224a311792
* fix "Authorization: Bearer Undefined" on Swagger * updating pytest to recognize access_token * fix pytest KeyError * adding changes requested (add token_type to documentation and tests) * fix documentation
1.9 KiB
JWT
JSON Web Token (JWT) is an internet standard for creating access tokens based on JSON.
Configuration
from fastapi_users.authentication import JWTAuthentication
SECRET = "SECRET"
auth_backends = []
jwt_authentication = JWTAuthentication(secret=SECRET, lifetime_seconds=3600))
auth_backends.append(jwt_authentication)
As you can see, instantiation is quite simple. You just have to define a constant SECRET which is used to encode the token and the lifetime of token (in seconds).
!!! tip
You can also optionally define the name. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. Defaults to jwt.
```py
jwt_authentication = JWTAuthentication(
secret=SECRET,
lifetime_seconds=3600,
name="my-jwt",
)
```
Login
This method will return a JWT token upon successful login:
!!! success "200 OK"
json { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiOTIyMWZmYzktNjQwZi00MzcyLTg2ZDMtY2U2NDJjYmE1NjAzIiwiYXVkIjoiZmFzdGFwaS11c2VyczphdXRoIiwiZXhwIjoxNTcxNTA0MTkzfQ.M10bjOe45I5Ncu_uXvOmVV8QxnL-nZfcH96U90JaocI", "token_type": "bearer" }
Check documentation about login route.
Logout
This backend does not provide a logout method (a JWT is valid until it expires).
Authentication
This method expects that you provide a Bearer authentication with a valid JWT.
curl http://localhost:9000/protected-route -H'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiOTIyMWZmYzktNjQwZi00MzcyLTg2ZDMtY2U2NDJjYmE1NjAzIiwiYXVkIjoiZmFzdGFwaS11c2VyczphdXRoIiwiZXhwIjoxNTcxNTA0MTkzfQ.M10bjOe45I5Ncu_uXvOmVV8QxnL-nZfcH96U90JaocI'
Next steps
We will now configure the main FastAPI Users object that will expose the routers.