Build a Pizza delivery API with FastAPI #15 | Bearer JWT Auth on Swagger UI

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone welcome back in this video we're going to look at how to add jw to your authentication on our swagger ui now we've been using first api jwt oauth for carrying out our dwlt authentication however first apigee wt oauth doesn't have the support for uh dwt off on our swagger front end so i came across a github issue that has solutions that can help us to carry out that specific uh that specific configuration so right here we have one that can allow us to create our custom open api schema that can help us to be able to document our ui as well as to help us to authorize our users to access the different endpoints via our swagger ui so i'm going to use make use of this code so what we have here is we define our custom open api then we go ahead and basically describe our security schemes so the example here is making use of ojwt cookie access or cookie refresh and so on but the example shall need is one that helps us to carry out our bearer oath on our front end so when you go ahead and scroll through these solutions actually what you may need first is this input so i'm going to leave the code through this in the description so that you guys can check it out and be able to carry this out on your own so i'm going to copy this and rinse head over to visual studio code and within my visual studio code uh the file i'm interested in is going to be main.pi so i'll go to main.pi and what i'll do is to include these inputs and save so i'm going to go back to our github so right here i'm going to go to the section where i saw the bridge at wt authentication so i'm going to come right here so this is actually the code for bearer authentication so i'll do is to actually copy this i'm going to copy this code actually going to go and copy this code so while this copy this then i'll include it within our code so i'm going to include it so i'm going to give you guys a walkthrough so what you have here is we have imported uh get open api from first api dot dot open api dot utils so this is going to help us to basically create a custom open api so we we can basically create a custom documentation for astrology ui and then also go ahead and describe how we're going to authorize users to access the various endpoints uh with their jwt so let's go ahead and look into that so right now we have uh open api schema then you describe the title of our api and in this case what you're going to say is in this case we have means called is the pizza delivery apa so this is going to be version 1 so we can also go ahead and add the description for our api so what i'm going to say is this is going to be an apa for a pizza delivery service so right after doing that we having our route so we have up the trout so basically it's going to access the routes as we have included them on our first api so right here we have uh include router so it's going to get all these routes and then add them to our route uh instance on our app instance just like we saw here so right now right now we see that we have the different open api schema so this gets the components and then describes the security scheme that's good now our security scheme we're using is uh bear oauth so in this case we go ahead and specify the type of the security scheme that you're going to use and this is going to be of api key then we are going to place our authorization so this is going to be in our headers then we go ahead and also specify the name of the header which is going to be authorization then we can also go ahead and uh describe how we're going to insert our object wt's just like you can see here so now what is done here we actually be able to search for all routes that have the protection of jwt required first year dwt required and jwto optional so in this case we've used jwt required so this will go ahead and look for the routes that you've create we've protected with uh jwt required and you'll be able to uh protect them when asked for giveaway so at the end of it all what it does is to basically update our open api schema with our custom api schema so if i save this and head over to our swagger ui so i'm going to go ahead and access our gui locos 8000 so in a refresh we currently see that we've been able to add and authorize it and authorize button to our front end so this authorized button is going to help us to be able to access the different routes on nashville ui uh with jwt so the first thing i'm going to do is to create a jwt so i'm going to head over to uh slash auth login let me try to refresh so i'm going to go to slash of slash login so this requires a username and a password and returns a tokenpay access and refresh token so i'll do is to login a user so need to log in a user i'm actually going to go ahead and try it out so i'm going to try this out so right here i have i'm going to try a user called john doe that i created and i'm also going to provide the password of that user so the password is going to be pass word so if i execute this we have obtained our access and refresh token so what i'm going to do is to come and copy this access token so i'm going to go and authorize so i'll do is to come to the authorized button and right here we can see that they are directing us to provide a bearer and then legit wt so if i say bearer and then provide the jwt i'll click the authorization button so as to access the different protected routes so now i say authorized i'm going to close this so we now right now see that the padlocks have changed so we can be able to access these various rows so let's go ahead and do that so what i'll do is to come and basically trade a test to try to test a protected route so when i say try it out so in the execute we now see that you're getting hello world for a route that's protected so let's say we want to list all orders so let's say list or order so this is accessed by super users let's actually get an order by actually this is also accessed by a super user and the currently logged in user is not a super user so let's try another route so let's say we want to get a specific order for the currently logged in user so let's try out so let's say i provide the id of let's say true and execute we now see that we've been able to get that specific order so let's say we logged out so when i go to authorized and then log out so i'll close this so right now we see that the padlocks have been locked once again so let's say we try to access a route that has a protection so if i go to placing an order for example let's say try it out then i come and say i want to execute we now see that detail as invalid token because you haven't been able to prevent a talking so in this video we've seen how to uh add a bearer authentication on answer giveaway thank you for watching guys and if you like this video please go ahead and like don't forget to subscribe if you're new to this channel thank you for watching guys and see you in the next video bye

Info

Channel: Ssali Jonathan

Views: 5,019

Rating: undefined out of 5

Keywords: fastapi, fastapi tutorial, fastapi python tutorial, fastapi authentication, fastapi python, python fastapi, python fastapi swagger, python fastapi course, python fastapi example, python fastapi session, fastapi full course, fastapi users, fastapi oauth2 authorization code bearer, bearer auth, fastapi auth, reactjs fastapi, fastapi user authentication, fastapi coursera, fastapi async

Id: _tRbsSqYN3M

Channel Id: undefined

Length: 8min 47sec (527 seconds)

Published: Thu Sep 16 2021