Backend DevelopmentPython TutorialHow to implement authentication and authorization of requests in FastAPIHow to implement authentication and authorization of requests in FastAPI
How to implement requested authentication and authorization in FastAPI
With the development of the Internet, network security issues have attracted more and more attention. When developing web applications, request authentication and authorization are important aspects of ensuring application security. This article will introduce how to implement request authentication and authorization in the FastAPI framework.
FastAPI is a high-performance web framework based on Python that provides a simple and powerful way to create web APIs. It integrates the Pydantic library and Starlette framework, making the development process easier and more efficient.
- Installing dependencies
First, we need to install FastAPI and the corresponding dependencies. It can be installed with the following command:
$ pip install fastapi $ pip install uvicorn
- Create a basic application
Next, we create a simple FastAPI application and add some basic routes and endpoints . In this example, we will create a file called "app.py" and copy the following code into it:
from fastapi import FastAPI
app = FastAPI()
@app.get("/")
def read_root():
return {"Hello": "World"}- Add Authentication and Authorization
Next, we will introduce how to use FastAPI's security features to implement authentication and authorization of requests. We will use OAuth2.0 as the mechanism for authentication and authorization.
First, we need to import the relevant modules and classes:
from fastapi import Depends, FastAPI, HTTPException, status from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm from passlib.context import CryptContext
Then, we create a password encryption context:
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
Next, we define a user model, with For verifying the user's identity:
class User:
def __init__(self, username: str, password: str, disabled: bool = False):
self.username = username
self.password = pwd_context.hash(password)
self.disabled = disabled
def verify_password(self, password: str):
return pwd_context.verify(password, self.password)
def get_user(self, username: str):
if self.username == username:
return selfThen, we create a dummy database and add some user information for testing purposes:
fake_db = [
User(username="user1", password="password"),
User(username="user2", password="password", disabled=True)
]Next, we define a function to verify the user's credentials :
def authenticate_user(username: str, password: str):
user = get_user(username)
if not user:
return False
if not user.verify_password(password):
return False
return userThen, we define a function to get the current user:
def get_current_user(token: str = Depends(oauth2_scheme)):
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
user = authenticate_user(token)
if not user:
raise credentials_exception
return userFinally, we apply these functions to the FastAPI application:
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token")
@app.post("/token")
async def login(form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid username or password",
headers={"WWW-Authenticate": "Bearer"},
)
return {"access_token": str(user.username), "token_type": "bearer"}
@app.get("/items/")
async def read_items(current_user: User = Depends(get_current_user)):
return {"items": [{"item_id": "Item 1"}, {"item_id": "Item 2"}]}- Test Application
Now we can run the application and test it. Start the application by running the following command:
$ uvicorn app:app --reload
Next, we can use curl or any HTTP client tool to test the application. First, we need to obtain the access token:
$ curl --request POST --url http://localhost:8000/token --header 'Content-Type: application/x-www-form-urlencoded' --data 'username=user1&password=password'
The response received should look like:
{"access_token":"user1","token_type":"bearer"}We can then use the obtained access token to access the restricted endpoint:
$ curl --request GET --url http://localhost:8000/items/ --header 'Authorization: Bearer user1'
should receive a response similar to the following:
{"items":[{"item_id":"Item 1"},{"item_id":"Item 2"}]}With this, we successfully implemented the authentication and authorization of the request in the FastAPI application.
Summary:
This article introduces how to implement request authentication and authorization in the FastAPI framework. We use the security features of FastAPI and perform authentication and authorization through the OAuth2.0 mechanism. By importing relevant modules and classes, creating a password encryption context, defining user models and verification functions, the requested authentication function is implemented. Finally, we applied these functions to the FastAPI application and tested them. With these steps, we can build a secure and reliable web application.
The above is the detailed content of How to implement authentication and authorization of requests in FastAPI. For more information, please follow other related articles on the PHP Chinese website!
Python vs. C : Understanding the Key DifferencesApr 21, 2025 am 12:18 AMPython and C each have their own advantages, and the choice should be based on project requirements. 1) Python is suitable for rapid development and data processing due to its concise syntax and dynamic typing. 2)C is suitable for high performance and system programming due to its static typing and manual memory management.
Python vs. C : Which Language to Choose for Your Project?Apr 21, 2025 am 12:17 AMChoosing Python or C depends on project requirements: 1) If you need rapid development, data processing and prototype design, choose Python; 2) If you need high performance, low latency and close hardware control, choose C.
Reaching Your Python Goals: The Power of 2 Hours DailyApr 20, 2025 am 12:21 AMBy investing 2 hours of Python learning every day, you can effectively improve your programming skills. 1. Learn new knowledge: read documents or watch tutorials. 2. Practice: Write code and complete exercises. 3. Review: Consolidate the content you have learned. 4. Project practice: Apply what you have learned in actual projects. Such a structured learning plan can help you systematically master Python and achieve career goals.
Maximizing 2 Hours: Effective Python Learning StrategiesApr 20, 2025 am 12:20 AMMethods to learn Python efficiently within two hours include: 1. Review the basic knowledge and ensure that you are familiar with Python installation and basic syntax; 2. Understand the core concepts of Python, such as variables, lists, functions, etc.; 3. Master basic and advanced usage by using examples; 4. Learn common errors and debugging techniques; 5. Apply performance optimization and best practices, such as using list comprehensions and following the PEP8 style guide.
Choosing Between Python and C : The Right Language for YouApr 20, 2025 am 12:20 AMPython is suitable for beginners and data science, and C is suitable for system programming and game development. 1. Python is simple and easy to use, suitable for data science and web development. 2.C provides high performance and control, suitable for game development and system programming. The choice should be based on project needs and personal interests.
Python vs. C : A Comparative Analysis of Programming LanguagesApr 20, 2025 am 12:14 AMPython is more suitable for data science and rapid development, while C is more suitable for high performance and system programming. 1. Python syntax is concise and easy to learn, suitable for data processing and scientific computing. 2.C has complex syntax but excellent performance and is often used in game development and system programming.
2 Hours a Day: The Potential of Python LearningApr 20, 2025 am 12:14 AMIt is feasible to invest two hours a day to learn Python. 1. Learn new knowledge: Learn new concepts in one hour, such as lists and dictionaries. 2. Practice and exercises: Use one hour to perform programming exercises, such as writing small programs. Through reasonable planning and perseverance, you can master the core concepts of Python in a short time.
Python vs. C : Learning Curves and Ease of UseApr 19, 2025 am 12:20 AMPython is easier to learn and use, while C is more powerful but complex. 1. Python syntax is concise and suitable for beginners. Dynamic typing and automatic memory management make it easy to use, but may cause runtime errors. 2.C provides low-level control and advanced features, suitable for high-performance applications, but has a high learning threshold and requires manual memory and type safety management.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
Dreamweaver Mac version
Visual web development tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
