python/fastapi-users
1
0
Fork 0
mirror of https://github.com/fastapi-users/fastapi-users.git synced 2025-08-15 19:30:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
fastapi-users/docs/configuration/authentication/jwt.md
François Voron fc59cf11ef Rework the documentation
2021-09-17 15:14:36 +02:00

2.7 KiB
Raw Permalink Blame History

JWT

JSON Web Token (JWT) is an internet standard for creating access tokens based on JSON.

Configuration

from fastapi_users.authentication import JWTAuthentication

SECRET = "SECRET"

jwt_authentication = JWTAuthentication(secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login")

As you can see, instantiation is quite simple. It accepts the following arguments:

  • secret (Union[str, pydantic.SecretStr]): A constant secret which is used to encode the token. Use a strong passphrase and keep it secure.
  • lifetime_seconds (int): The lifetime of the token in seconds.
  • tokenUrl (Optional[str]): The exact path of your login endpoint. It'll allow the interactive documentation to automatically discover it and get a working Authorize button. In most cases, you'll probably need a relative path, not absolute. You can read more details about this in the FastAPI documentation. Defaults to auth/jwt/login.
  • name (Optional[str]): Name of the backend. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. Defaults to jwt.
jwt_authentication = JWTAuthentication(
    secret=SECRET,
    lifetime_seconds=3600,
    name="my-jwt",
)

Login

This method will return a JWT token upon successful login:

!!! success "200 OK" json { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiOTIyMWZmYzktNjQwZi00MzcyLTg2ZDMtY2U2NDJjYmE1NjAzIiwiYXVkIjoiZmFzdGFwaS11c2VyczphdXRoIiwiZXhwIjoxNTcxNTA0MTkzfQ.M10bjOe45I5Ncu_uXvOmVV8QxnL-nZfcH96U90JaocI", "token_type": "bearer" }

Check documentation about login route.

Logout

This backend does not provide a logout method (a JWT is valid until it expires).

Authentication

This method expects that you provide a Bearer authentication with a valid JWT.

curl http://localhost:9000/protected-route -H'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiOTIyMWZmYzktNjQwZi00MzcyLTg2ZDMtY2U2NDJjYmE1NjAzIiwiYXVkIjoiZmFzdGFwaS11c2VyczphdXRoIiwiZXhwIjoxNTcxNTA0MTkzfQ.M10bjOe45I5Ncu_uXvOmVV8QxnL-nZfcH96U90JaocI'

Tip: Refresh

The default implementation does not provide a mechanism to refresh the JWT. However, you can implement it quite easily like this:

from fastapi import Depends, Response


@router.post("/auth/jwt/refresh")
async def refresh_jwt(response: Response, user=Depends(fastapi_users.current_user(active=True))):
    return await jwt_authentication.get_login_response(user, response)