Fix #630: relative tokenUrl (#636)

* Fix #630: use relative tokenUrl as per the official recommendations * Improve following review comments * Fix unmatching backtick * Improve consistency of authentication backend documentation
2025-11-02 04:05:19 +08:00 · 2021-05-20 08:52:03 +02:00
parent a690e82408
commit 455f695f52
10 changed files with 33 additions and 33 deletions
--- a/docs/configuration/authentication/cookie.md
+++ b/docs/configuration/authentication/cookie.md
@ -16,27 +16,25 @@ cookie_authentication = CookieAuthentication(secret=SECRET, lifetime_seconds=360
 auth_backends.append(cookie_authentication)
 ```

-As you can see, instantiation is quite simple. You just have to define a constant `SECRET` which is used to encode the token and the lifetime of the cookie (in seconds).
-
-You can also define the parameters for the generated cookie:
+As you can see, instantiation is quite simple. It accepts the following arguments:

+* `secret` (`str`): A constant secret which is used to encode the cookie. **Use a strong passphrase and keep it secure.**
+* `lifetime_seconds` (`int`): The lifetime of the cookie in seconds.
 * `cookie_name` (`fastapiusersauth`): Name of the cookie.
 * `cookie_path` (`/`): Cookie path.
 * `cookie_domain` (`None`): Cookie domain.
 * `cookie_secure` (`True`): Whether to only send the cookie to the server via SSL request.
 * `cookie_httponly` (`True`): Whether to prevent access to the cookie via JavaScript.
-* `cookie_samesite` (`lax`): A string that specifies the samesite strategy for the cookie. Valid values are 'lax', 'strict' and 'none'. Defaults to 'lax'. 
+* `cookie_samesite` (`lax`): A string that specifies the samesite strategy for the cookie. Valid values are `lax`, `strict` and `none`. Defaults to `lax`.
+* `name` (`Optional[str]`): Name of the backend. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. Defaults to `cookie`.

-!!! tip
-    You can also optionally define the `name`. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. **Defaults to `cookie`**.
-
-    ```py
-    cookie_authentication = CookieAuthentication(
-        secret=SECRET,
-        lifetime_seconds=3600,
-        name="my-cookie",
-    )
-    ```
+```py
+cookie_authentication = CookieAuthentication(
+    secret=SECRET,
+    lifetime_seconds=3600,
+    name="my-cookie",
+)
+```

 !!! tip
    The value of the cookie is actually a JWT. This authentication backend shares most of its logic with the [JWT](./jwt.md) one.
--- a/docs/configuration/authentication/jwt.md
+++ b/docs/configuration/authentication/jwt.md
@ -11,23 +11,25 @@ SECRET = "SECRET"

 auth_backends = []

-jwt_authentication = JWTAuthentication(secret=SECRET, lifetime_seconds=3600)
+jwt_authentication = JWTAuthentication(secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login")

 auth_backends.append(jwt_authentication)
 ```

-As you can see, instantiation is quite simple. You just have to define a constant `SECRET` which is used to encode the token and the lifetime of token (in seconds).
+As you can see, instantiation is quite simple. It accepts the following arguments:

-!!! tip
-    You can also optionally define the `name`. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. **Defaults to `jwt`**.
+* `secret` (`str`): A constant secret which is used to encode the token. **Use a strong passphrase and keep it secure.**
+* `lifetime_seconds` (`int`): The lifetime of the token in seconds.
+* `tokenUrl` (`Optional[str]`): The exact path of your login endpoint. It'll allow the interactive documentation to automatically discover it and get a working *Authorize* button. In most cases, you'll probably need a **relative** path, not absolute. You can read more details about this in the [FastAPI documentation](https://fastapi.tiangolo.com/tutorial/security/first-steps/#fastapis-oauth2passwordbearer). Defaults to `auth/jwt/login`.
+* `name` (`Optional[str]`): Name of the backend. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. Defaults to `jwt`.

-    ```py
-    jwt_authentication = JWTAuthentication(
-        secret=SECRET,
-        lifetime_seconds=3600,
-        name="my-jwt",
-    )
-    ```
+```py
+jwt_authentication = JWTAuthentication(
+    secret=SECRET,
+    lifetime_seconds=3600,
+    name="my-jwt",
+)
+```

 ## Login

--- a/docs/src/full_mongodb.py
+++ b/docs/src/full_mongodb.py
@ -45,7 +45,7 @@ def after_verification_request(user: UserDB, token: str, request: Request):


 jwt_authentication = JWTAuthentication(
-    secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login"
+    secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login"
 )

 app = FastAPI()
--- a/docs/src/full_ormar.py
+++ b/docs/src/full_ormar.py
@ -54,7 +54,7 @@ def after_verification_request(user: UserDB, token: str, request: Request):


 jwt_authentication = JWTAuthentication(
-    secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login"
+    secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login"
 )

 app = FastAPI()
--- a/docs/src/full_sqlalchemy.py
+++ b/docs/src/full_sqlalchemy.py
@ -56,7 +56,7 @@ def after_verification_request(user: UserDB, token: str, request: Request):


 jwt_authentication = JWTAuthentication(
-    secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login"
+    secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login"
 )

 app = FastAPI()
--- a/docs/src/full_tortoise.py
+++ b/docs/src/full_tortoise.py
@ -54,7 +54,7 @@ def after_verification_request(user: UserDB, token: str, request: Request):


 jwt_authentication = JWTAuthentication(
-    secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login"
+    secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login"
 )

 fastapi_users = FastAPIUsers(
--- a/docs/src/oauth_full_mongodb.py
+++ b/docs/src/oauth_full_mongodb.py
@ -49,7 +49,7 @@ def after_verification_request(user: UserDB, token: str, request: Request):


 jwt_authentication = JWTAuthentication(
-    secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login"
+    secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login"
 )

 app = FastAPI()
--- a/docs/src/oauth_full_sqlalchemy.py
+++ b/docs/src/oauth_full_sqlalchemy.py
@ -69,7 +69,7 @@ def after_verification_request(user: UserDB, token: str, request: Request):


 jwt_authentication = JWTAuthentication(
-    secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login"
+    secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login"
 )

 app = FastAPI()
--- a/docs/src/oauth_full_tortoise.py
+++ b/docs/src/oauth_full_tortoise.py
@ -67,7 +67,7 @@ def after_verification_request(user: UserDB, token: str, request: Request):


 jwt_authentication = JWTAuthentication(
-    secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login"
+    secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login"
 )

 fastapi_users = FastAPIUsers(
--- a/fastapi_users/authentication/jwt.py
+++ b/fastapi_users/authentication/jwt.py
@ -30,7 +30,7 @@ class JWTAuthentication(BaseAuthentication[str]):
        self,
        secret: str,
        lifetime_seconds: int,
-        tokenUrl: str = "/login",
+        tokenUrl: str = "auth/jwt/login",
        name: str = "jwt",
    ):
        super().__init__(name, logout=False)