Flask-Login like package for FastAPI
Project description
FastAPI-Login
FastAPI-Login tries to provide similar functionality as Flask-Login does.
Documentation
In-depth documentation can be found at fastapi-login.readthedocs.io.
Some examples can be found here.
Installation
pip install fastapi-login
Usage
To begin we have to set up our FastAPI app:
from fastapi import FastAPI
SECRET = 'your-secret-key'
app = FastAPI()
To obtain a suitable secret key you can run import secrets; print(secrets.token_hex(24)).
Now we can import and setup the LoginManager, which will handle the process of encoding and decoding our Json Web Tokens.
from fastapi_login import LoginManager
manager = LoginManager(SECRET, token_url='/auth/token')
For the example we will use a dictionary to represent our user database. In your application this could also be a real database like sqlite or Postgres. It does not matter as you have to provide the function which retrieves the user.
fake_db = {'johndoe@e.mail': {'password': 'hunter2'}}
Now we have to provide the LoginManager with a way to load our user. The
user_loader callback should either return your user object or None
@manager.user_loader()
def load_user(email: str): # could also be an asynchronous function
user = fake_db.get(email)
return user
Now we have to define a way to let the user login in our app. Therefore we will create a new route:
from fastapi import Depends
from fastapi.security import OAuth2PasswordRequestForm
from fastapi_login.exceptions import InvalidCredentialsException
# the python-multipart package is required to use the OAuth2PasswordRequestForm
@app.post('/auth/token')
def login(data: OAuth2PasswordRequestForm = Depends()):
email = data.username
password = data.password
user = load_user(email) # we are using the same function to retrieve the user
if not user:
raise InvalidCredentialsException # you can also use your own HTTPException
elif password != user['password']:
raise InvalidCredentialsException
access_token = manager.create_access_token(
data=dict(sub=email)
)
return {'access_token': access_token, 'token_type': 'bearer'}
Now whenever you want your user to be logged in to use a route, you can simply
use your LoginManager instance as a dependency.
@app.get('/protected')
def protected_route(user=Depends(manager)):
...
If you also want to handle a not authenticated error, you can add your own subclass of Exception to the LoginManager.
from starlette.responses import RedirectResponse
class NotAuthenticatedException(Exception):
pass
# these two argument are mandatory
def exc_handler(request, exc):
return RedirectResponse(url='/login')
manager = LoginManager(..., not_authenticated_exception=NotAuthenticatedException)
# You also have to add an exception handler to your app instance
app.add_exception_handler(NotAuthenticatedException, exc_handler)
To change the expiration date of the token use the expires_delta argument of the create_access_token method
with timedelta. The default is set 15 min. Please be aware that setting a long expiry date is not considered a good practice
as it would allow an attacker with the token to use your application as long as he wants.
from datetime import timedelta
data = dict(sub=user.email)
# expires after 15 min
token = manager.create_access_token(
data=data
)
# expires after 12 hours
long_token = manager.create_access_token(
data=data, expires=timedelta(hours=12)
)
Usage with cookies
Instead of checking the header for the token. fastapi-login also support access using cookies.
from fastapi_login import LoginManager
manager = LoginManager(SECRET, token_url='/auth/token', use_cookie=True)
Now the manager will check the requests cookies the headers for the access token. The name of the cookie can be set using
manager.cookie_name.
If you only want to check the requests cookies you can turn the headers off using the use_header argument
For convenience the LoginManager also includes the set_cookie method which sets the cookie to your response,
with the recommended HTTPOnly flag and the manager.cookie_name as the key.
from fastapi import Depends
from starlette.responses import Response
@app.get('/auth')
def auth(response: Response, user=Depends(manager)):
token = manager.create_access_token(
data=dict(sub=user.email)
)
manager.set_cookie(response, token)
return response
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file fastapi_login-1.10.3.tar.gz.
File metadata
- Download URL: fastapi_login-1.10.3.tar.gz
- Upload date:
- Size: 10.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.5 CPython/3.10.12 Linux/6.5.0-1025-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f0db92f59bc7dfa301dfe8fa5914062ff1582efc2f56b51ca5e23dde4edf8c27
|
|
| MD5 |
683b8a4e8d8e1b2cef3f7fb400b3b70e
|
|
| BLAKE2b-256 |
a04b21e9372d157c0f2db613963f86832407c9ba064836e3612ed2a1b386a39f
|
File details
Details for the file fastapi_login-1.10.3-py3-none-any.whl.
File metadata
- Download URL: fastapi_login-1.10.3-py3-none-any.whl
- Upload date:
- Size: 10.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.5 CPython/3.10.12 Linux/6.5.0-1025-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4a88a5e82f35084075d22191173fa9ddc195c96647f984114a066dd93c067067
|
|
| MD5 |
e1b9f6e68d9fdc23dcaf4fee0c46ba1d
|
|
| BLAKE2b-256 |
f31b4f53a6939e97eb1b165e801fa1eb955c1d95914ad8edc29597633f284cc8
|
