Add authentication and authorization to your FastAPI app via dependencies.
Project description
FastAPI Security
Add authentication and authorization to your FastAPI app via dependencies.
Features
- Authentication via JWT-based OAuth 2 access tokens and via Basic Auth
- Pydantic-based
User
model for authenticated and anonymous users - Sub-classable
UserPermission
dependency to check against thepermissions
attribute returned in OAuth 2 access tokens - Able to extract user info from access tokens via OpenID Connect
Limitations
- Only supports validating access tokens using public keys from a JSON Web Key Set (JWKS) endpoint. I.e. for use with external identity providers such as Auth0 and ORY Hydra.
- Permissions can only be picked up automatically from OAuth2 tokens, from the non-standard
permissions
list attribute (Auth0 provides this, maybe other identity providers as well). For all other use cases,permission_overrides
must be used. For example if there's a basic auth user calleduser1
you can setpermission_overrides={"user1": ["*"]}
to give the user access to all permissions, orpermission_overrides={"user1": ["products:create"]}
to only assignuser1
with the permissionproducts:create
.
Installation
pip install fastapi-security
Usage examples
Examples on how to use can be found here.
TODO
- Write more tests
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
fastapi-security-0.2.0.tar.gz
(10.1 kB
view hashes)
Built Distribution
Close
Hashes for fastapi_security-0.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 34b4a4512ee73417e482a4c48d059a34df4aed482cca5a80d3f15eb5daf87dbe |
|
MD5 | 76c73c7aacd886d026a095da5cbc815f |
|
BLAKE2b-256 | 9e0c89349b9002ba1cc306b2bffaa253b483ed9510bda8492033eb3b28d6057c |