How to use JWT token for authentication and authorization in FastAPI-Python Tutorial-php.cn

Home

Backend Development

Python Tutorial

How to use JWT token for authentication and authorization in FastAPI

PHPz

Aug 01, 2023 pm 02:21 PM

fastapijwt tokenAuthentication and authorization

How to use JWT tokens for authentication and authorization in FastAPI

Introduction:
With the development of web applications, user authentication and authorization have become a vital part. Authentication and authorization functions can be easily implemented using JWT (JSON Web Token) tokens. FastAPI is a modern Python-based web framework that provides simple and easy-to-use functionality to handle authentication and authorization. This article will explain how to use JWT tokens for authentication and authorization in FastAPI.

Install dependent libraries
First, we need to install some dependent libraries, including FastAPI, PyJWT and Passlib. You can install it using the pip command:

pip install fastapi
pip install pyjwt
pip install passlib

Generate secret key
We need to generate a secret key for signing and verifying JWT tokens. You can use the following code to generate a secret key:

import secrets

secret_key = secrets.token_urlsafe(32)

Create user model
In FastAPI, we need to define a user model to represent users in the application. The user model can be created using the following code:

from pydantic import BaseModel

class User(BaseModel):
    username: str
    password: str

Create routing and handling functions
Next, we need to create routing and handling functions to handle the user's authentication and authorization requests. Routing and handling functions can be created using the following code:

from fastapi import FastAPI, HTTPException
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from passlib.context import CryptContext
from datetime import datetime, timedelta
import jwt

app = FastAPI()

pwd_context = CryptContext(schemes=["bcrypt"])
security = HTTPBearer()

# 模拟数据库中的用户
users_db = {
    "admin": {
        "username": "admin",
        "password": pwd_context.hash("admin123")
    }
}

@app.post("/login")
def login(user: User):
    if user.username not in users_db:
        raise HTTPException(status_code=401, detail="Invalid username")
    
    stored_user = users_db[user.username]
    if not pwd_context.verify(user.password, stored_user["password"]):
        raise HTTPException(status_code=401, detail="Invalid password")
    
    token = generate_token(user.username)
    return {"access_token": token}

def generate_token(username: str) -> str:
    expiration = datetime.utcnow() + timedelta(minutes=30)
    payload = {"username": username, "exp": expiration}
    return jwt.encode(payload, secret_key, algorithm="HS256")

@app.get("/users/me")
def get_user_profile(credentials: HTTPAuthorizationCredentials = security):
    token = credentials.credentials
    try:
        payload = jwt.decode(token, secret_key, algorithms=["HS256"])
        username = payload["username"]
        if username not in users_db:
            raise HTTPException(status_code=401, detail="Invalid username")
        
        return {"username": username}
    except jwt.DecodeError:
        raise HTTPException(status_code=401, detail="Invalid token")

Testing the Function
Now we can use Postman or other HTTP client tools to test our functionality. First, we need to send a login request using a POST request and include the username and password in the request body. As shown below:

Request URL: http://localhost:8000/login
Request body:

{
    "username": "admin",
    "password": "admin123"
}

After successful login, we will receive an access token containing card response. For example:

{
    "access_token": "xxxxxxxxxxxxx"
}

Then, we can send a request to obtain the user profile using a GET request, sending the access token as the Bearer token in the Authorization header. As shown below:

Request URL: http://localhost:8000/users/me
Request header: Authorization: Bearer xxxxxxxxxxxxx

If the token verification is successful, the response will be returned A JSON object containing the username. For example:

{
    "username": "admin"
}

Conclusion:
This article explains how to use JWT tokens for authentication and authorization in FastAPI. By using the PyJWT library, we generated the JWT token and used the Passlib library for password hash verification. Using this approach, we can easily implement user authentication and authorization functionality to secure our web application.

The above is the detailed content of How to use JWT token for authentication and authorization in FastAPI. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What data types can be stored in a Python array?Apr 27, 2025 am 12:11 AM

Pythonlistscanstoreanydatatype,arraymodulearraysstoreonetype,andNumPyarraysarefornumericalcomputations.1)Listsareversatilebutlessmemory-efficient.2)Arraymodulearraysarememory-efficientforhomogeneousdata.3)NumPyarraysareoptimizedforperformanceinscient

What happens if you try to store a value of the wrong data type in a Python array?Apr 27, 2025 am 12:10 AM

WhenyouattempttostoreavalueofthewrongdatatypeinaPythonarray,you'llencounteraTypeError.Thisisduetothearraymodule'sstricttypeenforcement,whichrequiresallelementstobeofthesametypeasspecifiedbythetypecode.Forperformancereasons,arraysaremoreefficientthanl

Which is part of the Python standard library: lists or arrays?Apr 27, 2025 am 12:03 AM

Pythonlistsarepartofthestandardlibrary,whilearraysarenot.Listsarebuilt-in,versatile,andusedforstoringcollections,whereasarraysareprovidedbythearraymoduleandlesscommonlyusedduetolimitedfunctionality.

What should you check if the script executes with the wrong Python version?Apr 27, 2025 am 12:01 AM

ThescriptisrunningwiththewrongPythonversionduetoincorrectdefaultinterpretersettings.Tofixthis:1)CheckthedefaultPythonversionusingpython--versionorpython3--version.2)Usevirtualenvironmentsbycreatingonewithpython3.9-mvenvmyenv,activatingit,andverifying

What are some common operations that can be performed on Python arrays?Apr 26, 2025 am 12:22 AM

Pythonarrayssupportvariousoperations:1)Slicingextractssubsets,2)Appending/Extendingaddselements,3)Insertingplaceselementsatspecificpositions,4)Removingdeleteselements,5)Sorting/Reversingchangesorder,and6)Listcomprehensionscreatenewlistsbasedonexistin

In what types of applications are NumPy arrays commonly used?Apr 26, 2025 am 12:13 AM

NumPyarraysareessentialforapplicationsrequiringefficientnumericalcomputationsanddatamanipulation.Theyarecrucialindatascience,machinelearning,physics,engineering,andfinanceduetotheirabilitytohandlelarge-scaledataefficiently.Forexample,infinancialanaly

When would you choose to use an array over a list in Python?Apr 26, 2025 am 12:12 AM

Useanarray.arrayoveralistinPythonwhendealingwithhomogeneousdata,performance-criticalcode,orinterfacingwithCcode.1)HomogeneousData:Arrayssavememorywithtypedelements.2)Performance-CriticalCode:Arraysofferbetterperformancefornumericaloperations.3)Interf

Are all list operations supported by arrays, and vice versa? Why or why not?Apr 26, 2025 am 12:05 AM

No,notalllistoperationsaresupportedbyarrays,andviceversa.1)Arraysdonotsupportdynamicoperationslikeappendorinsertwithoutresizing,whichimpactsperformance.2)Listsdonotguaranteeconstanttimecomplexityfordirectaccesslikearraysdo.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

1 months agoByDDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks agoByDDD

Where to find the Crane Control Keycard in Atomfall

1 months agoByDDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks agoByDDD

InZoi: How To Apply To School And University

3 weeks agoByDDD

Hot Tools

Dreamweaver CS6

Visual web development tools

SublimeText3 English version

Recommended: Win version, supports code prompts!

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),