fastapi-nextauth-jwt 1.1.1

A fastapi dependency used to decode jwt tokens generated by nextauth,

fastapi-nextauth-jwt

This project contains a FastAPI dependency that can be used to decrypt and validate JWTs generated by NextAuth. The purpose of this project is to make it easy to use a FastAPI backend in projects that use Next.js and NextAuth in the frontend.

Besides JWT decryption and validation, NextAuth compatible cross-site request forgery (CSRF) protection is also implemented.

Installation

General usage:

pip install fastapi-nextauth-jwt

Development:

pip install "fastapi-nextauth-jwt[test]"

Usage

from typing import Annotated
from fastapi import FastAPI, Depends
from fastapi_nextauth_jwt import NextAuthJWT

app = FastAPI()

JWT = NextAuthJWT(
    secret="y0uR_SuP3r_s3cr37_$3cr3t",
)

@app.get("/")
async def return_jwt(jwt: Annotated[dict, Depends(JWT)]):
    return jwt

There are a few configuration options available in the NextAuthJWT constructor, but the most important one is secret, which should be equivalent to NEXTAUTH_SECRET on the Next.js side.

It is also possible to enable or disable CSRF protection using csrf_prevention_enabled. If this is not set, this will looks at the ENV environment variable. If this is dev then CSRF protection will be disabled.

You should also set the NEXTAUTH_URL environment variable, as it is used to determine whether or not secure cookies are being used. Or you can set the cookie names manually.