2.0 KiB
Cookie
Cookies are an easy way to store stateful information into the user browser. Thus, it is more useful for browser-based navigation (e.g. a front-end app making API requests) rather than pure API interaction.
Configuration
from fastapi_users.authentication import CookieAuthentication
SECRET = "SECRET"
auth_backends = []
cookie_authentication = CookieAuthentication(secret=SECRET, lifetime_seconds=3600))
auth_backends.append(cookie_authentication)
As you can see, instantiation is quite simple. You just have to define a constant SECRET which is used to encode the token and the lifetime of the cookie (in seconds).
You can optionally define the name which will be used to generate its /login route. Defaults to cookie.
cookie_authentication = CookieAuthentication(
secret=SECRET,
lifetime_seconds=3600,
name="my-cookie",
)
You can also define the parameters for the generated cookie:
cookie_name(fastapiusersauth): Name of the cookie.cookie_path(/): Cookie path.cookie_domain(None): Cookie domain.cookie_secure(True): Whether to only send the cookie to the server via SSL request.cookie_httponly(True): Whether to prevent access to the cookie via JavaScript.
!!! tip The value of the cookie is actually a JWT. This authentication backend shares most of its logic with the JWT one.
Login
This method will return a response with a valid set-cookie header upon successful login:
!!! success "200 OK"
Check documentation about login route.
Logout
This method will remove the authentication cookie:
!!! success "200 OK"
Check documentation about logout route.
Authentication
This method expects that you provide a valid cookie in the headers.
Next steps
We will now configure the main FastAPI Users object that will expose the API router.