堆栈内存溢出
  简体   繁体   English

如何使用 python 在 FastAPI 中使用 JWT 令牌和 Oauth2 验证用户登录和注销

[英]How to validate user login and logout using JWT token with Oauth2 in FastAPI using python

 原文  2021-12-01 10:46:08       python/ fastapi

问题描述

After logout call, I want to clear/expire the token which is stored in the jwt.注销通话后,我想清除/过期存储在 jwt 中的令牌。

1 个解决方案

解决方案1
 0  2021-12-02 10:49:11

you can follow the official user guide rigarding auth您可以按照官方用户指南进行身份验证

here is the exemple from the doc, it's a complete script that let you understand how auth work and how to handle jwt/tokens etc这是文档中的示例,它是一个完整的脚本,可让您了解身份验证的工作原理以及如何处理 jwt/tokens 等

This should run as is:这应该按原样运行:

from datetime import datetime, timedelta
from typing import Optional

from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from jose import JWTError, jwt
from passlib.context import CryptContext
from pydantic import BaseModel

# to get a string like this run:
# openssl rand -hex 32
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30


fake_users_db = {
    "johndoe": {
        "username": "johndoe",
        "full_name": "John Doe",
        "email": "johndoe@example.com",
        "hashed_password": "$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW",
        "disabled": False,
    }
}


class Token(BaseModel):
    access_token: str
    token_type: str


class TokenData(BaseModel):
    username: Optional[str] = None


class User(BaseModel):
    username: str
    email: Optional[str] = None
    full_name: Optional[str] = None
    disabled: Optional[bool] = None


class UserInDB(User):
    hashed_password: str


pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

app = FastAPI()


def verify_password(plain_password, hashed_password):
    return pwd_context.verify(plain_password, hashed_password)


def get_password_hash(password):
    return pwd_context.hash(password)


def get_user(db, username: str):
    if username in db:
        user_dict = db[username]
        return UserInDB(**user_dict)


def authenticate_user(fake_db, username: str, password: str):
    user = get_user(fake_db, username)
    if not user:
        return False
    if not verify_password(password, user.hashed_password):
        return False
    return user


def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
    to_encode = data.copy()
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
    else:
        expire = datetime.utcnow() + timedelta(minutes=15)
    to_encode.update({"exp": expire})
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt


async def get_current_user(token: str = Depends(oauth2_scheme)):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_data = TokenData(username=username)
    except JWTError:
        raise credentials_exception
    user = get_user(fake_users_db, username=token_data.username)
    if user is None:
        raise credentials_exception
    return user


async def get_current_active_user(current_user: User = Depends(get_current_user)):
    if current_user.disabled:
        raise HTTPException(status_code=400, detail="Inactive user")
    return current_user


@app.post("/token", response_model=Token)
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
    user = authenticate_user(fake_users_db, form_data.username, form_data.password)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
            headers={"WWW-Authenticate": "Bearer"},
        )
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username}, expires_delta=access_token_expires
    )
    return {"access_token": access_token, "token_type": "bearer"}


@app.get("/users/me/", response_model=User)
async def read_users_me(current_user: User = Depends(get_current_active_user)):
    return current_user


@app.get("/users/me/items/")
async def read_own_items(current_user: User = Depends(get_current_active_user)):
    return [{"item_id": "Foo", "owner": current_user.username}]

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 oauth2 和 jwt 在 FastApi 中进行身份验证 - Authentication in FastApi using oauth2 and jwt 如何在 Flutter 中使用 FastAPI /token 端点实现登录? FastAPI(JWT + OAuth) 前端 & Flutter 后端 - How do i implement login with FastAPI /token endpoint in Flutter? FastAPI(JWT + OAuth) Frontend & Flutter Backend 使用获得的 oauth2 令牌访问用户的 Azure Blob 存储 - Access Azure Blob storage of a user using oauth2 token obtained 如何使用Python使用oauth2 for Github API获取访问令牌 - How to get access token using oauth2 for Github api using python 在 swagger 中检索 Oauth2 令牌并使用 Python 与 API 连接 - Retrieving Oauth2 token in swagger and interfacing with API using Python 如何使用 Python 获取 oauth2 access_token - How can I get an oauth2 access_token using Python 如何在 FastAPI-login 中注销? - How to logout in FastAPI-login? 在python中的GAE上使用OAuth2 - Using OAuth2 on GAE in python 如何使用 python 创建签名的 JWT 令牌 - How to create a signed JWT token using python 使用 Django 登录/注销用户 - Login/Logout a user using Django
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM