How to use JWT tokens for authentication and authorization in FastAPI
Introduction:
With the development of web applications, user authentication and authorization have become a vital part. Authentication and authorization functions can be easily implemented using JWT (JSON Web Token) tokens. FastAPI is a modern Python-based web framework that provides simple and easy-to-use functionality to handle authentication and authorization. This article will explain how to use JWT tokens for authentication and authorization in FastAPI.
pip install fastapi pip install pyjwt pip install passlib
import secrets secret_key = secrets.token_urlsafe(32)
from pydantic import BaseModel
class User(BaseModel):
username: str
password: strfrom fastapi import FastAPI, HTTPException
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from passlib.context import CryptContext
from datetime import datetime, timedelta
import jwt
app = FastAPI()
pwd_context = CryptContext(schemes=["bcrypt"])
security = HTTPBearer()
# 模拟数据库中的用户
users_db = {
"admin": {
"username": "admin",
"password": pwd_context.hash("admin123")
}
}
@app.post("/login")
def login(user: User):
if user.username not in users_db:
raise HTTPException(status_code=401, detail="Invalid username")
stored_user = users_db[user.username]
if not pwd_context.verify(user.password, stored_user["password"]):
raise HTTPException(status_code=401, detail="Invalid password")
token = generate_token(user.username)
return {"access_token": token}
def generate_token(username: str) -> str:
expiration = datetime.utcnow() + timedelta(minutes=30)
payload = {"username": username, "exp": expiration}
return jwt.encode(payload, secret_key, algorithm="HS256")
@app.get("/users/me")
def get_user_profile(credentials: HTTPAuthorizationCredentials = security):
token = credentials.credentials
try:
payload = jwt.decode(token, secret_key, algorithms=["HS256"])
username = payload["username"]
if username not in users_db:
raise HTTPException(status_code=401, detail="Invalid username")
return {"username": username}
except jwt.DecodeError:
raise HTTPException(status_code=401, detail="Invalid token")Request URL: http://localhost:8000/login
Request body:
{
"username": "admin",
"password": "admin123"
}After successful login, we will receive an access token containing card response. For example:
{
"access_token": "xxxxxxxxxxxxx"
}Then, we can send a request to obtain the user profile using a GET request, sending the access token as the Bearer token in the Authorization header. As shown below:
Request URL: http://localhost:8000/users/me
Request header: Authorization: Bearer xxxxxxxxxxxxx
If the token verification is successful, the response will be returned A JSON object containing the username. For example:
{
"username": "admin"
}Conclusion:
This article explains how to use JWT tokens for authentication and authorization in FastAPI. By using the PyJWT library, we generated the JWT token and used the Passlib library for password hash verification. Using this approach, we can easily implement user authentication and authorization functionality to secure our web application.
The above is the detailed content of How to use JWT token for authentication and authorization in FastAPI. For more information, please follow other related articles on the PHP Chinese website!
The difference between large function and max function
How to use shift backdoor
What is the Metaverse
Cancel power-on password in xp
Ripple currency today's market price
How to turn off automatic updates in win10
What is the difference between css framework and component library
Why can't my mobile phone make calls but not surf the Internet?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
