Skip to main content

User JWT Authentication for FastAPI services

Project description

ConnectKit FastAPIAuthentication [en|ru]


ConnectKit FastAPIAuthentication adds accounts, user sessions, and a user authentication mechanism using JWT for FastAPI applications.

Logging in via oauth2 or OpenID connect is not supported at the moment.

Installation


pip install ConnectKit-FastAPIAuthentication

Usage


Configuration parameters are loaded from environment variables, and can be redefined later.

SECURE_SECRET=str                 # Key for signing JWT
SECURE_ACCESS_EXPIRE=5            # Access token validity period in minutes
SECURE_REFRESH_EXPIRE=24          # Refresh token validity time in hours for a short session
SECURE_REFRESH_LONG_EXPIRE=720    # Refresh token validity time in hours for a long session
SECURE_PATH=/api                  # Prefix of the path to which the cookie with the token will be bound
SECURE_COOKIE_NAME=access         # The name of the cookie in which the token will be
SECURE_ONLY=True                  # Instructing the browser to accept the token only if https
SECURE_BLOCK_TRIES=5              # Number of attempts to enter the wrong password before the account is blocked
SECURE_OTP_ENABLED=True           # Use 2FA via one-time passwords
SECURE_OTP_BLOCK_TRIES=3          # Number of attempts to transfer OTP before logout
SECURE_OTP_ISSUER=Localhost inc.  # The OTP ISSUER transmitted to user when 2FA is enabled
SECURE_STRICT_VERIFICATION=True   # Strict verification for re-entering the password

To redefine:

from authentication.settings import settings

settings.SECURE_COOKIE_NAME = "new_name"

To set up a database connection.

To enable authorization endpoints:

from fastapi import FastAPI
from authentication import router as auth_router

app = FastAPI()
app.include_router(auth_router, prefix="/api/auth")

To get the current account or session:

from fastapi import APIRouter, Depends
from authentication import get_account, get_session
from authentication.models import Account, AccountSession
from authentication.errors import auth_errors, with_errors

router = APIRouter()


@router.get("/test", responses=with_errors(*auth_errors))
async def test(account: Account = Depends(get_account)):
    print(account)


@router.get("/test2", responses=with_errors(*auth_errors))
async def test2(account_session: AccountSession = Depends(get_session)):
    print(account_session)

The get_session function checks for the presence of a session and the passage of 2FA.

The get_account function checks the same as get_session, as well as the account activation status.

If the login is not completed or outdated, HttpException will be raised from the list of auth_errors exceptions.

To implement the registration form, manually add users and administrative work:

from authentication import (NewAccount, login_rules, password_rules,
                            login_type, password_type,
                            create_new_account, delete_account,
                            block_account, unblock_account, get_block_status,
                            get_status_otp, disable_otp)
from pydantic import BaseModel, EmailStr

# Creating a new user

try:
    new_acc = NewAccount(
        login="root",  # The user's unique login is set by the login_rules rule
        password="password",  # The user's password is set by the password_rules rule
        properties={  # User properties required in a specific task, Dict[str, Any]
            "name": "name"
        },
        active=True  # Is the account activated, False by default
    )
    account = await create_new_account(new_acc)
except ValueError as e:
    # The user already exists, or there is a validation error in the New Account
    pass


# Example of a registration scheme

class UserRegistration(BaseModel):
    login: login_type
    nickname: str
    email: EmailStr
    password: password_type


# Deleting an account
await delete_account(account)

# Getting the blocking status (bool, Optional[str])
block, reason = await get_block_status(account)

# Getting 2FA status
otp_enabled = await get_status_otp(account)

# Account blocking (a blocked account cannot log in)
await block_account(account, "reason")

# Unblocking account
await unblock_account(account)

# Forced disable of 2FA
await disable_otp(account)

Authentication diagram:

Authentication diagram

Token update diagram:

Token update diagram

License


ConnectKit FastAPIAuthentication is MIT License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Built Distribution

File details

Details for the file connectkit_fastapiauthentication-1.6.0.tar.gz.

File metadata

File hashes

Hashes for connectkit_fastapiauthentication-1.6.0.tar.gz
Algorithm Hash digest
SHA256 c7c9f5936c28ad848d31bf29f9afdb99aa9409d507e3eaf144ae67c70bc6e394
MD5 60b5e3db0ae4ec6afcfbd2ea8a9d43de
BLAKE2b-256 4ec6b1d0e49678d8936277800d33aa2a88a4d5abe7a9d67d62e5e6b2d75dc418

See more details on using hashes here.

File details

Details for the file connectkit_fastapiauthentication-1.6.0-py3-none-any.whl.

File metadata

File hashes

Hashes for connectkit_fastapiauthentication-1.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 06dfb84b1877166858cb19cbe4cd3c5a4bcb0c5da36fb967e7e8ddab184bb672
MD5 29a5bda6fea91139fcf1a82808f55e9c
BLAKE2b-256 c47da4b6026329dd1b2e041a87a2d824dbe05668ca30562cb7479cda6330e140

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page