Skip to main content

A library designed to facilitate the integration of JSON Web Key Set (JWKS) with FastAPI applications

Project description

fastapi-jwks

fastapi-jwks is a Python library designed to facilitate the integration of JSON Web Key Set (JWKS) with FastAPI applications. It provides a set of tools to automatically query the JWKS endpoint and verify the tokens sent over a request.

Key Features

  • JWKS Endpoint Querying: The library automatically queries the JWKS endpoint to fetch the necessary keys for token verification.
  • Token Verification: It verifies the tokens sent over a request with the JWKS endpoint, ensuring the authenticity and integrity of the data.
  • Dependency Integration: The library includes a dependency that can be easily integrated into your FastAPI application to handle token validation on every request.
  • Pydantic Model Support: It supports Pydantic models for token data extraction, providing a seamless way to work with the token data.
  • Customizable State Fields: You can customize where the payload and raw token are stored in the request state.
  • Raw Token Access: Access both the decoded payload and the original raw token through dependency injection.

Installation

pip install fastapi_jwks

Basic Usage

from fastapi import FastAPI
from fastapi import Depends, Security
from pydantic import BaseModel
from fastapi_jwks.injector import JWTTokenInjector
from fastapi_jwks.dependencies.jwk_auth import JWKSAuth
from fastapi_jwks.models.types import JWKSConfig, JWTDecodeConfig, JWKSAuthCredentials
from fastapi_jwks.validators import JWKSValidator

# The data we want to extract from the token
class FakeToken(BaseModel):
    user: str

app = FastAPI()

# Basic usage with default configuration
payload_injector = JWTTokenInjector[FakeToken]()

@app.get("/my-endpoint", response_model=FakeToken)
def my_endpoint(fake_token: FakeToken = Depends(payload_injector)):
    return fake_token

jwks_verifier = JWKSValidator[FakeToken](
    decode_config=JWTDecodeConfig(),
    jwks_config=JWKSConfig(url="http://my-fake-jwks-url/my-fake-endpoint"),
)
jwks_auth = JWKSAuth(jwks_validator=jwks_verifier)

# global: protect all endpoints
app = FastAPI(dependencies=[Security(jwks_auth)])

# specific API router
app.include_router(APIRouter(dependencies=[Security(jwks_auth)]))

# specific route
@app.get("/test")
def get_test_route(credentials: Annotated[JWKSAuthCredentials[FakeToken], Security(jwks_auth)]):
    ...

Advanced Usage

Custom State Fields

You can customize where the payload and raw token are stored in the request state:

from fastapi_jwks.models.types import JWKSAuthConfig, JWTTokenInjectorConfig
from fastapi_jwks.injector import JWTTokenInjector, JWTRawTokenInjector

# Configure depdency with custom field names
auth_config = JWKSAuthConfig(
    payload_field="custom_payload",
    token_field="custom_token"
)
jwks_auth = JWKSAuth(jwks_validator=jwks_verifier, config=auth_config)
app = FastAPI(dependencies=[Security(jwks_auth)])

# Configure injectors to use the custom fields
payload_injector = JWTTokenInjector[FakeToken](
    config=JWTTokenInjectorConfig(payload_field="custom_payload")
)
token_injector = JWTRawTokenInjector[str](
    config=JWTTokenInjectorConfig(token_field="custom_token")
)

@app.get("/advanced-endpoint")
def advanced_endpoint(
    payload: FakeToken = Depends(payload_injector),
    raw_token: str = Depends(token_injector)
):
    return {
        "user": payload.user,
        "token": raw_token
    }

Additional Configuration

The dependency also supports:

  • Custom authorization header name (auth_header)
  • Custom authorization scheme (auth_scheme)
jwks_auth = JWKSAuth(
    jwks_validator=jwks_verifier, 
    auth_header="X-Custom-Auth", 
    auth_scheme="Token"
)
app = FastAPI(dependencies=[Security(jwks_auth)])

Contributing

We are happy if you want to contribute to this project. If you find any bugs or have suggestions for improvements, please open an issue. We are also happy to accept your PRs. Just open an issue beforehand and let us know what you want to do and why.

License

fastapi-jwks is licensed under the MIT License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fastapi_jwks-2.0.2.tar.gz (7.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fastapi_jwks-2.0.2-py3-none-any.whl (8.4 kB view details)

Uploaded Python 3

File details

Details for the file fastapi_jwks-2.0.2.tar.gz.

File metadata

  • Download URL: fastapi_jwks-2.0.2.tar.gz
  • Upload date:
  • Size: 7.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.2 CPython/3.10.12 Linux/6.8.0-1059-azure

File hashes

Hashes for fastapi_jwks-2.0.2.tar.gz
Algorithm Hash digest
SHA256 a774c894784f964ad3f841d14a17789408c4befdd4e89fe81f2cfe4e11b1401f
MD5 40c6d1e45bda62215611516033f4d8b7
BLAKE2b-256 74b69a2c5f45ce96b0144e00eecb89db2d22d6aff99a8f87501651926b11eeb0

See more details on using hashes here.

File details

Details for the file fastapi_jwks-2.0.2-py3-none-any.whl.

File metadata

  • Download URL: fastapi_jwks-2.0.2-py3-none-any.whl
  • Upload date:
  • Size: 8.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.2 CPython/3.10.12 Linux/6.8.0-1059-azure

File hashes

Hashes for fastapi_jwks-2.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 03ec4806c6a7b151e90cf61d1dd775cb0124385c02721563db25f5be328fd880
MD5 5927d4b69ebd04dd740523e80ff55777
BLAKE2b-256 1c89d8ca11bbf9d9b00c97a3f9becd94e42d815dcc81fbe9c497539a5025d328

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page