Overview
FastJWT is a FastAPI Plugin for reusable JWT Authentication Management. fastjwt enables easy JSON Web Tokens management within your FastAPI application.
fastjwt is heavily inspired from its Flask equivalent Flask-JWT-Extended, special thanks to @vimalloc fot the amazing work.
Documentation: https://ocarinow.github.io/fastjwt/
Features
- Encode/Decode JWT for application Authentication
- Automatic JWT detection in request
- JWT in Headers
- JWT in Cookies
- JWT in Query strings
- JWT in JSON Body
- Implicit/Explicit token refresh mechanism
- Freshness state of token
- Route protection
- Token type based protection (access/refresh)
- Token freshness protection
- Partial route protection
- Handle custom user logic for revoked token validation
- Handle custom logic for token recipient retrieval (ORM, pydantic serialization...)
- Provide FastAPI compliant dependency injection API
- Automatic error handling
- Scope Management (WIP)
Setup
Requirements
FastJWT is built on top of the following dependencies:
- FastAPI as web framework
- Pydantic as data validation
- PyJWT as python implementation of the JSON Web Token standard
FastJWT also relies on typing-extensions
for backward compatibility (python3.9)
Note
FastAPI, while required for fastjwt, is not declared as a dependency and must be installed prior with
pip install fastapi
Install
# With pip
pip install fastjwt
# With poetry
poetry add fastjwt
# With pipenv
pipenv install fastjwt
Example
from fastapi import FastAPI, Depends
from fastjwt import FastJWT
app = FastAPI()
security = FastJWT()
@app.get('/login')
def login():
return security.create_access_token(uid='foo')
@app.get('/protected', dependencies=[Depends(security.access_token_required())])
def protected():
return "This is a protected endpoint"
Development
WORK IN PROGRESS
The development guide is not available yet
Contributing
WORK IN PROGRESS
The contribution guide is not available yet
License
This project is open source under MIT License