flask-oidc | OpenID Connect support for Flask

I'd like to build a web app using Vue for the frontend, and Python (Flask or FastAPI) for backend API calls.

Both on the frontend and the backend, I'd like to have authentication via Okta in place.

I'm able both to create a frontend (I used Okta cli for the boilerplate) with the desired protection in place, and a backend (using Flask-OIDC). However, I'm not sure how to plug those two together: is it sufficient to protect the API calls and trust that the user will be logged in through the frontend? Do I need to protect both the frontend and the backend (I strongly believe: yes)? I'm sure there is some sort of best-practice out there, but I fail to find it; would be very grateful for any pointers in the right direction.

Thank you!

I'm trying to implement Flask-OIDC and Keycloak in a Flask app run inside a Gitpod workspace.

I'm running the application and the Keycloak server like this:

For some reason, PyJTW doesn't seem to work on my virtualenv on Ubuntu 16.04, but it worked fine on my local Windows machine (inside a venv too). I'm clueless, I've tried different versions, copied the exact same versions as I had on my Windows machine, and yet I still couldn't get this to work.

Installed packages:

I configured Keycloak to authenticate the users of my client and return it's role to my application. The following JSON is the data Keycloak returns with OIDC for my user. In the data, we can clearly see that the field resource_access.test-client.roles is present.

I have successfully implemented Keycloak OpenID + Python (v3.6) Flask integration using Flask-oidc.

I use below code to get user info,access_token and refresh_token