Skip to content

k4black/fastapi-jwt

Repository files navigation

fastapi-jwt

Test Publish codecov pypi

FastAPI native extension, easy and simple JWT auth


Documentation: k4black.github.io/fastapi-jwt
Source Code: github.com/k4black/fastapi-jwt

Features

  • OpenAPI schema generation
  • Native integration with FastAPI
  • Access/Refresh JWT
  • JTI
  • Cookie setting

Installation

You can access package fastapi-jwt in pypi

pip install fastapi-jwt[authlib]
# or
pip install fastapi-jwt[python_jose]

The fastapi-jwt will choose the backend automatically if library is installed with the following priority:

  1. authlib
  2. python_jose (deprecated)

Usage

This library made in fastapi style, so it can be used as standard security features

from fastapi import FastAPI, Security, Response
from fastapi_jwt import JwtAuthorizationCredentials, JwtAccessBearer


app = FastAPI()
access_security = JwtAccessBearer(secret_key="secret_key", auto_error=True)


@app.post("/auth")
def auth():
    subject = {"username": "username", "role": "user"}
    return {"access_token": access_security.create_access_token(subject=subject)}

@app.post("/auth_cookie")
def auth(response: Response):
    subject = {"username": "username", "role": "user"}
    access_token = access_security.create_access_token(subject=subject)
    access_security.set_access_cookie(response, access_token)
    return {"access_token": access_token}


@app.get("/users/me")
def read_current_user(
    credentials: JwtAuthorizationCredentials = Security(access_security),
):
    return {"username": credentials["username"], "role": credentials["role"]}

For more examples see usage docs

Alternatives

  • FastAPI docs suggest writing it manually, but

    • code duplication
    • opportunity for bugs
  • There is nice fastapi-jwt-auth, but

    • poorly supported
    • not "FastAPI-style" (not native functions parameters)

FastAPI Integration

There it is open and maintained Pull Request #3305 to the fastapi repo. Currently, not considered.

Requirements

  • fastapi
  • authlib or python-jose[cryptography] (deprecated)

License

This project is licensed under the terms of the MIT license.