How to use JWT token for authentication and authorization in FastAPI

How to use JWT tokens for authentication and authorization in FastAPI

Introduction:
With the development of web applications, user authentication and authorization have become a vital part. Authentication and authorization functions can be easily implemented using JWT (JSON Web Token) tokens. FastAPI is a modern Python-based web framework that provides simple and easy-to-use functionality to handle authentication and authorization. This article will explain how to use JWT tokens for authentication and authorization in FastAPI.

1. Install dependent libraries
   First, we need to install some dependent libraries, including FastAPI, PyJWT and Passlib. You can install it using the pip command:

pip install fastapi
pip install pyjwt
pip install passlib

2. Generate secret key
   We need to generate a secret key for signing and verifying JWT tokens. You can use the following code to generate a secret key:

import secrets

secret_key = secrets.token_urlsafe(32)

3. Create user model
   In FastAPI, we need to define a user model to represent users in the application. The user model can be created using the following code:

from pydantic import BaseModel

class User(BaseModel):
    username: str
    password: str

4. Create routing and handling functions
   Next, we need to create routing and handling functions to handle the user's authentication and authorization requests. Routing and handling functions can be created using the following code:

from fastapi import FastAPI, HTTPException
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from passlib.context import CryptContext
from datetime import datetime, timedelta
import jwt

app = FastAPI()

pwd_context = CryptContext(schemes=["bcrypt"])
security = HTTPBearer()

# 模拟数据库中的用户
users_db = {
    "admin": {
        "username": "admin",
        "password": pwd_context.hash("admin123")
    }
}

@app.post("/login")
def login(user: User):
    if user.username not in users_db:
        raise HTTPException(status_code=401, detail="Invalid username")
    
    stored_user = users_db[user.username]
    if not pwd_context.verify(user.password, stored_user["password"]):
        raise HTTPException(status_code=401, detail="Invalid password")
    
    token = generate_token(user.username)
    return {"access_token": token}

def generate_token(username: str) -> str:
    expiration = datetime.utcnow() + timedelta(minutes=30)
    payload = {"username": username, "exp": expiration}
    return jwt.encode(payload, secret_key, algorithm="HS256")

@app.get("/users/me")
def get_user_profile(credentials: HTTPAuthorizationCredentials = security):
    token = credentials.credentials
    try:
        payload = jwt.decode(token, secret_key, algorithms=["HS256"])
        username = payload["username"]
        if username not in users_db:
            raise HTTPException(status_code=401, detail="Invalid username")
        
        return {"username": username}
    except jwt.DecodeError:
        raise HTTPException(status_code=401, detail="Invalid token")

5. Testing the Function
   Now we can use Postman or other HTTP client tools to test our functionality. First, we need to send a login request using a POST request and include the username and password in the request body. As shown below:

Request URL: http://localhost:8000/login
Request body:

{
    "username": "admin",
    "password": "admin123"
}

After successful login, we will receive an access token containing card response. For example:

{
    "access_token": "xxxxxxxxxxxxx"
}

Then, we can send a request to obtain the user profile using a GET request, sending the access token as the Bearer token in the Authorization header. As shown below:

Request URL: http://localhost:8000/users/me
Request header: Authorization: Bearer xxxxxxxxxxxxx

If the token verification is successful, the response will be returned A JSON object containing the username. For example:

{
    "username": "admin"
}

Conclusion:
This article explains how to use JWT tokens for authentication and authorization in FastAPI. By using the PyJWT library, we generated the JWT token and used the Passlib library for password hash verification. Using this approach, we can easily implement user authentication and authorization functionality to secure our web application.

The above is the detailed content of How to use JWT token for authentication and authorization in FastAPI. For more information, please follow other related articles on the PHP Chinese website!