FastAPI native extension, easy and simple JWT auth

Last update: Dec 12, 2022

Overview

fastapi-jwt

FastAPI native extension, easy and simple JWT auth

Documentation: https://k4black.github.io/fastapi-jwt/
Source Code: https://github.com/k4black/fastapi-jwt/

Installation

pip install fastapi-jwt

Usage

This library made in fastapi style, so it can be used as standard security features

from fastapi import FastAPI, Security
from fastapi_jwt import JwtAuthorizationCredentials, JwtAccessBearer


app = FastAPI()
access_security = JwtAccessBearer(secret_key="secret_key", auto_error=True)


@app.post("/auth")
def auth():
    subject = {"username": "username", "role": "user"}
    return {"access_token": access_security.create_access_token(subject=subject)}


@app.get("/users/me")
def read_current_user(
    credentials: JwtAuthorizationCredentials = Security(access_security),
):
    return {"username": credentials["username"], "role": credentials["role"]}

For more examples see usage docs

Alternatives

FastAPI docs suggest writing it manually, but
- code duplication
- opportunity for bugs
There is nice fastapi-jwt-auth, but
- poorly supported
- not "FastAPI-style" (not native functions parameters)

FastAPI Integration

There it is open and maintained Pull Request #3305 to the fastapi repo. Currently, not considered.

Requirements

fastapi
python-jose[cryptography]

Comments

How to refresh tokens?

I'm currently trying to implement the refresh token functionality, but I always get the error:

Credentials are not provided

The request is made using axios with withCredentials: true enabled in the options.

Here's the code for the server:

@router.post(
    "/refresh",
)
async def refresh_token(
    response: Response,
    credentials: JwtAuthorizationCredentials = Security(refresh_security),
    db: Session = Depends(get_db),
):
    logger.info("Request: Refresh -> New Request to refresh JWT token.")

    user = get_user_by_id(db, credentials["id"])

    logger.info("Request: Refresh -> Returning new credentials.")

    set_authentication_cookies(response, user)

    return {
        "user": user,
        "detail": "Token refreshed successfully!"
    }

opened by Myzel394 6

Add compatibility for Python 3.10
Changes:

Remove the version upper-limit for Python, fastapi, and python-jose

Add Python 3.10 to the Test workflow

testing against 3.10 is passing

Cheers! Kyle
opened by smithk86 1
Proposal to add a custom message for expired signature and incorrect token

Hi @k4black ,

FYI:this is just a proposal and not complete PR. If you agree, i will enrich the PR

Proposal: I would like to propose to add custom message as a param when creating a bearer token and refresh token. i have a use case where i need to pass different languages as message.

opened by rakesh1988 1

No access token type checking?

"credentials: JwtAuthorizationCredentials = Security(refresh_security)" allows only the refresh token. "credentials: JwtAuthorizationCredentials = Security(access_security)" allows both the access token and the refresh token. did you intend this?

class JwtAccess(JwtAuthBase):

def __init__(
    self,
    secret_key: str,
    places: Optional[Set[str]] = None,
    auto_error: bool = True,
    algorithm: str = jwt.ALGORITHMS.HS256,
    access_expires_delta: Optional[timedelta] = None,
    refresh_expires_delta: Optional[timedelta] = None,
):
    super().__init__(
        secret_key,
        places=places,
        auto_error=auto_error,
        algorithm=algorithm,
        access_expires_delta=access_expires_delta,
        refresh_expires_delta=refresh_expires_delta,
    )

async def _get_credentials(
    self,
    bearer: Optional[JwtAuthBase.JwtAccessBearer],
    cookie: Optional[JwtAuthBase.JwtAccessCookie],
) -> Optional[JwtAuthorizationCredentials]:
    payload = await self._get_payload(bearer, cookie)

    if payload:
        return JwtAuthorizationCredentials(
            payload["subject"], payload.get("jti", None)
        )
    return None

class JwtRefresh(JwtAuthBase):

def __init__(
    self,
    secret_key: str,
    places: Optional[Set[str]] = None,
    auto_error: bool = True,
    algorithm: str = jwt.ALGORITHMS.HS256,
    access_expires_delta: Optional[timedelta] = None,
    refresh_expires_delta: Optional[timedelta] = None,
):
    super().__init__(
        secret_key,
        places=places,
        auto_error=auto_error,
        algorithm=algorithm,
        access_expires_delta=access_expires_delta,
        refresh_expires_delta=refresh_expires_delta,
    )

async def _get_credentials(
    self,
    bearer: Optional[JwtAuthBase.JwtRefreshBearer],
    cookie: Optional[JwtAuthBase.JwtRefreshCookie],
) -> Optional[JwtAuthorizationCredentials]:
    payload = await self._get_payload(bearer, cookie)

    if payload is None:
        return None

    if "type" not in payload or payload["type"] != "refresh":
        if self.auto_error:
            raise HTTPException(
                status_code=HTTP_401_UNAUTHORIZED,
                detail="Wrong token: 'type' is not 'refresh'",
            )
        else:
            return None

    return JwtAuthorizationCredentials(
        payload["subject"], payload.get("jti", None)
    )

opened by ohgoodjay 0

Bump supported python version?

Im unable to install this project in my python 3.10 project, as you have pinned >=3.7,<3.10 in setup.cfg

I think this code will probably run with 3.10

opened by farridav 2
Is this project actively maintained?

I am looking for a fast api jwt extension that is still maintained. Looks like this repo was created to replace poorly maintained fastapi-jwt-auth but you have PRs opened for 3 months...

opened by jmilosze 1

Releases(0.1.8)

0.1.8(Apr 26, 2022)

Source code(tar.gz)
Source code(zip)
0.1.7(Dec 6, 2021)

Source code(tar.gz)
Source code(zip)
0.1.6(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.5(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.4(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.3(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.2(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.1(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.0.1(Dec 2, 2021)

Source code(tar.gz)
Source code(zip)

Owner

Konstantin Chernyshev

GitHub Repository https://k4black.github.io/fastapi-jwt/

FastAPI + Postgres + Docker Compose + Heroku Deploy Template

FastAPI + Postgres + Docker Compose + Heroku Deploy ⚠️ For educational purpose only. Not ready for production use YET Features FastAPI with Postgres s

12 Dec 27, 2022

Cube-CRUD is a simple example of a REST API CRUD in a context of rubik's cube review service.

Cube-CRUD is a simple example of a REST API CRUD in a context of rubik's cube review service. It uses Sqlalchemy ORM to manage the connection and database operations.

1 Dec 11, 2021

FastAPI native extension, easy and simple JWT auth

fastapi-jwt FastAPI native extension, easy and simple JWT auth

19 Dec 12, 2022

FastAPI IPyKernel Sandbox

FastAPI IPyKernel Sandbox This repository is a light-weight FastAPI project that is meant to provide a wrapper around IPyKernel interactions. It is in

2 Oct 25, 2021

A minimum reproducible repository for embedding panel in FastAPI

FastAPI-Panel A minimum reproducible repository for embedding panel in FastAPI Follow either This Tutorial or These steps below ↓↓↓ Clone the reposito

15 Sep 22, 2022

Simple notes app backend using Python's FastAPI framework.

my-notes-app Simple notes app backend using Python's FastAPI framework. Route "/": User login (GET): return 200, list of all of their notes; User sign

2 Sep 17, 2022

🚢 Docker images and utilities to power your Python APIs and help you ship faster. With support for Uvicorn, Gunicorn, Starlette, and FastAPI.

🚢 inboard 🐳 Docker images and utilities to power your Python APIs and help you ship faster. Description This repository provides Docker images and a

112 Dec 30, 2022

Flask + marshmallow for beautiful APIs

Flask-Marshmallow Flask + marshmallow for beautiful APIs Flask-Marshmallow is a thin integration layer for Flask (a Python web framework) and marshmal

768 Dec 22, 2022

Light, Flexible and Extensible ASGI API framework

Starlite Starlite is a light and flexible ASGI API framework. Using Starlette and pydantic as foundations. Check out the Starlite documentation 📚 Cor

1.5k Jan 04, 2023

API Simples com python utilizando a biblioteca FastApi

api-fastapi-python API Simples com python utilizando a biblioteca FastApi Para rodar esse script são necessárias duas bibliotecas: Fastapi: Comando de

0 Apr 29, 2022

FastAPI client generator

FastAPI-based API Client Generator Generate a mypy- and IDE-friendly API client from an OpenAPI spec. Sync and async interfaces are both available Com

283 Jan 04, 2023

Easily integrate socket.io with your FastAPI app 🚀

fastapi-socketio Easly integrate socket.io with your FastAPI app. Installation Install this plugin using pip: $ pip install fastapi-socketio Usage To

210 Dec 23, 2022

🐞 A debug toolbar for FastAPI based on the original django-debug-toolbar. 🐞

Debug Toolbar 🐞 A debug toolbar for FastAPI based on the original django-debug-toolbar. 🐞 Swagger UI & GraphQL are supported. Documentation: https:/

74 Dec 30, 2022

A simple example of deploying FastAPI as a Zeit Serverless Function

FastAPI Zeit Now Deploy a FastAPI app as a Zeit Serverless Function. This repo deploys the FastAPI SQL Databases Tutorial to demonstrate how a FastAPI

26 Dec 21, 2022

Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automatically use request headers such as x-request-id or x-correlation-id.

starlette context Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automat

300 Dec 26, 2022

FastAPI native extension, easy and simple JWT auth

Related tags

Overview

fastapi-jwt

Installation

Usage

Alternatives

FastAPI Integration

Requirements

Comments

How to refresh tokens?

Add compatibility for Python 3.10

Proposal to add a custom message for expired signature and incorrect token

No access token type checking?

Bump supported python version?

Is this project actively maintained?

Releases(0.1.8)

0.1.8(Apr 26, 2022)

0.1.7(Dec 6, 2021)

0.1.6(Dec 3, 2021)

0.1.5(Dec 3, 2021)

0.1.4(Dec 3, 2021)

0.1.3(Dec 3, 2021)

0.1.2(Dec 3, 2021)

0.1.1(Dec 3, 2021)

0.0.1(Dec 2, 2021)

Owner

Konstantin Chernyshev

FastAPI + Postgres + Docker Compose + Heroku Deploy Template

Cube-CRUD is a simple example of a REST API CRUD in a context of rubik's cube review service.

FastAPI native extension, easy and simple JWT auth

FastAPI IPyKernel Sandbox

A minimum reproducible repository for embedding panel in FastAPI

Simple notes app backend using Python's FastAPI framework.

🚢 Docker images and utilities to power your Python APIs and help you ship faster. With support for Uvicorn, Gunicorn, Starlette, and FastAPI.

Flask + marshmallow for beautiful APIs

Light, Flexible and Extensible ASGI API framework

API Simples com python utilizando a biblioteca FastApi

FastAPI client generator

Easily integrate socket.io with your FastAPI app 🚀

🐞 A debug toolbar for FastAPI based on the original django-debug-toolbar. 🐞

A simple example of deploying FastAPI as a Zeit Serverless Function

Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automatically use request headers such as x-request-id or x-correlation-id.

Local Telegram Bot With FastAPI & Ngrok

Browse JSON API in a HTML interface.

Drop-in MessagePack support for ASGI applications and frameworks

Beyonic API Python official client library simplified examples using Flask, Django and Fast API.

A kedro-plugin to serve Kedro Pipelines as API