FastJWT is a FastAPI Plugin for reusable JWT Authentication Management. fastjwt enables easy JSON Web Tokens management within your FastAPI application.
fastjwt is heavily inspired from its Flask equivalent Flask-JWT-Extended, special thanks to @vimalloc fot the amazing work.
Documentation: https://ocarinow.github.io/fastjwt/
- Encode/Decode JWT for application Authentication
- Automatic JWT detection in request
- JWT in Headers
- JWT in Cookies
- JWT in Query strings
- JWT in JSON Body
- Implicit/Explicit token refresh mechanism
- Freshness state of token
- Route protection
- Token type based protection (access/refresh)
- Token freshness protection
- Partial route protection
- Handle custom user logic for revoked token validation
- Handle custom logic for token recipient retrieval (ORM, pydantic serialization...)
- Provide FastAPI compliant dependency injection API
- Automatic error handling
- Scope Management (WIP)
FastJWT is built on top of the following dependencies:
- FastAPI as web framework
- Pydantic as data validation
- PyJWT as python implementation of the JSON Web Token standard
FastJWT also relies on typing-extensions
for backward compatibility (python3.9)
Note
FastAPI, while required for fastjwt, is not declared as a dependency and must be installed prior with
pip install fastapi
# With pip
pip install fastjwt
# With poetry
poetry add fastjwt
# With pipenv
pipenv install fastjwt
from fastapi import FastAPI, Depends
from fastjwt import FastJWT
app = FastAPI()
security = FastJWT()
@app.get('/login')
def login():
return security.create_access_token(uid='foo')
@app.get('/protected', dependencies=[Depends(security.access_token_required())])
def protected():
return "This is a protected endpoint"
WORK IN PROGRESS
The development guide is not available yet
WORK IN PROGRESS
The contribution guide is not available yet
This project is open source under MIT License