Does fief support old school user/pass access?

[shirkan]

Well, does it?
And if so, how do I implement a user/pass flow with fastapi as a web application? I couldn't find it in the tutorial, any example would be great.
Thanks!

[frankie567]

I understand that you want to implement your own username/password form in your app. Right now, that's not possible. You can only authenticate users through the OAuth2/OpenID Connect flow, which is the most secure approach when dealing with external auth providers.

Letting users implement their own login form would require us to implement a dedicated API, with the need to support lot of things like external OAuth Providers (or 2FA in the future). That's not something we plan in the short term.

[shirkan]

Hi, thanks for replying.
I understand your concerns, I'll just share my use case here, FWIW.
I'm building a b2b product which in such case users won't be too happy to sign in with their personal account, but with a business dedicated one, most probably an email account. Since my product is targeting specific audience in specific niche, it won't be wide open for anyone to sign up. Basically I planned to create user accounts for customers and personally deliver it to them.
If I'll choose to use Fief anyway, I'll need to use an OAuth provider which will change the sign up process entirely.
I'm still not sure about that, would be glad to hear your thoughts.
Thanks again @frankie567

[frankie567]

Regarding, the first point with limited access to the product (through an invitation system), it's a request that was made a few days ago: https://github.com/orgs/fief-dev/discussions/146 That's something we plan to implement in the future.

Regarding OAuth Providers, we support a wide-range of providers already: https://docs.fief.dev/configure/oauth-providers/#supported-oauth-providers We even support generic OpenID providers, so if your provider follows the OpenID protocol, it'll be compatible out-of-the-box.