Added SSO Backend Functionality

.gitignore

@@ -0,0 +1,41 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/versions
+
+# testing
+/coverage
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnpm-debug.log*
+
+# env files (can opt-in for committing if needed)
+.env*
+
+# vercel
+.vercel
+
+# typescript
+*.tsbuildinfo
+next-env.d.ts

app/api/v1/api.py

@@ -0,0 +1,6 @@
+from fastapi import APIRouter
+from app.api.v1.endpoints import auth
+
+api_router = APIRouter()
+
+api_router.include_router(auth.router, prefix="/auth", tags=["Authentication"])

app/api/v1/endpoints/auth.py

@@ -0,0 +1,64 @@
+from fastapi import APIRouter, Request, HTTPException
+from authlib.integrations.starlette_client import OAuth
+from app.core.config import settings
+
+router = APIRouter()
+
+# Initialize OAuth
+oauth = OAuth()
+
+# Register Microsoft Provider
+# We use the tenant-specific endpoint for better security and internal organization
+CONF_URL = f"https://login.microsoftonline.com/{settings.MS_TENANT_ID}/v2.0/.well-known/openid-configuration"
+
+oauth.register(
+    name='microsoft',
+    client_id=settings.MS_CLIENT_ID,
+    client_secret=settings.MS_CLIENT_SECRET,
+    server_metadata_url=CONF_URL,
+    client_kwargs={
+        'scope': 'openid email profile User.Read'
+    }
+)
+
+@router.get("/login")
+async def login(request: Request):
+    """
+    Redirects the user to the Microsoft Login page.
+    """
+    redirect_uri = settings.MS_REDIRECT_URI
+    return await oauth.microsoft.authorize_redirect(request, redirect_uri)
+
+
+@router.get("/callback")
+async def auth_callback(request: Request):
+    """
+    Handles the callback from Microsoft after successful login.
+    Exchanges the authorization code for an access token and user info.
+    """
+    try:
+        token = await oauth.microsoft.authorize_access_token(request)
+        user = token.get('userinfo')
+        
+        if not user:
+             # Sometimes userinfo is not directly in the token depending on claims, 
+             # allow fetch via userinfo endpoint if configured, or parse id_token
+             user = await oauth.microsoft.userinfo(token=token)
+
+        # Store user info in session (cookie)
+        # In a real app, you might issue your own JWT here instead
+        request.session['user'] = dict(user)
+        
+        return {"message": "Login successful", "user": user}
+    except Exception as e:
+        # Log the error in production
+        raise HTTPException(status_code=400, detail=f"SSO Login Failed: {str(e)}")
+
+
+@router.get("/logout")
+async def logout(request: Request):
+    """
+    Clears the local session.
+    """
+    request.session.pop('user', None)
+    return {"message": "Logged out successfully"}

app/core/config.py

@@ -0,0 +1,17 @@
+from pydantic_settings import BaseSettings
+
+class Settings(BaseSettings):
+    PROJECT_NAME: str = "FastAPI SSO"
+    SECRET_KEY: str
+    
+    # Microsoft SSO Config
+    MS_CLIENT_ID: str
+    MS_CLIENT_SECRET: str
+    MS_TENANT_ID: str
+    MS_REDIRECT_URI: str
+
+    class Config:
+        env_file = ".env"
+        case_sensitive = True
+
+settings = Settings()

app/main.py

@@ -0,0 +1,33 @@
+from fastapi import FastAPI
+from starlette.middleware.sessions import SessionMiddleware
+from starlette.requests import Request
+from starlette.responses import HTMLResponse
+from starlette.templating import Jinja2Templates
+
+from app.core.config import settings
+from app.api.v1.api import api_router
+
+app = FastAPI(title=settings.PROJECT_NAME)
+
+# 1. Add Session Middleware
+# This is required for Authlib to store the temporary state during the OAuth dance
+app.add_middleware(
+    SessionMiddleware, 
+    secret_key=settings.SECRET_KEY, 
+    https_only=False # Set to True in production with SSL
+)
+
+# 2. Include API Routers
+app.include_router(api_router)
+
+# 3. Simple Frontend for demonstration
+templates = Jinja2Templates(directory="app/templates")
+
+@app.get("/", response_class=HTMLResponse)
+async def root(request: Request):
+    user = request.session.get("user")
+    return templates.TemplateResponse("index.html", {"request": request, "user": user})
+
+if __name__ == "__main__":
+    import uvicorn
+    uvicorn.run("app.main:app", host="0.0.0.0", port=8000, reload=True)

app/templates/index.html

@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>FastAPI Microsoft SSO</title>
+    <style>
+        body { font-family: sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; background-color: #f4f4f4; }
+        .container { background: white; padding: 2rem; border-radius: 8px; box-shadow: 0 4px 6px rgba(0,0,0,0.1); text-align: center; }
+        .btn { display: inline-block; padding: 10px 20px; background-color: #0078d4; color: white; text-decoration: none; border-radius: 4px; font-weight: bold; }
+        .btn-logout { background-color: #d83b01; }
+        pre { background: #eee; padding: 10px; text-align: left; overflow-x: auto; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>Microsoft SSO Integration</h1>
+        
+        {% if user %}
+            <p>Welcome, <strong>{{ user.name or user.email }}</strong>!</p>
+            <div style="text-align: left; margin-bottom: 20px;">
+                <small>User Details:</small>
+                <pre>{{ user | tojson(indent=2) }}</pre>
+            </div>
+            <a href="/auth/logout" class="btn btn-logout">Logout</a>
+        {% else %}
+            <p>You are not logged in.</p>
+            <a href="/auth/login" class="btn">Login with Microsoft</a>
+        {% endif %}
+    </div>
+</body>
+</html>

requirements.txt

@@ -0,0 +1,8 @@
+fastapi
+uvicorn[standard]
+authlib
+httpx
+pydantic-settings
+jinja2
+python-multipart
+itsdangerous