python/fastapi-users
1
0
Fork 0
mirror of https://github.com/fastapi-users/fastapi-users.git synced 2025-08-26 04:25:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

Revamp authentication (#831)

Browse Source 
* Implement Transport classes

* Implement authentication strategy classes

* Revamp authentication with Transport and Strategy

* Revamp strategy and OAuth so that they can use a callable dependency

* Update docstring

* Make ErrorCode a proper Enum and cleanup unused OpenAPI utils

* Remove useless check

* Tweak typing in authenticator

* Update docs

* Improve logout/destroy token logic

* Update docs

* Update docs

* Update docs and full examples

* Apply formatting to examples

* Update OAuth doc and examples

* Add migration doc

* Implement Redis session token

* Add Redis Session documentation

* RedisSession -> Redis

* Fix links in docs
This commit is contained in:
François Voron
2021-12-30 15:22:07 +01:00
committed by GitHub
parent 72ab480aba
commit c4de66b81c
125 changed files with 3144 additions and 1344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
docs/configuration/authentication/transports/bearer.md Normal file
View File

@ -0,0 +1,41 @@
# Bearer
With this transport, the token is expected inside the `Authorization` header of the HTTP request with the `Bearer` scheme. It's particularly suited for pure API interaction or mobile apps.
## Configuration
```py
from fastapi_users.authentication import BearerTransport
bearer_transport = BearerTransport(tokenUrl="auth/jwt/login")
```
As you can see, instantiation is quite simple. It accepts the following arguments:
* `tokenUrl` (`str`): The exact path of your login endpoint. It'll allow the interactive documentation to automatically discover it and get a working *Authorize* button. In most cases, you'll probably need a **relative** path, not absolute. You can read more details about this in the [FastAPI documentation](https://fastapi.tiangolo.com/tutorial/security/first-steps/#fastapis-oauth2passwordbearer).
## Login
This method will return the in the following form upon successful login:
!!! success "`200 OK`"
```json
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiOTIyMWZmYzktNjQwZi00MzcyLTg2ZDMtY2U2NDJjYmE1NjAzIiwiYXVkIjoiZmFzdGFwaS11c2VyczphdXRoIiwiZXhwIjoxNTcxNTA0MTkzfQ.M10bjOe45I5Ncu_uXvOmVV8QxnL-nZfcH96U90JaocI",
"token_type": "bearer"
}
```
> Check documentation about [login route](../../../usage/routes.md#post-login).
## Logout
The logout method with this transport returns nothing.
## Authentication
This method expects that you provide a `Bearer` authentication with a valid token corresponding to your strategy.
```bash
curl http://localhost:9000/protected-route -H'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiOTIyMWZmYzktNjQwZi00MzcyLTg2ZDMtY2U2NDJjYmE1NjAzIiwiYXVkIjoiZmFzdGFwaS11c2VyczphdXRoIiwiZXhwIjoxNTcxNTA0MTkzfQ.M10bjOe45I5Ncu_uXvOmVV8QxnL-nZfcH96U90JaocI'
```

41
docs/configuration/authentication/transports/cookie.md Normal file
View File

@ -0,0 +1,41 @@
# Cookie
Cookies are an easy way to store stateful information into the user browser. Thus, it is more useful for browser-based navigation (e.g. a front-end app making API requests) rather than pure API interaction.
## Configuration
```py
from fastapi_users.authentication import CookieTransport
cookie_transport = CookieTransport(cookie_max_age=3600)
```
As you can see, instantiation is quite simple. It accepts the following arguments:
* `cookie_name` (`fastapiusersauth`): Name of the cookie.
* `cookie_max_age` (`Optional[int]`): The lifetime of the cookie in seconds. `None` by default, which means it's a session cookie.
* `cookie_path` (`/`): Cookie path.
* `cookie_domain` (`None`): Cookie domain.
* `cookie_secure` (`True`): Whether to only send the cookie to the server via SSL request.
* `cookie_httponly` (`True`): Whether to prevent access to the cookie via JavaScript.
* `cookie_samesite` (`lax`): A string that specifies the samesite strategy for the cookie. Valid values are `lax`, `strict` and `none`. Defaults to `lax`.
## Login
This method will return a response with a valid `set-cookie` header upon successful login:
!!! success "`200 OK`"
> Check documentation about [login route](../../../usage/routes.md#post-login).
## Logout
This method will remove the authentication cookie:
!!! success "`200 OK`"
> Check documentation about [logout route](../../../usage/routes.md#post-logout).
## Authentication
This method expects that you provide a valid cookie in the headers.