FastAPI middleware for Cloudflare Access JWT authentication
Project description
FastAPI bearer class for Cloudflare Access (Argo Tunnel)
A FastAPI middleware for authenticating requests from Cloudflare Access (formerly Argo Tunnel) using JWT tokens.
Why?
When using Cloudflare Access to protect your FastAPI application, you need to validate the JWT tokens that Cloudflare Access sends with each request. This package provides a simple way to validate these tokens and protect your FastAPI routes.
Installation
pip install fastapi-cloudflare-access-jwt
Usage
- Set up your environment variables:
export CF_ACCESS_CERTS_URL="https://your-team-name.cloudflareaccess.com/cdn-cgi/access/certs"
export CF_ACCESS_POLICY_AUD="your-application-audience-tag"
- Use in your FastAPI application:
from fastapi import FastAPI, Depends
from cloudflare_access_jwt import enforce_cf_access
app = FastAPI(dependencies=[Depends(enforce_cf_access)])
@app.get("/protected")
async def protected_route():
return {"message": "This route is protected by Cloudflare Access"}
# Or protect specific routes:
@app.get("/also-protected")
async def another_protected_route(cf_claims=Depends(enforce_cf_access)):
return {"message": "This route is also protected", "user": cf_claims}
You can also initialize the middleware with parameters instead of environment variables:
from cloudflare_access_jwt import CloudflareAccessJWT
custom_enforcer = CloudflareAccessJWT(
certs_url="https://your-team-name.cloudflareaccess.com/cdn-cgi/access/certs",
policy_aud="your-application-audience-tag"
)
app = FastAPI(dependencies=[Depends(custom_enforcer)])
Development
- Clone the repository and install dependencies:
git clone https://github.com/aluxian/fastapi-cloudflare-access-jwt.git
cd fastapi-cloudflare-access-jwt
uv venv
source .venv/bin/activate
uv sync
- Run linting checks:
uv run ruff check .
- Run tests:
uv run pytest
- Start Aider:
uvx --python 3.12 --from 'aider-chat[playwright]' --with 'aider-chat[help]' aider
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi_cloudflare_access_jwt-0.1.1.tar.gz.
File metadata
- Download URL: fastapi_cloudflare_access_jwt-0.1.1.tar.gz
- Upload date:
- Size: 38.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.0.1 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fb5d441ede28d5dea562b942269ceed914134af2824ad6beddb3f2e05ad54f46
|
|
| MD5 |
28507eb51a43c4d130df1d52ca11cc69
|
|
| BLAKE2b-256 |
718a141de0b89c25ec27a59d5c2c14397eb7326a974638bbced547ed6f971006
|
Provenance
The following attestation bundles were made for fastapi_cloudflare_access_jwt-0.1.1.tar.gz:
Publisher:
python-publish.yml on aluxian/fastapi-cloudflare-access-jwt
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fastapi_cloudflare_access_jwt-0.1.1.tar.gz -
Subject digest:
fb5d441ede28d5dea562b942269ceed914134af2824ad6beddb3f2e05ad54f46 - Sigstore transparency entry: 157357955
- Sigstore integration time:
-
Permalink:
aluxian/fastapi-cloudflare-access-jwt@258bb69c4fdb64570c0d8ea29454c12699dde081 -
Branch / Tag:
refs/tags/0.1.1 - Owner: https://github.com/aluxian
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
python-publish.yml@258bb69c4fdb64570c0d8ea29454c12699dde081 -
Trigger Event:
release
-
Statement type:
File details
Details for the file fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl.
File metadata
- Download URL: fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl
- Upload date:
- Size: 5.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.0.1 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5d3f1311dda0384a00da2899e450fd5901e2fe2f74eba4e503d8f1203855e757
|
|
| MD5 |
9fb7a26b42b8f3e15f8583a9851d9097
|
|
| BLAKE2b-256 |
6e817315ea32a2a44e01b8e188aa8b6977354a543d45c5cb50f3d8165ba1a95e
|
Provenance
The following attestation bundles were made for fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl:
Publisher:
python-publish.yml on aluxian/fastapi-cloudflare-access-jwt
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl -
Subject digest:
5d3f1311dda0384a00da2899e450fd5901e2fe2f74eba4e503d8f1203855e757 - Sigstore transparency entry: 157357956
- Sigstore integration time:
-
Permalink:
aluxian/fastapi-cloudflare-access-jwt@258bb69c4fdb64570c0d8ea29454c12699dde081 -
Branch / Tag:
refs/tags/0.1.1 - Owner: https://github.com/aluxian
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
python-publish.yml@258bb69c4fdb64570c0d8ea29454c12699dde081 -
Trigger Event:
release
-
Statement type: