Make authorisation/authentification independent of azure

[Meteord]

Is your feature request related to a problem? Please describe.
Currently, authentication is based on having a specific role through an OpenidConnect provider. The provider is connected via azure easy auth, which acts as authentication middleware and injects specific headers containing the access tokens.

Instead of relying on easy auth, the backend should do the authorisation itself.

Describe the solution you'd like
After migrating from quart to fastapi, we could use the following fastapi extension:
fastapi-keycloak

Its easy to use and enables role based authentification.

idp = FastAPIKeycloak(
    server_url="https://auth.some-domain.com/auth",
    client_id="some-client",
    client_secret="some-client-secret",
    admin_client_secret="admin-cli-secret",
    realm="some-realm-name",
    callback_uri="http://localhost:8081/callback"
)
idp.add_swagger_config(app)

@app.get("/admin")
def admin(user: OIDCUser = Depends(idp.get_current_user(required_roles=["admin"]))):

Describe alternatives you've considered
Using fastapi-oidc. It has no logic for role based authentification. But that can be done with the tokens. It has more stars on github and more recent releases.
Additional context. I

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this issue will be closed.

[darenegade]

Instead of relying on easy auth, the backend should do the authorisation itself.

Adam Bien once said:

When you're in the cloud, use the cloud as much as you can to be cheap

You don't have to do everything yourself, but you shouldn't be dependent on one provider. In this case, there are similar alternatives for authentication in other cloud providers that can be set up like Easy-Auth. For on-premises, you can use your own API gateway, such as RefArch-GW.

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this issue will be closed.