Authentication Guide
This guide covers implementing authentication in Tasteful applications using the OIDC (OpenID Connect) authentication system. You’ll learn how to configure OIDC backends, create custom user models, and integrate authentication with your flavors.Quick Start
Get authentication working in your Tasteful application in just a few steps:OIDC Authentication Backend
Basic Configuration
TheOIDCAuthenticationBackend handles OpenID Connect authentication with automatic token validation:
Advanced Configuration
For more complex scenarios, you can customize the OIDC backend:Environment-Based Configuration
Use environment variables for secure configuration:.env file:
User Models
BaseUser
All user models in Tasteful extend theBaseUser class:
OIDCUser
TheOIDCUser model includes OIDC token claims:
Custom User Models
Create custom user models for application-specific needs:Async Authentication Backend
For high-performance applications, use the async authentication pattern:Integration with TastefulApp
Single Authentication Backend
Most applications use a single authentication method:Multiple Authentication Backends
For applications with different authentication needs:Using Authentication in Flavors
Basic User Access
Access authenticated users in your flavor controllers:OIDC Claims Access
When using OIDC authentication, access token claims:Optional Authentication
For endpoints that work with or without authentication:Error Handling
Authentication backends automatically handle common error scenarios:Automatic Error Responses
- 401 Unauthorized: Missing or invalid token
- 500 Internal Server Error: Backend authentication errors
Custom Error Handling
Add custom error handling in your authentication backend:Testing Authentication
Testing with Mock Users
Create mock authentication for testing:Integration Testing
Test with real OIDC tokens in integration tests:Common Patterns
Manual Role-Based Access Control
Implement role checking using OIDC claims:Manual Permission-Based Access
Implement fine-grained permission checking:Troubleshooting
Common Issues
Token Validation Fails- Verify OIDC metadata URL is accessible
- Check client ID and secret configuration
- Ensure token is properly formatted (Bearer token)
- Confirm authentication backend is configured in TastefulApp
- Check that endpoints are being called with valid Authorization header
- Verify OIDC provider is returning expected claims
- Use AsyncAuthenticationBackend for high-throughput applications
- Consider token caching for frequently accessed endpoints
- Monitor OIDC provider response times
Debug Mode
Enable debug logging to troubleshoot authentication issues:Adding Authentication to Existing Applications
Updating Your TastefulApp
If you have an existing Tasteful application without authentication, adding it is straightforward:Updating Your Flavors
Once authentication is enabled, update your flavor controllers to access authenticated users:Gradual Migration
For gradual migration, you can make authentication optional on some endpoints:Next Steps
- Backends Concepts - Learn more about authentication backends
- Creating Flavors - Build flavors with authentication