|
| 1 | +--- |
| 2 | +outline: deep |
| 3 | +--- |
| 4 | + |
1 | 5 | # Tutorials |
2 | 6 |
|
3 | 7 | This documentation section contains samples and tutorials on important topics of using the library. Look at |
@@ -26,6 +30,29 @@ contain the user information obtained from the IDP. |
26 | 30 |
|
27 | 31 | ## User provisioning |
28 | 32 |
|
| 33 | +User provisioning refers to the process of creating, updating, and deleting user accounts within the OAuth2 IDP and |
| 34 | +synchronizing that information with your FastAPI application's database. There are two approaches to user provisioning |
| 35 | +and both require the user claims to be mapped properly for creating a new user or updating an existing one. |
| 36 | + |
| 37 | +### Automatic provisioning |
| 38 | + |
| 39 | +After successful authentication, you can automatically create a user in your application's database using the |
| 40 | +information obtained from the IDP. The user creation or update can be handled at the `callback` function of the |
| 41 | +[middleware](/integration/integration#oauth2middleware) as it is called when authentication succeeds. |
| 42 | + |
| 43 | +### Manual provisioning |
| 44 | + |
| 45 | +After successful authentication, redirect the user to a registration form where they can complete their profile. This |
| 46 | +approach is useful when there missing mandatory attributes in `request.user` for creating a user in your application's |
| 47 | +database. You need to define a route for provisioning and provide it as `redirect_uri`, so |
| 48 | +the [user context](/integration/integration#user-context) will be available for usage. |
| 49 | + |
| 50 | +::: info NOTE |
| 51 | +In both scenarios, it is recommended to use the `identity` attribute for uniquely identifying the user from the |
| 52 | +database. So if the application uses or plans to use multiple IDPs, make sure to include the `provider` attribute when |
| 53 | +calculating the `identity` attribute. |
| 54 | +::: |
| 55 | + |
29 | 56 | ## Claims mapping |
30 | 57 |
|
31 | 58 | The `Claims` class includes permanent attributes like `display_name`, `identity`, `picture`, and `email`. It also allows |
@@ -78,3 +105,9 @@ flowchart LR |
78 | 105 | ## CSRF protection |
79 | 106 |
|
80 | 107 | ## PKCE support |
| 108 | + |
| 109 | +<style> |
| 110 | +.info { |
| 111 | + border: 0; |
| 112 | +} |
| 113 | +</style> |
0 commit comments