python/fastapi-users
1
0
Fork 0
mirror of https://github.com/fastapi-users/fastapi-users.git synced 2025-08-15 19:30:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
fastapi-users/docs/configuration/authentication/cookie.md
François Voron fc59cf11ef Rework the documentation
2021-09-17 15:14:36 +02:00

57 lines
2.1 KiB
Markdown
Raw Permalink Blame History

# Cookie
Cookies are an easy way to store stateful information into the user browser. Thus, it is more useful for browser-based navigation (e.g. a front-end app making API requests) rather than pure API interaction.
## Configuration
```py
from fastapi_users.authentication import CookieAuthentication
SECRET = "SECRET"
cookie_authentication = CookieAuthentication(secret=SECRET, lifetime_seconds=3600)
```
As you can see, instantiation is quite simple. It accepts the following arguments:
* `secret` (`Union[str, pydantic.SecretStr]`): A constant secret which is used to encode the cookie. **Use a strong passphrase and keep it secure.**
* `lifetime_seconds` (`int`): The lifetime of the cookie in seconds.
* `cookie_name` (`fastapiusersauth`): Name of the cookie.
* `cookie_path` (`/`): Cookie path.
* `cookie_domain` (`None`): Cookie domain.
* `cookie_secure` (`True`): Whether to only send the cookie to the server via SSL request.
* `cookie_httponly` (`True`): Whether to prevent access to the cookie via JavaScript.
* `cookie_samesite` (`lax`): A string that specifies the samesite strategy for the cookie. Valid values are `lax`, `strict` and `none`. Defaults to `lax`.
* `name` (`Optional[str]`): Name of the backend. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. Defaults to `cookie`.
```py
cookie_authentication = CookieAuthentication(
secret=SECRET,
lifetime_seconds=3600,
name="my-cookie",
)
```
!!! tip
The value of the cookie is actually a JWT. This authentication backend shares most of its logic with the [JWT](./jwt.md) one.
## Login
This method will return a response with a valid `set-cookie` header upon successful login:
!!! success "`200 OK`"
> Check documentation about [login route](../../usage/routes.md#post-loginname).
## Logout
This method will remove the authentication cookie:
!!! success "`200 OK`"
> Check documentation about [logout route](../../usage/routes.md#post-logoutname).
## Authentication
This method expects that you provide a valid cookie in the headers.
Reference in New Issue View Git Blame Copy Permalink