Skip to main content

FastAPI middleware for Cloudflare Access JWT authentication

Project description

FastAPI bearer class for Cloudflare Access (Argo Tunnel)

A FastAPI middleware for authenticating requests from Cloudflare Access (formerly Argo Tunnel) using JWT tokens.

Why?

When using Cloudflare Access to protect your FastAPI application, you need to validate the JWT tokens that Cloudflare Access sends with each request. This package provides a simple way to validate these tokens and protect your FastAPI routes.

Installation

pip install fastapi-cloudflare-access-jwt

Usage

  1. Set up your environment variables:
export CF_ACCESS_CERTS_URL="https://your-team-name.cloudflareaccess.com/cdn-cgi/access/certs"
export CF_ACCESS_POLICY_AUD="your-application-audience-tag"
  1. Use in your FastAPI application:
from fastapi import FastAPI, Depends
from cloudflare_access_jwt import enforce_cf_access

app = FastAPI(dependencies=[Depends(enforce_cf_access)])

@app.get("/protected")
async def protected_route():
    return {"message": "This route is protected by Cloudflare Access"}

# Or protect specific routes:
@app.get("/also-protected")
async def another_protected_route(cf_claims=Depends(enforce_cf_access)):
    return {"message": "This route is also protected", "user": cf_claims}

You can also initialize the middleware with parameters instead of environment variables:

from cloudflare_access_jwt import CloudflareAccessJWT

custom_enforcer = CloudflareAccessJWT(
    certs_url="https://your-team-name.cloudflareaccess.com/cdn-cgi/access/certs",
    policy_aud="your-application-audience-tag"
)

app = FastAPI(dependencies=[Depends(custom_enforcer)])

Development

  1. Clone the repository and install dependencies:
git clone https://github.com/aluxian/fastapi-cloudflare-access-jwt.git
cd fastapi-cloudflare-access-jwt
uv venv
source .venv/bin/activate
uv sync
  1. Run linting checks:
uv run ruff check .
  1. Run tests:
uv run pytest
  1. Start Aider:
uvx --python 3.12 --from 'aider-chat[playwright]' --with 'aider-chat[help]' aider

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fastapi_cloudflare_access_jwt-0.1.1.tar.gz (38.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl (5.3 kB view details)

Uploaded Python 3

File details

Details for the file fastapi_cloudflare_access_jwt-0.1.1.tar.gz.

File metadata

File hashes

Hashes for fastapi_cloudflare_access_jwt-0.1.1.tar.gz
Algorithm Hash digest
SHA256 fb5d441ede28d5dea562b942269ceed914134af2824ad6beddb3f2e05ad54f46
MD5 28507eb51a43c4d130df1d52ca11cc69
BLAKE2b-256 718a141de0b89c25ec27a59d5c2c14397eb7326a974638bbced547ed6f971006

See more details on using hashes here.

Provenance

The following attestation bundles were made for fastapi_cloudflare_access_jwt-0.1.1.tar.gz:

Publisher: python-publish.yml on aluxian/fastapi-cloudflare-access-jwt

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 5d3f1311dda0384a00da2899e450fd5901e2fe2f74eba4e503d8f1203855e757
MD5 9fb7a26b42b8f3e15f8583a9851d9097
BLAKE2b-256 6e817315ea32a2a44e01b8e188aa8b6977354a543d45c5cb50f3d8165ba1a95e

See more details on using hashes here.

Provenance

The following attestation bundles were made for fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl:

Publisher: python-publish.yml on aluxian/fastapi-cloudflare-access-jwt

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page