Skip to main content
TopMiniSite

Back to all posts

How to Authenticate Static Routes In Fastapi?

Published on
5 min read
How to Authenticate Static Routes In Fastapi? image

In FastAPI, static routes can be authenticated by using dependency injection with the Depends function. By defining a dependency function that checks for authentication within the route, you can ensure that only authenticated users have access to specific endpoints. This could involve verifying a user's credentials, checking for a token in the request headers, or any other method of authentication. By including this dependency in the parameters of a route function, you can guarantee that only authenticated users are able to access the corresponding endpoint. This provides an added layer of security to your FastAPI project and helps protect sensitive data and resources.

How to authenticate static routes in FastAPI with JWT?

To authenticate static routes in FastAPI with JWT, you can use a combination of the Depends function from FastAPI and the PyJWT library to decode and verify JWT tokens. Here's a step-by-step guide on how to do it:

Step 1: Install PyJWT

pip install PyJWT

Step 2: Create a function to decode and verify JWT tokens

from typing import Optional from fastapi import Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer import jwt

from your_settings import SECRET_KEY, ALGORITHM

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

def decode_token(token: str = Depends(oauth2_scheme)) -> Optional[str]: try: payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) return payload.get("sub") except jwt.JWTError: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid or expired token", headers={"WWW-Authenticate": "Bearer"}, )

Step 3: Create a settings file (e.g. your_settings.py) that contains the secret key and algorithm used to sign the JWT tokens

SECRET_KEY = "your_secret_key_here" ALGORITHM = "HS256"

Step 4: Use the decode_token function in your route handlers to authenticate static routes

from fastapi import FastAPI

app = FastAPI()

@app.get("/protected_route") def protected_route(current_user: str = Depends(decode_token)): return {"message": f"Hello, {current_user}"}

Now, when a user makes a request to the /protected_route endpoint, they will need to include a valid JWT token in the Authorization header with the Bearer scheme. The decode_token function will verify the token and extract the subject (user ID) from it. If the token is invalid or expired, an HTTP 401 Unauthorized response will be returned.

How to authenticate static routes in FastAPI with Azure AD?

To authenticate static routes in FastAPI with Azure AD, you can use the azure-identity library to interact with Microsoft Azure Active Directory (AD) authentication service. Here's how you can authenticate static routes in FastAPI with Azure AD:

  1. Install the necessary libraries:

pip install azure-identity pip install azure-keyvault-secrets

  1. Set up Azure AD authentication in your FastAPI application. You can use the following code as a guide:

from fastapi import FastAPI, Depends from fastapi.security import OAuth2AuthorizationCodeBearer from azure.identity import DefaultAzureCredential import requests

app = FastAPI()

Azure AD authentication

credential = DefaultAzureCredential() token = credential.get_token('https://graph.microsoft.com/') access_token = token.token

oauth2_scheme = OAuth2AuthorizationCodeBearer(tokenUrl='https://login.microsoftonline.com/{tenant_id}/oauth2/token')

Protected route with Azure AD authentication

@app.get("/protected-route") def protected_route(token: str = Depends(oauth2_scheme)): headers = { "Authorization": f"Bearer {token}" } url = "https://graph.microsoft.com/v1.0/me" response = requests.get(url, headers=headers) return response.json()

  1. Update the code with the specific Azure AD credentials, such as the tenant_id and client_id, as needed for your application.
  2. Use the oauth2_scheme dependency to authenticate the protected-route using Azure AD credentials. The DefaultAzureCredential will handle the authentication process and retrieve the access token required for authentication.
  3. When accessing the protected route, the user will be required to authenticate via Azure AD. If the authentication is successful, the user will be able to access the protected route and retrieve the necessary data from the Azure AD service.

By following these steps, you can authenticate static routes in FastAPI with Azure AD using the azure-identity library.

How to authenticate static routes in FastAPI with custom authentication middleware?

To authenticate static routes in FastAPI with custom authentication middleware, you can create a custom authentication middleware that checks the incoming requests for authentication credentials and verifies them against your authentication system. Here is a general outline of how you can achieve this:

  1. Create a custom authentication middleware class that inherits from starlette.middleware.Middleware:

from starlette.middleware.base import BaseHTTPMiddleware from starlette.requests import Request from starlette.responses import JSONResponse

class CustomAuthMiddleware(BaseHTTPMiddleware): async def dispatch(self, request: Request, call_next): # Check if the request contains authentication credentials if "Authorization" not in request.headers: return JSONResponse(status_code=401, content={"detail": "Authorization header is missing"})

    # Extract the authentication token from the Authorization header
    token = request.headers\["Authorization"\]

    # Verify the authentication token against your authentication system
    if not custom\_auth\_function(token):
        return JSONResponse(status\_code=403, content={"detail": "Unauthorized"})

    # If the authentication is successful, proceed with the request
    response = await call\_next(request)
    return response

def custom_auth_function(token): # Implement your custom authentication logic here, such as verifying the token against a database of valid tokens return token == "valid_token"

  1. Add the custom authentication middleware to your FastAPI application:

from fastapi import FastAPI from my_custom_auth_middleware import CustomAuthMiddleware

app = FastAPI()

app.add_middleware(CustomAuthMiddleware)

  1. Protect static routes by adding the custom authentication middleware to specific route handlers:

from fastapi import APIRouter

router = APIRouter()

@router.get("/protected-route") async def protected_route(): return {"message": "This route is protected by custom authentication middleware"}

By following these steps, you can authenticate static routes in FastAPI using custom authentication middleware. Customize the custom_auth_function to fit your authentication logic and secure your routes accordingly.