Implementing JWT Authentication in FastAPI: A Comprehensive Guide
As FastAPI continues to gain traction for building APIs with Python, one common requirement for secure web applications is authentication. JSON Web Tokens, commonly known as JWT, offer a compact and self-contained way to transmit information securely. In this article, we’ll explore how to implement JWT authentication in a FastAPI application.
What is JWT?
JWT is a standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
Why Use JWT?
- Compact: JWTs are small in size, making them easy to transmit over the wire or store on the client-side.
- Self-Contained: Contain all the required information about the user or other entities.
- Secure: Can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Setting Up the FastAPI Application with JWT Authentication
1. Install Required Libraries
First, we need to install the dependencies:
pip install "fastapi[all]" pyjwt
2. Setting Up the Project Structure
Create a simple FastAPI application structure:
/my_fastapi_app
|-- main.py
|-- auth_utils.py # Helper functions for JWT
3. Implement JWT Utility Functions
In auth_utils.py, implement functions to generate and verify JWTs.
import jwt
from datetime import datetime, timedelta
SECRET_KEY = "your_secret_key"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
def create_access_token(data: dict):
to_encode = data.copy()
expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
to_encode.update({"exp": expire})
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
return encoded_jwt
def verify_token(token: str):
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
return payload if payload else None
except jwt.ExpiredSignatureError:
return {"msg": "Token has expired"}
except jwt.PyJWTError:
return {"msg": "Invalid token"}
4. Implement JWT Authentication Middleware
In main.py, implement a FastAPI application that utilizes the JWT utility functions.
from fastapi import FastAPI, Depends, HTTPException
from fastapi.security import OAuth2PasswordBearer
from auth_utils import create_access_token, verify_token
app = FastAPI()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
@app.post("/token")
async def login(form_data): # Assume form_data is the user credentials
# Perform user authentication (This example assumes success)
user_data = {"sub": form_data.username}
access_token = create_access_token(data=user_data)
return {"access_token": access_token, "token_type": "bearer"}
@app.get("/users/me")
async def read_users_me(token: str = Depends(oauth2_scheme)):
payload = verify_token(token)
if not payload:
raise HTTPException(status_code=401, detail="Invalid token")
return {"username": payload.get("sub")}
Conclusion
Integrating JWT authentication within your FastAPI applications can substantially bolster your app’s security. The provided example outlines a basic workflow of utilizing JWTs with FastAPI and should serve as a foundation for more complex use cases.
Please ensure to replace the SECRET_KEY with a secure and unique value for your application. Also, consider handling more advanced cases like token revocation and refreshing, depending on your project’s requirements.
Hopefully, this guide helps you in securing your FastAPI applications effectively with JWT authentication. For further reading, check out the FastAPI documentation and the PyJWT documentation for more advanced JWT features.
Leave a Reply