FastAPI native extension, easy and simple JWT auth

Last update: Dec 12, 2022

Overview

fastapi-jwt

FastAPI native extension, easy and simple JWT auth

Documentation: https://k4black.github.io/fastapi-jwt/
Source Code: https://github.com/k4black/fastapi-jwt/

Installation

pip install fastapi-jwt

Usage

This library made in fastapi style, so it can be used as standard security features

from fastapi import FastAPI, Security
from fastapi_jwt import JwtAuthorizationCredentials, JwtAccessBearer


app = FastAPI()
access_security = JwtAccessBearer(secret_key="secret_key", auto_error=True)


@app.post("/auth")
def auth():
    subject = {"username": "username", "role": "user"}
    return {"access_token": access_security.create_access_token(subject=subject)}


@app.get("/users/me")
def read_current_user(
    credentials: JwtAuthorizationCredentials = Security(access_security),
):
    return {"username": credentials["username"], "role": credentials["role"]}

For more examples see usage docs

Alternatives

FastAPI docs suggest writing it manually, but
- code duplication
- opportunity for bugs
There is nice fastapi-jwt-auth, but
- poorly supported
- not "FastAPI-style" (not native functions parameters)

FastAPI Integration

There it is open and maintained Pull Request #3305 to the fastapi repo. Currently, not considered.

Requirements

fastapi
python-jose[cryptography]

Comments

How to refresh tokens?

I'm currently trying to implement the refresh token functionality, but I always get the error:

Credentials are not provided

The request is made using axios with withCredentials: true enabled in the options.

Here's the code for the server:

@router.post(
    "/refresh",
)
async def refresh_token(
    response: Response,
    credentials: JwtAuthorizationCredentials = Security(refresh_security),
    db: Session = Depends(get_db),
):
    logger.info("Request: Refresh -> New Request to refresh JWT token.")

    user = get_user_by_id(db, credentials["id"])

    logger.info("Request: Refresh -> Returning new credentials.")

    set_authentication_cookies(response, user)

    return {
        "user": user,
        "detail": "Token refreshed successfully!"
    }

opened by Myzel394 6

Add compatibility for Python 3.10
Changes:

Remove the version upper-limit for Python, fastapi, and python-jose

Add Python 3.10 to the Test workflow

testing against 3.10 is passing

Cheers! Kyle
opened by smithk86 1
Proposal to add a custom message for expired signature and incorrect token

Hi @k4black ,

FYI:this is just a proposal and not complete PR. If you agree, i will enrich the PR

Proposal: I would like to propose to add custom message as a param when creating a bearer token and refresh token. i have a use case where i need to pass different languages as message.

opened by rakesh1988 1

No access token type checking?

"credentials: JwtAuthorizationCredentials = Security(refresh_security)" allows only the refresh token. "credentials: JwtAuthorizationCredentials = Security(access_security)" allows both the access token and the refresh token. did you intend this?

class JwtAccess(JwtAuthBase):

def __init__(
    self,
    secret_key: str,
    places: Optional[Set[str]] = None,
    auto_error: bool = True,
    algorithm: str = jwt.ALGORITHMS.HS256,
    access_expires_delta: Optional[timedelta] = None,
    refresh_expires_delta: Optional[timedelta] = None,
):
    super().__init__(
        secret_key,
        places=places,
        auto_error=auto_error,
        algorithm=algorithm,
        access_expires_delta=access_expires_delta,
        refresh_expires_delta=refresh_expires_delta,
    )

async def _get_credentials(
    self,
    bearer: Optional[JwtAuthBase.JwtAccessBearer],
    cookie: Optional[JwtAuthBase.JwtAccessCookie],
) -> Optional[JwtAuthorizationCredentials]:
    payload = await self._get_payload(bearer, cookie)

    if payload:
        return JwtAuthorizationCredentials(
            payload["subject"], payload.get("jti", None)
        )
    return None

class JwtRefresh(JwtAuthBase):

def __init__(
    self,
    secret_key: str,
    places: Optional[Set[str]] = None,
    auto_error: bool = True,
    algorithm: str = jwt.ALGORITHMS.HS256,
    access_expires_delta: Optional[timedelta] = None,
    refresh_expires_delta: Optional[timedelta] = None,
):
    super().__init__(
        secret_key,
        places=places,
        auto_error=auto_error,
        algorithm=algorithm,
        access_expires_delta=access_expires_delta,
        refresh_expires_delta=refresh_expires_delta,
    )

async def _get_credentials(
    self,
    bearer: Optional[JwtAuthBase.JwtRefreshBearer],
    cookie: Optional[JwtAuthBase.JwtRefreshCookie],
) -> Optional[JwtAuthorizationCredentials]:
    payload = await self._get_payload(bearer, cookie)

    if payload is None:
        return None

    if "type" not in payload or payload["type"] != "refresh":
        if self.auto_error:
            raise HTTPException(
                status_code=HTTP_401_UNAUTHORIZED,
                detail="Wrong token: 'type' is not 'refresh'",
            )
        else:
            return None

    return JwtAuthorizationCredentials(
        payload["subject"], payload.get("jti", None)
    )

opened by ohgoodjay 0

Bump supported python version?

Im unable to install this project in my python 3.10 project, as you have pinned >=3.7,<3.10 in setup.cfg

I think this code will probably run with 3.10

opened by farridav 2
Is this project actively maintained?

I am looking for a fast api jwt extension that is still maintained. Looks like this repo was created to replace poorly maintained fastapi-jwt-auth but you have PRs opened for 3 months...

opened by jmilosze 1

Releases(0.1.8)

0.1.8(Apr 26, 2022)

Source code(tar.gz)
Source code(zip)
0.1.7(Dec 6, 2021)

Source code(tar.gz)
Source code(zip)
0.1.6(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.5(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.4(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.3(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.2(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.1.1(Dec 3, 2021)

Source code(tar.gz)
Source code(zip)
0.0.1(Dec 2, 2021)

Source code(tar.gz)
Source code(zip)

Owner

Konstantin Chernyshev

GitHub Repository https://k4black.github.io/fastapi-jwt/

Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automatically use request headers such as x-request-id or x-correlation-id.

starlette context Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automat

300 Dec 26, 2022

Drop-in MessagePack support for ASGI applications and frameworks

msgpack-asgi msgpack-asgi allows you to add automatic MessagePack content negotiation to ASGI applications (Starlette, FastAPI, Quart, etc.), with a s

128 Jan 02, 2023

Sample FastAPI project that uses async SQLAlchemy, SQLModel, Postgres, Alembic, and Docker.

FastAPI + SQLModel + Alembic Sample FastAPI project that uses async SQLAlchemy, SQLModel, Postgres, Alembic, and Docker. Want to learn how to build th

228 Jan 02, 2023

FastAPI Skeleton App to serve machine learning models production-ready.

FastAPI Model Server Skeleton Serving machine learning models production-ready, fast, easy and secure powered by the great FastAPI by Sebastián Ramíre

268 Jan 01, 2023

flask extension for integration with the awesome pydantic package

249 Jan 06, 2023

Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application.

Flask-Bcrypt Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application. Due to the recent increased prevelance of

310 Dec 14, 2022

FastAPI IPyKernel Sandbox

FastAPI IPyKernel Sandbox This repository is a light-weight FastAPI project that is meant to provide a wrapper around IPyKernel interactions. It is in

2 Oct 25, 2021

API using python and Fastapi framework

Welcome 👋 CFCApi is a API DEVELOPMENT PROJECT UNDER CODE FOR COMMUNITY ! Project Walkthrough 🚀 CFCApi run on Python using FASTapi Framework Docs The

7 Jan 02, 2023

Feature rich robust FastAPI template.

Flexible and Lightweight general-purpose template for FastAPI. Usage ⚠️ Git, Python and Poetry must be installed and accessible ⚠️ Poetry version must

588 Jan 04, 2023

Reusable utilities for FastAPI

Reusable utilities for FastAPI Documentation: https://fastapi-utils.davidmontague.xyz Source Code: https://github.com/dmontagu/fastapi-utils FastAPI i

1.3k Jan 04, 2023

FastAPI CRUD template using Deta Base

Deta Base FastAPI CRUD FastAPI CRUD template using Deta Base Setup Install the requirements for the CRUD: pip3 install -r requirements.txt Add your D

2 Dec 15, 2021

Docker Sample Project - FastAPI + NGINX

Docker Sample Project - FastAPI + NGINX Run FastAPI and Nginx using Docker container Installation Make sure Docker is installed on your local machine

1 Feb 11, 2022

🍃 A comprehensive monitoring and alerting solution for the status of your Chia farmer and harvesters.

chia-monitor A monitoring tool to collect all important metrics from your Chia farming node and connected harvesters. It can send you push notificatio

153 Oct 21, 2022

Simple web app example serving a PyTorch model using streamlit and FastAPI

streamlit-fastapi-model-serving Simple example of usage of streamlit and FastAPI for ML model serving described on this blogpost and PyConES 2020 vide

291 Jan 06, 2023

Farlimit - FastAPI rate limit with python

FastAPIRateLimit Contributing is F&E (free&easy) Y Usage pip install farlimit N

27 Oct 06, 2022

Minecraft biome tile server writing on Python using FastAPI

Blocktile Minecraft biome tile server writing on Python using FastAPI Usage https://blocktile.herokuapp.com/overworld/{seed}/{zoom}/{col}/{row}.png s

2 Aug 31, 2022

Fastapi-auth-middleware - Lightweight auth middleware for FastAPI that just works. Fits most auth workflows with only a few lines of code

FastAPI Auth Middleware We at Code Specialist love FastAPI for its simplicity an

27 Oct 16, 2022

FastAPI native extension, easy and simple JWT auth

Related tags

Overview

fastapi-jwt

Installation

Usage

Alternatives

FastAPI Integration

Requirements

Comments

How to refresh tokens?

Add compatibility for Python 3.10

Proposal to add a custom message for expired signature and incorrect token

No access token type checking?

Bump supported python version?

Is this project actively maintained?

Releases(0.1.8)

0.1.8(Apr 26, 2022)

0.1.7(Dec 6, 2021)

0.1.6(Dec 3, 2021)

0.1.5(Dec 3, 2021)

0.1.4(Dec 3, 2021)

0.1.3(Dec 3, 2021)

0.1.2(Dec 3, 2021)

0.1.1(Dec 3, 2021)

0.0.1(Dec 2, 2021)

Owner

Konstantin Chernyshev

Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automatically use request headers such as x-request-id or x-correlation-id.

Drop-in MessagePack support for ASGI applications and frameworks

Sample FastAPI project that uses async SQLAlchemy, SQLModel, Postgres, Alembic, and Docker.

FastAPI Skeleton App to serve machine learning models production-ready.

flask extension for integration with the awesome pydantic package

Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application.

FastAPI IPyKernel Sandbox

API using python and Fastapi framework

Feature rich robust FastAPI template.

Reusable utilities for FastAPI

FastAPI CRUD template using Deta Base

Docker Sample Project - FastAPI + NGINX

🍃 A comprehensive monitoring and alerting solution for the status of your Chia farmer and harvesters.

Simple web app example serving a PyTorch model using streamlit and FastAPI

Farlimit - FastAPI rate limit with python

Minecraft biome tile server writing on Python using FastAPI

Fastapi-auth-middleware - Lightweight auth middleware for FastAPI that just works. Fits most auth workflows with only a few lines of code

FastAPI framework plugins

A rate limiter for Starlette and FastAPI

A fast and durable Pub/Sub channel over Websockets. FastAPI + WebSockets + PubSub == ⚡ 💪 ❤️