FastAPI extension for user authentication through signature challenges
Project description
FastAPI Wallet Authentication
fastapi-walletauth provides a simple way to authenticate users in FastAPI applications using a wallet. It currently supports Ethereum and Solana wallets/signatures.
Installation
pip install fastapi-walletauth
Usage
Adding the authentication endpoints is as simple as importing the fastapi_walletauth.magic module after the
FastAPI application has been created:
from fastapi import FastAPI
app = FastAPI()
import fastapi_walletauth.magic
or if you prefer, you can add the endpoints manually:
from fastapi import FastAPI
from fastapi_walletauth.router import authorization
app = FastAPI()
app.include_router(authorization)
This will add the following endpoints to your application:
POST /authentication/challenge: Returns a challenge for the user to signPOST /authentication/solve: Returns a Bearer token if the signature is validPOST /authentication/logout: Invalidates the current tokenPOST /authentication/refresh: Returns a new token if the current token is valid
You can then use WalletAuthDep to protect your endpoints:
from fastapi import FastAPI
from fastapi_walletauth import WalletAuth, WalletAuthDep
app = FastAPI()
import fastapi_walletauth.magic
@app.get("/protected")
def protected(wa: WalletAuth = WalletAuthDep()):
return wa.address
Signing the challenge
The challenge is a serialized JSON object containing the following fields:
message = {
"chain": "ETH",
"address": "0x...",
"app": "myapp",
"time": 1688819493.8691394
}
PLEASE NOTE: The app field needs to be set to the name of your application. This is used to prevent replay attacks.
export FASTAPI_WALLETAUTH_APP=myapp
The signature format depends on the wallet type and is specified in the chain field. This signature is then sent to the
/authentication/solve endpoint to obtain a Bearer token.
Liability
This software is provided "as is" and "with all faults." I make no representations or warranties of any kind concerning the safety, suitability, inaccuracies, typographical errors, or other harmful components of this software. There are inherent dangers in the use of any software, especially cryptographic implementations. You are solely responsible for determining whether this software is compatible with your machine and other software installed on your computer. You are also solely responsible for the choice of a wallet and the security of your private keys. You acknowledge and agree to waive any liability claim against me from any loss or damage of any kind arising out of or in connection with your use of this software.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file fastapi_walletauth-0.1.2.tar.gz.
File metadata
- Download URL: fastapi_walletauth-0.1.2.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.5.1 CPython/3.10.6 Linux/5.15.0-76-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 41c69e4a44b7151b3ed6948c7343e938e83e65481cc690e4bce53c72cdc9dd2e |
|
| MD5 | d01e6e728077098f16bb8ddc8c657fcf |
|
| BLAKE2b-256 | 56fc2a7b94fe38cb380f9e5997ca23c241dc9c54599e491c94f64548d582ba31 |
Provenance
File details
Details for the file fastapi_walletauth-0.1.2-py3-none-any.whl.
File metadata
- Download URL: fastapi_walletauth-0.1.2-py3-none-any.whl
- Upload date:
- Size: 6.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.5.1 CPython/3.10.6 Linux/5.15.0-76-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c46874bf0d0a1c6d06760bcc58d8a13d07068da506a7fcebad49745628048efa |
|
| MD5 | e3987af88ee21852099d86397d215a4f |
|
| BLAKE2b-256 | 23090282bdcb38f3679a2dece87ac4a012b4f7b4c77b15a4d27104882734ea81 |
