Docs/Add Hardware-Backed Sign-In to Your Application/ FastAPI (Authlib)
View as .md

FastAPI (Authlib)

See the Applications overview for prerequisites, configuration endpoints, and available scopes.

Authlib provides OAuth and OpenID Connect client support for Starlette-based applications. Key configuration:

  • Register the provider with server_metadata_url and code_challenge_method='S256' for PKCE
  • Add SessionMiddleware with a secret key before the auth middleware
  • Hardware attestation claims (hardware_verified, hardware_aaguid) are in the access token JWT — decode the payload with base64url and padding adjustment
  • Callback URL: /callback

Example

web/fastapi-authlib — Complete working example with authorization code flow, PKCE, session middleware, and hardware claim extraction.