python/fastapi-users
1
0
Fork 0
mirror of https://github.com/fastapi-users/fastapi-users.git synced 2025-08-15 19:30:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
fastapi-users/docs/configuration/authentication/transports/cookie.md
François Voron c4de66b81c Revamp authentication (#831) 
* Implement Transport classes

* Implement authentication strategy classes

* Revamp authentication with Transport and Strategy

* Revamp strategy and OAuth so that they can use a callable dependency

* Update docstring

* Make ErrorCode a proper Enum and cleanup unused OpenAPI utils

* Remove useless check

* Tweak typing in authenticator

* Update docs

* Improve logout/destroy token logic

* Update docs

* Update docs

* Update docs and full examples

* Apply formatting to examples

* Update OAuth doc and examples

* Add migration doc

* Implement Redis session token

* Add Redis Session documentation

* RedisSession -> Redis

* Fix links in docs
2021-12-30 15:22:07 +01:00

1.5 KiB
Raw Permalink Blame History

Cookie

Cookies are an easy way to store stateful information into the user browser. Thus, it is more useful for browser-based navigation (e.g. a front-end app making API requests) rather than pure API interaction.

Configuration

from fastapi_users.authentication import CookieTransport

cookie_transport = CookieTransport(cookie_max_age=3600)

As you can see, instantiation is quite simple. It accepts the following arguments:

  • cookie_name (fastapiusersauth): Name of the cookie.
  • cookie_max_age (Optional[int]): The lifetime of the cookie in seconds. None by default, which means it's a session cookie.
  • cookie_path (/): Cookie path.
  • cookie_domain (None): Cookie domain.
  • cookie_secure (True): Whether to only send the cookie to the server via SSL request.
  • cookie_httponly (True): Whether to prevent access to the cookie via JavaScript.
  • cookie_samesite (lax): A string that specifies the samesite strategy for the cookie. Valid values are lax, strict and none. Defaults to lax.

Login

This method will return a response with a valid set-cookie header upon successful login:

!!! success "200 OK"

Check documentation about login route.

Logout

This method will remove the authentication cookie:

!!! success "200 OK"

Check documentation about logout route.

Authentication

This method expects that you provide a valid cookie in the headers.