member/member-backend

Files

Chris 2b81fd01c3 feat: add authentik jwt verification and me endpoints

2026-03-29 23:06:19 +08:00

1012 B

Raw Blame History

memberapi.ose.tw backend

Quick start

cd backend
python -m venv .venv
source .venv/bin/activate
pip install -e .
cp .env.example .env
uvicorn app.main:app --host 127.0.0.1 --port 8000 --reload

Required DB setup

Initialize API client whitelist table with docs/API_CLIENTS_SQL.sql.
Initialize core tables with backend/scripts/init_schema.sql.
Generate api_key_hash and update api_clients records, e.g.:

python scripts/generate_api_key_hash.py 'YOUR_PLAIN_KEY'

Authentik JWT setup

Configure at least one of:
- AUTHENTIK_JWKS_URL
- AUTHENTIK_ISSUER (the service infers <issuer>/jwks/)
Optional:
- AUTHENTIK_AUDIENCE (enables audience claim validation)

Main APIs

GET /healthz
GET /me (Bearer token required)
GET /me/permissions/snapshot (Bearer token required)
POST /internal/users/upsert-by-sub
GET /internal/permissions/{authentik_sub}/snapshot
POST /admin/permissions/grant
POST /admin/permissions/revoke