Skip to main content

No project description provided

Project description

FastAPI-Login

FastAPI-Login tries to provide similar functionality as Flask-Login does.

Documentation

In-depth documentation can but found at fastapi-login.readthedocs.io Some examples can be found here

Installation

$ pip install fastapi-login

Usage

To begin we have to setup our FastAPI app:

from fastapi import FastAPI

SECRET = 'your-secret-key'

app = FastAPI()

To obtain a suitable secret key you can run import os; print(os.urandom(24).hex()).

Now we can import and setup the LoginManager, which will handle the process of encoding and decoding our Json Web Tokens.

from fastapi_login import LoginManager

manager = LoginManager(SECRET, token_url='/auth/token')

For the example we will use a dictionary to represent our user database. In your application this could also be a real database like sqlite or Postgres. It does not matter as you have to provide the function which retrieves the user.

fake_db = {'johndoe@e.mail': {'password': 'hunter2'}}

Now we have to provide the LoginManager with a way to load our user. The user_loader callback should either return your user object or None

@manager.user_loader()
def load_user(email: str):  # could also be an asynchronous function
    user = fake_db.get(email)
    return user

Now we have to define a way to let the user login in our app. Therefore we will create a new route:

from fastapi import Depends
from fastapi.security import OAuth2PasswordRequestForm
from fastapi_login.exceptions import InvalidCredentialsException

# the python-multipart package is required to use the OAuth2PasswordRequestForm
@app.post('/auth/token')
def login(data: OAuth2PasswordRequestForm = Depends()):
    email = data.username
    password = data.password

    user = load_user(email)  # we are using the same function to retrieve the user
    if not user:
        raise InvalidCredentialsException  # you can also use your own HTTPException
    elif password != user['password']:
        raise InvalidCredentialsException
    
    access_token = manager.create_access_token(
        data=dict(sub=email)
    )
    return {'access_token': access_token, 'token_type': 'bearer'}

Now whenever you want your user to be logged in to use a route, you can simply use your LoginManager instance as a dependency.

@app.get('/protected')
def protected_route(user=Depends(manager)):
    ...

If you also want to handle a not authenticated error, you can add your own subclass of Exception to the LoginManager.

from starlette.responses import RedirectResponse

class NotAuthenticatedException(Exception):
    pass

# these two argument are mandatory
def exc_handler(request, exc):
    return RedirectResponse(url='/login')

# This will be deprecated in the future
# set your exception when initiating the instance
# manager = LoginManager(..., custom_exception=NotAuthenticatedException)
manager.not_authenticated_exception = NotAuthenticatedException
# You also have to add an exception handler to your app instance
app.add_exception_handler(NotAuthenticatedException, exc_handler)

To change the expiration date of the token use the expires_delta argument of the create_access_token method with a timedelta. The default is set 15 min. Please be aware that setting a long expiry date is not considered a good practice as it would allow an attacker with the token to use your application as long as he wants.

from datetime import timedelta

data = dict(sub=user.email)

# expires after 15 min
token = manager.create_access_token(
    data=data
)
# expires after 12 hours
long_token = manager.create_access_token(
    data=data, expires=timedelta(hours=12)
)

Usage with cookies

Instead of checking the header for the token. fastapi-login also support access using cookies.

from fastapi_login import LoginManager

manager = LoginManager(SECRET, token_url='/auth/token', use_cookie=True)

Now the manager will check the requests cookies the headers for the access token. The name of the cookie can be set using manager.cookie_name. If you only want to check the requests cookies you can turn the headers off using the use_header argument

For convenience the LoginManager also includes the set_cookie method which sets the cookie to your response, with the recommended HTTPOnly flag and the manager.cookie_name as the key.

from fastapi import Depends
from starlette.responses import Response


@app.get('/auth')
def auth(response: Response, user=Depends(manager)):
    token = manager.create_access_token(
        data=dict(sub=user.email)
    )
    manager.set_cookie(response, token)
    return response
    

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fastapi-login-1.7.3.tar.gz (14.0 kB view details)

Uploaded Source

Built Distribution

fastapi_login-1.7.3-py3-none-any.whl (15.4 kB view details)

Uploaded Python 3

File details

Details for the file fastapi-login-1.7.3.tar.gz.

File metadata

  • Download URL: fastapi-login-1.7.3.tar.gz
  • Upload date:
  • Size: 14.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.10.0

File hashes

Hashes for fastapi-login-1.7.3.tar.gz
Algorithm Hash digest
SHA256 8413ecad04d255c451e8ab28e692c579c79c7561ce9af70795abe54705d50441
MD5 78fcb263c42cd22685ab24ac5d56874d
BLAKE2b-256 97b30923cdced89158cab56048d8b94625fde99ac4f68dd457f16226398685ac

See more details on using hashes here.

File details

Details for the file fastapi_login-1.7.3-py3-none-any.whl.

File metadata

  • Download URL: fastapi_login-1.7.3-py3-none-any.whl
  • Upload date:
  • Size: 15.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.10.0

File hashes

Hashes for fastapi_login-1.7.3-py3-none-any.whl
Algorithm Hash digest
SHA256 584809c2b03b3bd0d5a4ca0cc5b7bb65f64dce91bd1a11bef1f09832d7093055
MD5 f9f4e77716957b09e67062da20c4ed94
BLAKE2b-256 cb7523a39790412c39da6f1a0854545e56761a5a863d70945ec44543f5c80bd0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page