPI and cloud authentication services (AWS Cognito, Auth0, Firebase Authentication).
+
+## Features
+
+* [X] Verify access/id token: standard JWT validation (signature, expiration), token audience claims, etc.
+* [X] Verify permissions based on scope (or groups) within access token and extract user info 
+* [X] Get the detail of login user info (name, email, etc.) within ID token
+* [X] Dependency injection for verification/getting user, powered by [FastAPI](https://github.com/tiangolo/fastapi)
+* [X] Support for:
+    * [X] [AWS Cognito](https://aws.amazon.com/jp/cognito/)
+    * [X] [Auth0](https://auth0.com/jp/)
+    * [x] [Firebase Auth](https://firebase.google.com/docs/auth) (Only ID token)
+
+## Requirements
+
+Python 3.6+
+
+## Install
+
+```console
+$ pip install fastapi-cloudauth
+```
+
+## Example (AWS Cognito)
+
+### Pre-requirements
+
+* Check `region`, `userPoolID` and `AppClientID` of AWS Cognito that you manage to
+* Create a user's assigned `read:users` permission in AWS Cognito 
+* Get Access/ID token for the created user
+
+NOTE: access token is valid for verification, scope-based authentication, and getting user info (optional). ID token is valid for verification and getting full user info from claims.
+
+### Create it
+
+Create a *main.py* file with the following content:
+
+```python3
+import os
+from pydantic import BaseModel
+from fastapi import FastAPI, Depends
+from fastapi_cloudauth.cognito import Cognito, CognitoCurrentUser, CognitoClaims
+
+app = FastAPI()
+auth = Cognito(
+    region=os.environ["REGION"], 
+    userPoolId=os.environ["USERPOOLID"],
+    client_id=os.environ["APPCLIENTID"]
+)
+
+@app.get("/", dependencies=[Depends(auth.scope(["read:users"]))])
+def secure():
+    # access token is valid
+    return "Hello"
+
+
+class AccessUser(BaseModel):
+    sub: str
+
+
+@app.get("/access/")
+def secure_access(current_user: AccessUser = Depends(auth.claim(AccessUser))):
+    # access token is valid and getting user info from access token
+    return f"Hello", {current_user.sub}
+
+
+get_current_user = CognitoCurrentUser(
+    region=os.environ["REGION"], 
+    userPoolId=os.environ["USERPOOLID"],
+    client_id=os.environ["APPCLIENTID"]
+)
+
+
+@app.get("/user/")
+def secure_user(current_user: CognitoClaims = Depends(get_current_user)):
+    # ID token is valid and getting user info from ID token
+    return f"Hello, {current_user.username}"
+```
+
+Run the server with:
+
+```console
+$ uvicorn main:app
+
+INFO:     Started server process [15332]
+INFO:     Waiting for application startup.
+INFO:     Application startup complete.
+INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
+```
+
+### Interactive API Doc
+
+Go to http://127.0.0.1:8000/docs.
+
+You will see the automatic interactive API documentation (provided by Swagger UI).
+
+`Authorize` :unlock: button can be available at the endpoint's injected dependency.
+
+You can supply a token and try the endpoint interactively.
+
+![Swagger UI](https://raw.githubusercontent.com/tokusumi/fastapi-cloudauth/master/docs/src/authorize_in_doc.jpg)
+
+
+## Example (Auth0)
+
+### Pre-requirement
+
+* Check `domain`, `customAPI` (Audience) and `ClientID` of Auth0 that you manage to
+* Create a user assigned `read:users` permission in Auth0 
+* Get Access/ID token for the created user
+
+### Create it
+
+Create a file main.py with:
+
+```python3
+import os
+from pydantic import BaseModel
+from fastapi import FastAPI, Depends
+from fastapi_cloudauth.auth0 import Auth0, Auth0CurrentUser, Auth0Claims
+
+app = FastAPI()
+
+auth = Auth0(domain=os.environ["DOMAIN"], customAPI=os.environ["CUSTOMAPI"])
+
+
+@app.get("/", dependencies=[Depends(auth.scope(["read:users"]))])
+def secure():
+    # access token is valid
+    return "Hello"
+
+
+class AccessUser(BaseModel):
+    sub: str
+
+
+@app.get("/access/")
+def secure_access(current_user: AccessUser = Depends(auth.claim(AccessUser))):
+    # access token is valid and getting user info from access token
+    return f"Hello", {current_user.sub}
+
+
+get_current_user = Auth0CurrentUser(
+    domain=os.environ["DOMAIN"],
+    client_id=os.environ["CLIENTID"]
+)
+
+
+@app.get("/user/")
+def secure_user(current_user: Auth0Claims = Depends(get_current_user)):
+    # ID token is valid and getting user info from ID token
+    return f"Hello, {current_user.username}"
+```
+
+Try to run the server and see interactive UI in the same way.
+
+
+## Example (Firebase Authentication)
+
+### Pre-requirement
+
+* Create a user in Firebase Authentication and get `project ID`
+* Get ID token for the created user
+
+### Create it
+
+Create a file main.py with:
+
+```python3
+from fastapi import FastAPI, Depends
+from fastapi_cloudauth.firebase import FirebaseCurrentUser, FirebaseClaims
+
+app = FastAPI()
+
+get_current_user = FirebaseCurrentUser(
+    project_id=os.environ["PROJECT_ID"]
+)
+
+
+@app.get("/user/")
+def secure_user(current_user: FirebaseClaims = Depends(get_current_user)):
+    # ID token is valid and getting user info from ID token
+    return f"Hello, {current_user.user_id}"
+```
+
+Try to run the server and see the interactive UI in the same way.
+
+## Additional User Information
+
+We can get values for the current user from access/ID token by writing a few lines.
+
+### Custom Claims
+
+For Auth0, the ID token contains the following extra values (Ref at [Auth0 official doc](https://auth0.com/docs/tokens)):
+
+```json
+{
+  "iss": "http://YOUR_DOMAIN/",
+  "sub": "auth0|123456",
+  "aud": "YOUR_CLIENT_ID",
+  "exp": 1311281970,
+  "iat": 1311280970,
+  "name": "Jane Doe",
+  "given_name": "Jane",
+  "family_name": "Doe",
+  "gender": "female",
+  "birthdate": "0000-10-31",
+  "email": "janedoe@example.com",
+  "picture": "http://example.com/janedoe/me.jpg"
+}
+```
+
+By default, `Auth0CurrentUser` gives `pydantic.BaseModel` object, which has `username` (name) and `email` fields.
+
+Here is sample code for extracting extra user information (adding `user_id`) from ID token:
+
+```python3
+from pydantic import Field
+from fastapi_cloudauth.auth0 import Auth0Claims  # base current user info model (inheriting `pydantic`).
+
+# extend current user info model by `pydantic`.
+class CustomAuth0Claims(Auth0Claims):
+    user_id: str = Field(alias="sub")
+
+get_current_user = Auth0CurrentUser(domain=DOMAIN, client_id=CLIENTID)
+get_current_user.user_info = CustomAuth0Claims  # override user info model with a custom one.
+```
+
+Or, we can set new custom claims as follows:
+
+```python3
+get_user_detail = get_current_user.claim(CustomAuth0Claims)
+
+@app.get("/new/")
+async def detail(user: CustomAuth0Claims = Depends(get_user_detail)):
+    return f"Hello, {user.user_id}"
+```
+
+### Raw payload
+
+If you don't require `pydantic` data serialization (validation), `FastAPI-CloudAuth` has an option to extract the raw payload.
+
+All you need is:
+
+```python3
+get_raw_info = get_current_user.claim(None)
+
+@app.get("/new/")
+async def raw_detail(user = Depends(get_raw_info)):
+    # user has all items (ex. iss, sub, aud, exp, ... it depends on passed token) 
+    return f"Hello, {user.get('sub')}"
+```
+
+## Additional scopes
+
+Advanced user-SCOPE verification to protect your API.
+
+Supports:
+
+- all (default): required all scopes you set
+- any: At least one of the configured scopes is required
+
+Use as (`auth` is this instanse and `app` is fastapi.FastAPI instanse):
+
+```python3
+from fastapi import Depends
+from fastapi_cloudauth import Operator
+
+@app.get("/", dependencies=[Depends(auth.scope(["allowned", "scopes"]))])
+def api_all_scope():
+    return "user has 'allowned' and 'scopes' scopes"
+
+@app.get("/", dependencies=[Depends(auth.scope(["allowned", "scopes"], op=Operator._any))])
+def api_any_scope():
+    return "user has at least one of scopes (allowned, scopes)"
+```
+
+## Development - Contributing
+
+Please read [CONTRIBUTING](./CONTRIBUTING.md) for how to set up the development environment and testing.
+
+
+%prep
+%autosetup -n fastapi-cloudauth-0.4.3
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-fastapi-cloudauth -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Wed Apr 12 2023 Python_Bot <Python_Bot@openeuler.org> - 0.4.3-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..6dca897
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+07a106c343152d1340ec44b6e29c5526  fastapi-cloudauth-0.4.3.tar.gz