Skip to content

ocarinow/fastjwt

Repository files navigation

fastjwt

Supported Python Version Package Version Licence Documentation

Build Status Test Status Publish Status Documentation Status

Coverage Tests Docstring Flake8

Issues Pull Requests Repo Size Downloads

Stars Forks Watchers

FastJWT is a FastAPI Plugin for reusable JWT Authentication Management. fastjwt enables easy JSON Web Tokens management within your FastAPI application.

fastjwt is heavily inspired from its Flask equivalent Flask-JWT-Extended, special thanks to @vimalloc fot the amazing work.

Documentation: https://ocarinow.github.io/fastjwt/

Features

  • Encode/Decode JWT for application Authentication
  • Automatic JWT detection in request
    • JWT in Headers
    • JWT in Cookies
    • JWT in Query strings
    • JWT in JSON Body
  • Implicit/Explicit token refresh mechanism
  • Freshness state of token
  • Route protection
    • Token type based protection (access/refresh)
    • Token freshness protection
    • Partial route protection
  • Handle custom user logic for revoked token validation
  • Handle custom logic for token recipient retrieval (ORM, pydantic serialization...)
  • Provide FastAPI compliant dependency injection API
  • Automatic error handling
  • Scope Management (WIP)

Setup

Requirements

FastJWT is built on top of the following dependencies:

  • FastAPI as web framework
  • Pydantic as data validation
  • PyJWT as python implementation of the JSON Web Token standard

FastJWT also relies on typing-extensions for backward compatibility (python3.9)

Note

FastAPI, while required for fastjwt, is not declared as a dependency and must be installed prior with pip install fastapi

Install

# With pip
pip install fastjwt
# With poetry
poetry add fastjwt
# With pipenv
pipenv install fastjwt

Example

from fastapi import FastAPI, Depends
from fastjwt import FastJWT

app = FastAPI()
security = FastJWT()

@app.get('/login')
def login():
    return security.create_access_token(uid='foo')

@app.get('/protected', dependencies=[Depends(security.access_token_required())])
def protected():
    return "This is a protected endpoint"

Development

WORK IN PROGRESS

The development guide is not available yet

Contributing

WORK IN PROGRESS

The contribution guide is not available yet

License

This project is open source under MIT License