// the find
vibber-ai/fastapi-azure-auth
Easy and secure implementation of Azure Entra ID (previously AD) for your FastAPI APIs 🔒 B2C, single- and multi-tenant support.
A FastAPI dependency that handles Azure Entra ID (formerly Azure AD) token validation — single-tenant, multi-tenant, and B2C variants. You drop it in as a `Security()` dependency and it handles OIDC discovery, JWT verification, and scope checking. Aimed at Python shops building internal or enterprise APIs that are already committed to the Microsoft identity stack.
Covers the three genuinely distinct Azure auth scenarios (single-tenant, multi-tenant, B2C) with separate classes rather than one god-object with twelve boolean flags. The OpenID config is cached and refreshed on a background task, so key rotation doesn't require a restart. Swagger UI integration works out of the box — the authorize button in the docs actually authenticates against your real Azure app. Test suite is thorough and mocks the OIDC endpoints correctly, which is the hard part of testing auth libraries.
Still uses the deprecated `@app.on_event('startup')` pattern in the README and demo project instead of lifespan context managers, which is a red flag for a library selling itself on correctness. Multi-tenant issuer validation is off by default (`validate_iss=False`) and requires you to wire up an async callable yourself — the right default would be to reject unknown tenants and require opt-in to allow all. No built-in support for client credentials flow (machine-to-machine), which is half the reason you're running an enterprise API behind Entra ID. The 678 stars suggest moderate adoption but the GitHub org rename to vibber-ai hints at a commercial pivot, raising questions about long-term maintenance independence.