Authenticated Google User

The authenticated google user dependency allows you to retrieve the google user info of the user who is currently authenticated either with HTTP bearer credentials or via a session token.

To construct a dependency you can use the buildflow.dependencies.auth.AuthenticatedGoogleUserDepBuilder builder with the following arguments:

raise_on_unauthenticatedWhether or not to raise a 403 error if the request was unauthenticated. Defaults to True
session_id_tokenThe session ID token for where to fetch the credentials from. This can be used if you are storing credentials in a session object. If set we will look for the token in the session instead of the headers. Defaults to None
bearer_credentials_dependencyThe dependency used to fetch bearer credentials. Defaults to the buildflow provided dependency. You only need to set this if you need to extract the bearer token from a different header.

The dependency will provide an object containing a google user.

google_userThe authenticated google user (or none if raise_on_unauthenticated is set to False and the request was unauthenticated)

The google user object has the following fields

google_account_idThe subject ID of the user returned by Google
emailThe email of the user returned by Google
email_verifiedWhether the user has verified their email with google
nameThe name of the user returned by Google

Usage with HTTP header

from buildflow.dependencies.auth import AuthenticatedGoogleUserDepBuilder

AuthenticatedGoogleUserDep = AuthenticatedGoogleUserDepBuilder()

@app.endpoint("/", method="POST")
def endpoint(google_user_dep: AuthenticatedGoogleUserDep):

Usage with Session

The SessionMiddleware must be added to your service for this to work. See the example below.

from buildflow.dependencies.auth import AuthenticatedGoogleUserDepBuilder
from buildflow.middleware import SessionMiddleware

# NOTE: Where ever you add the id token to the session you must also use the same key here
AuthenticatedGoogleUserDep = AuthenticatedGoogleUserDepBuilder(session_id_token="id_token")

service = app.service()

service.add_middleware(SessionMiddleware, secret_key="super-secret")

@endpoint("/auth/callback/google", method="GET")
async def auth_callback(request: Request, auth_flow: AuthFlow):
    code = request.query_params.get("code")
    if code is None:
        raise HTTPException(401)
    user_id_token = fetch_id_token(code, auth_flow)
    # NOTE: we add the id token to the session here using the same key as above for our dependency
    request.session["id_token"] = user_id_token
    return RedirectResponse("/")

@service.endpoint("/", method="POST")
def endpoint(google_user_dep: AuthenticatedGoogleUserDep):