Fast API JWT Authentication with the FastAPI-JWT-Auth Extension

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey there how's it going everyone in this video we are going to be building a simple rest api and implementing jwt authentication so i might start from scratch and we're going to go on building uh step by step until we have a complete api with the dwt authentication in this case i'm going to i'm not going to use that database i'm just going to use an in-memory database which list and we're going to be using the first api dwt authentication extension which borrows its philosophy from the classic wt extended extension for flask so let's get started with doing this so i'm going to start by creating the virtual environment so to do that i'm going to start by creating the environment minus m and then it's called vamp and then integral my virtual environment env this is going to create the virtual environment within our folder and this is where i'm going to install all the required dependencies for this project now when this is done i'm going to activate it and then install first api and uv phone then we'll go ahead and create the different routes that we need for this project now since this is done i'm going to activate this virtual environment resource cnp scripts and activate after activating this i mean to run pip install we're going to install api and uv so first api is a framework you're going to use and ubiquinone is right it's going to help us to run our code we're going to use it as ourself let's wait for this to get finished installing after this installing the next thing is going to be to create our simple and to i'm going first freezer requirements to our prime minister txt file and the next thing is going to be to create our simple file that's going to contain our routes so to do that we need to just say please and then i'll freeze retirements txt this is going to create a requirements.txt file just like you see it here it's going to rate every requirement for this project after doing that the next thing is going to be to create a file we're going to write our quotes i'm going to create that and it's going to simply call it sorry for this i'm just going to click here and create a window file file when i create that i'm going to call this file main.right so to set our project i mean first import first api so you can save room the first api package first api and then input first api we're going to create an instance of a step here so to do this i'm going to create an app and then a variable will be equal to the first api instance after doing this i'll create the various routes that we're going to use for this project now to do this i'm going to create the first route as so we're going to need basically routes that are going to create new users for us that are going to login users and the other roster to be is for the jwt authentication so let's try to do this we need to create a first route which is going to be a simple demo route so i'm going to just call this hellos i'm just going to call slash it's going to be at the root over so it's going to be a simple route so this may just call it index i'm going to just test our app so i'm just going to call this index and it's just going to return a simple message so engage return a dictionary search and this message is going to be hello now after doing this i'll simply run our app so i'm just going to say a uv coin so using uv one so i'll say uv coin then i'll specify the name of the file and then the app instance which is up and i'll specify that you want to have to reload this is going to rely on to run our app and reload it every time we shall be saving changes to our intuition and i'm using insomnia as my texting so i'll go to my dashboard and create a new request collection so i'm going to create a new request collection for this call tutorial in this case and when i call it jwt the next thing is going to be to call that simple request so and call that temporary request i'm going to just say this is going to be hello wait for this going to be a get request just going to go to localhost it's going to be 8 000 and to the right of our url when we send our message is being returned as hello i'm going to implement other routes in this case we're going to have a sign approach which is going to help us to create users and the login routes that will help us to create your wt tokens so let's try to do this so i'm going to come and create the first thing i'll have to do is to create a model which is going to be for a user so we expect that we're going to be having a user model very identical we're going to create one using identic and it will help us to serialize every user we shall be creating so to do that i'm going to import this mode identity so i'm going to say identic we need to import the base model class when i put the best model class the next thing is going to be to create our user model integrator is a model i'm just going to come and say yes then this is going to be our user then this user is going to have username let's say they're going to have a username a reason limit is going to be a string and then they're also going to have let's say an email which is also going to be a string they are going to also have a password so this password is also going to be a stream they also pass in other optional uh optional configurations that are going to help us when you're using our swagger pio when we are doing other things on the swagger api so to do that we need to create a simple class which is going to be called config this config class is going to contain certain attributes for the schema extra so this will basically help to dictate what we have to put input into our schema that's what the ui i'm going to do this and say this is going to be a dictionary and it's going to have an example so this is the example that will be displayed in the swagger ui so this example will be a dictionary and it will have whatever shall i have seen there is a name let's say let's just call this john doe and then our email the simple email let's say john gmail dot com now the next thing is going to be our password so let's say password so this is also going to be a key which is password sorry for this it's going to be our password and then the value of this will also be password after this is done we are going to be able to create our sign up our users so to do that i'm going to create a simple list that's going to act as a database for users indicator list which is going to be users and it's going to be a simple list and this is going to be where we're going to keep each user going to keep now keep in mind that you're using an in-memory database and this in memory database can swipe every time we actually load our application so let's go ahead and try to implement that intercom and say that app dot so this is going to be post since you are creating a new user what you shall require is the body and the body will be serialized as a user so i'll say that it's going to be type user the user mode that you've been able to create and all we expect is to create a user from this one thing we've done is we've done a mistake here this is supposed to be our route so i mean call it um it's going to be results so we're going to make a post request to users so as to create a new user or we can even instead call it sign up route and this is going to just have our users being created so it shall create every function and let's say it's going to be to create an account or to create a user and for this we shall pass in the user and there is a mod since we are using identic in this case so we eventually the identity model we created and after doing this the next thing is going to be to create a new user so we've integrated a new user it's going to be a dictionary so this dictionary is going to be in this form it's going to have a username which is going to be there is a name we get from the body of the request so that is going to be user watch username and then the next thing we're going to create is uh the email so we're going to say the email in this case it's going to be so this is going to be our email so it's going to be a user what's email and next thing is going to be our password so i'm going to create this and say password and this is going to be our user what password so after doing this this is the dictionary it's going to contain our user this thing is going to be saved to our dummy list of users so to do that i'm going to just say use this dot append since it's a list then we shall just append our new user so we having our new user and after doing this the next thing is going to be to just return that user and that's the task code of 201 to show that we've created that choose yes sir we are going to return the new user we've created and after doing this the next thing is going to be to return a so i'm just going to come within our route and then say that our status code in this case is going to be 201 that's in case the request is successful so we are going to also create a route it's going to show us a list of users and after creating them i'm going to come just down here and create that so i mean say actually going to paint this so i'm going to comment this and say this is going to be um so in this case the next route i'm going to write a comment above it and this is going to be for um creating getting all users so i'm going to call this up and it's going to be slash yes and then we shall have to pass in the identity mode as our response mode so what i'll say is response mode it's going to be list then this is going to be our model in this case it's going to be the user module so after this i'm going to import the list type from typing so i'm going to go up in our code let's import that so i made save from typing we are going to import list after doing that that means that we are going to return our model as a list and that is what we shall expect from this request so i'm going to create a view function and this view function is going to be attending our users i'm going to call this uh get users and then this is just simply going to return a list of users so to do this i'm going to come and say um and how i use that so this is just simply going to return our dummy database of users which is the list of users so i'm going to save this and our server is going to reload however we see that we are having an error so we are seeing that main to choose that is a valid check that main.js is a valid identity field type so we're going to go and check this so if i go to our user model we are having a user model it's supposed to inherit from this model and i forgot that let me fix it going to inherit from the base model when i save this our server has to reload so we have no errors so when i go to our insomnia i'm going to test two routes one that creates users and one that gets users so to do that i'm going to come and create a new request this new request is going to be for create so we're going to call this a get a post request so this is going to be our post request now we're going to create a new user so we need the request body we're going to come to body and say json upload is going to be a json body so i'm going to create our json so we're going to create the username and let's say our username is going to be jonathan and we're going to also create an email this email is going to be let's say jonathan at company.com then the next thing is going to be our password so i'm just going to say that the password is going to be password after doing this i'm going to pass in the url so i mean say low cost here it's going to be low cost 8 000 and what did we call this route so we called it sign up so i mean it says slash sign up and after doing this i'm going to send this and saying we see that our user has been created with that to zero and created status quo so i'm going to test that out that is going to test get all our users so i'm going to say i'm going to call this yet and this is going to be a get request so i'm going to create this request and after creating this request i'm going to come and specify the url so the url is going to be localhost 8000. it's going to be slash users now what i'm going to do in this case is to get all users so this is going to return a list of all users the next thing we're going to do is to set up our first api jwt authentication extension to help us to be able to create tokens and be able to verify users using those tokens so to do that the first thing you're going to do is to [Music] to be able to configure our first first api jwt authentication extension so as you see we we installed all requirements but we haven't yet installed it so i'm going to go ahead and install it so i'm going to close this and stop us our control c we're going to clear that and then install that the extension against a clip install this is going to be first api jwt and i'm going to install this tool and it's going to install in our virtual environment now we're going to freeze this i'm going to visit inaudible.txt file this is going to be now requirements.txt file and go to visit so let me freeze it after freezing it the next thing is going to be to configure our extension so that it works with our app so to do that i'm going to first minimize this then first thing i'm going to do is to import the necessary class that we need so you need to save from first api jwt auth we're going to import auth class and this class is going to give us access to all the methods that we shall need when creating tokens verifying tokens getting identities and so on i'm going to create a class that's going to have these settings and then we shall be able to get this to do that i'm going to come and create a super class identity class which i mean settings and then this is going to also inherit from the base mode so i'm going to create this and after doing this the first the only attribute we shall need here and we can actually add other attributes but the most important attribute between it is a of the wt secret key so we're going to be using the secrets module in python to create this secret key as we are going to see so i'm going to do this by saying that r of zwt secret key is going to be a string and it's going to be equal to so i'm going to open my python console so i'm going to say python this is going to open our python ripple and we are going to be able to get separate so i mean say import secrets and when i import secrets i'm going to generate a secret i mean say secrets that's talking and then this is going to return a random hexadecimal value and this is what you shall use as a circuit ever in production it is advised that you may use the couple to be able to add this to env file but for this tutorial i'm going to leave it public and come and copy this i'm going to copy this and after copying it i'll just come and paste just minimize that then i paste the secret key so after pasting this secret key we are going to load this config so that first api works with it so to do that i'm going to just come and create a decorator at it's going to be off jwt dot config and this is going to load our configurations so i'm going to create a simple function and i'm going to call it get config and this is going to get our configurations from the class we just created which is the settings class let me minimize my terminal after doing this we shall just return an instance of the settings class that's going to give us access to our configurations in set settings just going to return settings and after doing this we pretty much have done what you need for us to be able to start generating the wto tokens the next route we are going to implement is one that helps us to generate the wt tokens and we are also going to implement a lot a route that's going to be used to verify users to check whether users other users they claim to be using the tokens so to do that i'm going to go and create a route which is going to be our login route so these are going to be logging in using this route integrate this route and say at app dot this is going to be post and then i pass in the route which i made called login and in this case what you're going to do is we need a status quo and a response model so in this case i'm not going to specify a response model i'm going to just use a model for logging in so to do this i made first creator view function so let me call this login and this is going to be using our module however we need a different model when logging in so i'm going to create that different logo like the different model uh i'm going to go up within our code and create the user login model which is going to be that gain model we're going to use specifically for logging in a user integrator class call it user login and we first change this to a capital u so it's going to be zello again and it's also going to be to inherit from base mode this is going to have only two fields that which are required to log in and this is going to be our username and this username is going to be a string and then we're also going to require our password a password and it's also going to be a string now for this video you're not going to use any password hashing algorithm just like you saw we started that as our password as a string in our dummy database which is a list we shall just be able to access it and then match it without any password hashing just like i did for the previous schema the previous class i created a config class i'm also going to do the same here so we need to say class this is going to be our config let me first organize this so you need to come and get that schema extraction it's a schema extra i'm going to do the same thing for just like i did for the above example you need to just say example and this is going to be dictionary so in this case we shall only need a username let's say a username let's say like jonathan and then a password pass in your password and this is also going to be a password after creating our user login model the next thing is going to be to use this login model to log in our user so to do this i'm going to come and pass this within our login view function and this is going to be user and then we're going to say that we're going to use the user login module in this case the next thing we shall do is to also use the auth jwt class but in this case we shall need to to we shall use it to create um tokens called jwt tokens so to do this i'm going to say we're going to pass it as authorize and then we shall use the of jwt class so i mean say okay wt in this case we're going to use what we call dependency injection so basically a dependency injection helps our external code which is the one for the first api jwt to work as intended with our code which is for first step here so we do this by using that depends function we're going to import that from first api i'm going to go up and say depends so this is going to be from first api we are going to import depends so i'm going to remove this and then say paint import depends and then i come back and we we call this depends so this is going to be a dependency injection after we do this the next thing is going to be to simply uh look through all our users and check for the user that has that specific name and the specific password this is i'm going to just say for you in use this and what you're going to do is to find out that user who has that username and a password so i mean say if paint is to condition so i'm going to say if you use a name so because there is a store that has dictionaries and is equal to if is equal to the user so in this case i mean say if the user is equal to the user so we shall just say use that dot uh username so if there is name 0.2 there is a name in the in the schema and then the password is also equal to the password in the schema what you shall do is to actually just return the schema for now however what you need is to create your wt's so i'm going to say um this is going to be you and we're going to say password and we're going to say if password is info true i use that password for this user password what you're going to just return is the user so i'm going to just return the user and return new and let's see how this is going to work so let's remove this i mean save view and this is supposed to just return the user object so this i'm going to go back to insomnia and then i'm going to create a new request so a new request is going to be one for logging in or creating a token that's actually just called creating an access token so this is going to help us to generate an access token i'm going to call this create and access okay and then it's going to be a post method so i'm going to specify the method and then say create so what you shall need is the body which is going to be our json but this one intercom and pass it is on j as json you need to come and say our shall require our username and our username this case will be let's say jonathan and let's say our password our password so this is going to be in double quotes after doing this um i i'm not going to send this because we let's check if our server is even still up it's not up so let me restart it it restarter server so going to reload our server and our server is going to start so i'm going to minimize it and after minimizing it the next thing i'm going to do is to actually uh create a user again since we are using an in memory database you need to create a user so even if i to get all users will get an empty list of users so i'm going to go to the create user route and then i create a new user so our user has been created with jonathan and has a password with password so let's try to go to the one that creates an access token so when you pass this on the body and we send we are going to get uh since we forgotten passing the url so let me pass it in this is going to be the host 8 000 and it should be slash login so when i send this we see that our user has been created every has been created with a status code of 200. let's go and fix that so i'm going to just come and when we when we pass this we actually not creating the user we just returned the user so what you want is to actually create an access token for this user using our our credentials so to do this what i'm going to do is to come and remove this so what i'm going to do is to just say access token so integrate the access token this access token is going to be we're going to use our auth gear wt class so range set going to be authorized so just going to say going to be authorized then dot this is going to create our tokens and we need to just say create access token then we shall pass in the subject now the subject is the identity of that user that is going to be hidden within our jwt token that if we go to a protected route we'll be able to get the use of the specific identity so to do that i'm going to say subject is going to be equal to so let's just pass in the user the username so i'll just say uh subject is going to be let's say uh the user but username so we are storing a username of the currently logged in user and after that the next thing is going to be to return an exception in case this fails so after doing this we shall just actually return the access token so i'm going to undo that and to return the access token if this is a success and if it's a failure we shall return an exception so to do this i'm going to just return an access token so i'm going to create a dictionary so this is going to be access token and then we're just simply going to return the access token and then the next thing we're going to also do is to return an exception in case we have an invalid login in this case what i'll do is to just raise and http exception so i'll say an http exception and this will be raised so the thing first person is the status quo so the status code in this case will be uh let's pass in four zero one error so and this we're also going to specify the details of this exception as uh let's say invalid username password so when i save this uh we are going to try to test this so let me go back to insomya and when i go back to insomnia i'm going to create a new user since the server has reloaded and they're using a database sentence assistant so i'm going to send this and this is going to create a new user so even when i check for the user we see that our user is in the database now we're going to try to create an access token using these credentials so when i send this we're going to see that unaccess token has been created let's go ahead and create a route that's going to be able to help to make us use an access token to access the current login user so to do that i mean to come and save um which just come and create route so you can say app route this is going to be slash this is going to be up yes sorry for that end of caught up with the first so i'm going to use app.get and then this is going to just be let's say protected and when this is protected we are going to be able to pass in that jwt as an authorization header and then we shall be able to get the identity of the logged in user so let's go ahead and do that so i'm going to create the function in this case it's going to be let's say get logged in user so let's just call it get logged in user and what this is going to do is to since we're going to pass in our jwt as as an authorization header we shall need to authorize we shall need to pass this authorization header in our view function so to do this i'm going to create a parameter which i'll call host rs and it's going to be of type of jwt and then sister is in dependency injection i'll just set depends and then call that depend all the depends function here the next thing is going to be to [Music] basically protect this route with jwt required so to do this i'll use a try catch block so try x accept block so i'll say try and then after doing this the next thing i'm going to do is to protect this by saying at authorized and dwt required so every time i'll protect a route i'll use authorize.jwt required to protect it after doing this the next thing is going to be to accept in case we do not match this this uh in case that jwt does not match what we have as a logged in user we supposed to return an exception so to do that we said uh accept submit accept an exception let me just say accept an exception as e and then i raise an http exception error so i'm going to import that from first api so i'm just going to go to first api and say first api uh i'm going to import the http exception so we can be able to specify the status code of this http exception i'm going to come and come and say so in this case i'll just say raise and arrays and http exception and then this https http exception is going to have a status quo this data squad is going to be let's say so we're going to import status from first api so also import status so say status and then i'm going to come just down this side and say the status is going to be let us this is going to be http 401 and authorized and then we shall specify the detail as uh invalid so we shall say invalid token let's just say value token now i'll just say invalid in token and then the next thing is to return the current users identity so to do that i'm just going to use uh just going to create a variable called the current user so this is going to be the current user and then since the currencies that will be destroyed in rjwt we can be able to access the current user using the verb the ability but to do that i will just say current user is going to be authorized but this is going to be get dwt subject and this helps us to get the subject that we passed in the ngwt that is the current user who is logged in so we're going to just return uh the current user current user's name so just a current user then this is going to be current user so let's try to test this so i'm going to go back to insomnia and try to create a new year dwt and then access a protected route so to do that i'm going to go to insomnia integrate a new request which i'm going to call um protected route so this is going to be our protected route and it's going to be a gate request i'm going to create after doing this the next thing is going to be to pass in that url so you need to pass in the url so this is going to be localhost then i'm going to call this 8000 slash protected after doing this the next thing is going to be to create a jwt and then pass it as our authorization header so to do this since we are having a damage database whenever we load our data is lost i'm just going to go back and create a new user so when i create this new user the user has been created even when we try to get we get a list that has a user and create an access token for this user and be able to create this token so i'm going to copy this token and copy this token with control c and then go back to the protected route so let me actually rename this intro name this to say vector drops and when i go back here i'm going to go to the header and then i'll go to the new header by passing that key it's going to be our authorization so this is going to be an authorization header and then after specifying this is our authorization header i'm going to pass in that the token as the error and then i'm going to pass in the value of the token so i'm going to say space and then i test in the project now when i send this it's going to give us the current user's identity let me send this and this is going to return our current user as jonathan so we've been able to see that when you have a jwt we store the subject as the user who is currently logged in so that jwt specifically contains the information of the current logged in user and whenever to access a protected route we use our dwt to access that user's identity so let's go ahead and create refresh tokens i'm going to go back to our code now we need to ask ourselves what are fresh tokens so there may be instances in which we need to create a new access token and then we need a refresh token so this refresh token helps us to create new access tokens so to do that we're going to go back to our login function and every time we shall be able to log in we shall be able to create a new access token with a refresh token so to do that it's going to be as simple as adding this line just going to say refresh token it's going to be for 2 alright and then we're going to say create refresh token it's going to pass in the subject so our subject is going to be the user dot designer so after doing this when i save range tester out again hoping that our server is still running you're into a server is still running so you need to go back to insomnia first make this minimize so i'm going to go back to insomnia and what i'm going to do is to i serve as reloaded so i'm going to create a new user i'm going to go back to a json and send created a new user so when i get a new user we get a list of users and i'm going to go and create an access token so in this case we're going to be creating an access token as well as a refresh token i'm going to send this so this is returning an access token let's try to return uh refresh token as well so i forgot to include it here so i'm just going to say we're going to return the access token and then the refresh token as well so i'll pass it that i'll pass in or include it and save so we're going to log in again so i'm going to create an access token so you need to create a user and then create an access token so this brings an access token as well as a refresh token i'm going to rename this to just going to rename this to refresh token that is going to be creating both our refresh token and access token now there may be instances in which we may need to create a new token so let's go ahead and implement a rob that's going to enable us to create a new token so i'm going to go back to our our code and create a new route so i'm going to create a new route so i mean say app dot get and then i'll just say this is going to be um this is going to be a new token so i just call this new token so let's call it new token this is basically going to help us to create a new token with our refresh token so after this what i'm going to do is to come and create a view function this is going to be create new token so i'm going to pass in our authorized because we shall need to pass in the jwt which is the text token so our passing arrays header so i'm going to use authorize and then this will be of the type of jwt class and shall also this depends so all depends here after calling depends we are going to be able to create our new access token the first thing is going to be to be able to protect this route so i'm going to just simply copy this code and paste it down here so it's going to work the same after doing this the next thing is going to be to to now in this case we require a talking uh refresh token i'm going to change this to authorize and this is going to be refreshed and required so we're going to be refreshed so this is going to be um dwt dot this is going to be um our refresh token required so this case is going to be jwt refresh token required because in this case we shall be required to get our jwt refresh token so when we get it the one thing we shall need to do is to just create a new token so after that we are going to just create a new token so we may just create a new token by saying that our access token in this case is going to be equal to let's say our authorize but so this is going to be create access token so the first thing we're going to pass in is the subject so the subject is going to be equal to so we are going to be required to pass in the current user as our subject i'm going to return the current user so it's a current user so since the current user is going to be within the jwt we're going to pass in so we're going to just say it's going to be authorized let's get dwt subject so this will give us access to the current login user and then we shall use that as our subject create a new token so we're going to say it's going to be our current user so we're going to just return this access token so i'll just say return so this will be you says okay and then the value is going to be our access token so i'll just say access token let's try to see this and it's safe and go back to our insomnia so i'm going to create a new route which we are going to call create i'm going to call this create new access working so after doing this we are going to use our refresh token to access our new access token so i'm going to create this request and say this is going to be slash new tokens so you can say localhost post 8000 slash okay so the first thing i'll need is uh is a refresh token that i'm going to pass in within this route or to pass in within the headers the authorization header so you need to go to to create a new user since we've reloaded and create a new user then login to access refresh token so when i send this i'm going to access the refresh token and copy this after copying this i'm going to use this within our code so i'm going to come to our new access token so i'm going to go to the headers and then i'm passing the authorization the authorization head and then i'll give him that okay vera space then the token then send this and this should generate for us a new access token just like you see here now in this case we've been able to create a new access token using a refresh token in the next example we're going to be creating a refreshness token so our freshness token is one that is required each time we have to login a user in case we need them to log in take an example when you're deleting a repository on github you need to log in with your password so that's when we create our freshness token so let's go ahead and see an example where we can create a freshness token we're going to go back to our code and we're going to create a freshness token so i'm going to implement her out now let's go ahead and implement that route that's going to create a freshness token so to do that i'm going to come and create that route so i mean say at app so this is going to be post and then this is going to be our fresh login this is going to be different from the login we created idea and it's going to create for us a very fresh token so let's go ahead and create this so on each set it's going to be refresh token and i mean this is going to be afresh so we're going to call this route first login and now we're going to create our our view function so this is going to be our refresh okay or we can actually call it get fresh cooking so anyway let me just call it fresh logan so i'm going to call this fresh login that i'll pass in first is our user so interfacing our user is going to be of type type user and they're also going to pass in our authorize is going to be of type uh of jwt so in this case we are going to use some dependency projection this is going to be we're going to call that depends function and after doing this the next thing is going to be to get this user and be able to to log in and create a new token so to do that it's not going to be so different from the login however it's going to work in a way that's going to create a token that is fresh so to do that i'm just going to go to the login where we did and i'm going to just copy this so i'm just going to copy this code and then come right here where we have our post and then post this so what this is going to do is to look for that user and verify that password and there is a name match and if they match what we'll need is to create our new token so i'm going to remove this and then what i'll do is to actually come and rename this to our fresh token so i'm going to call this fresh token so i'm going to call this fresh okay and after this we are going to create a new access token and we are going to just pass in one parameter after after specifying the subject we shall just pass in our our fresh parameter so we have a variable called fresh when we set it to true it's going to create a fresh dwt that you're going to use to access those routes that are protected and need a fresh token so to do that instead of returning an access and the refresh token i'm going to remove this and we shall only return the fresh token so i'm going to just say this is going to turn our fresh token let me correct this this is going to be a fresh token close this thing i also say this is going to be our first token and then once done doing this we can also erase an error in case we did not pass this so i may just set arrays and actually do that just inside here so i can raise an http exception so say http arrays and https exception which is going to have the status of let's say the status in this case will be equal to let's say h status which is the status quo from first api this is going to be status http and authorized and then the detail of this is going to be um valid username or that's why after doing this the next thing is going to be to uh create a route that requires us to have a refresh token so that we can log in with that refresh token so to do that i'm going to just create an extra round so i'm going to call this up dot and i'll specify the route to be um i'll just say um so i'll just say fresh say fresh fresh fresh list just call this fresh url let me just call it fresh url and i'll just say um uh get get user so i'll just say get let's call it get user and then after this i'll pass in the queries because you need an authorization here that is going to take in the refreshness token so i'll say it's going to be authorized and then it's going to be wt which is going to depend so passing the dependency injection after this what you're going to do is to just be able to just just like we are trying to protect the other rods we are going to also protect this route i'm just going to say try i'm going to use trying except so i'm going to say try in this case i'll say authorize but in this case we need to get to protect this so we are going to say this is going to be fresh get the ability required since we require a freshness token in this case so after doing that the next thing is going to be to accept i'm going to accept going to accept an exception as e after doing this we will just raise an http an http exception status and so we shall just pass in http uh http 401 and unauthorized and then the details just say invalid token so let's just do that so pass it in as invalid token after doing that the next thing is going to be to get the current user's identity so what we're going to do is to just say current user going to be equal to uh in this case it's going to be authorized let's get the wt subject and after doing this we are going to return the current chooser so you need to return um in this case it's going to be a current user then we're going to write the current user so let me stop and explain what i did here so in this route we are required to create a fresh token that is going to be used to be accessed when we need it for example when we need to reloading when a person is currently logged in but we need them to verify if they are the owners or what they are going to delete for example github and we can be able to get these users and return their current identity using only their fresh token they have created so let's say if i'm trying to see this so i'm going to save after doing this i'm going to go back to my installment from here when i go back to insomia i am going to create a new route and i'm going to call this um yet freshness okay so just say get freshness okay so i'm going to call this a post method and create this request so it's a localhost 8000 flash this is going to be fresh talking so i mean say fresh fresh login is actually fresh login that shall need is the body so we need to create a user so i'm going to go to the right that creates a user and then send so i'm going to create a new user so we have a user jonathan and password of password after doing this i'm going to just come simply and go to get fresh talking questions talking so i'll just have to pass in the body as json this is going to be our username username is going to be jonathan and then our password in this case let's pass in our password then our password is going to be a password and after this i'm going to be sending this so we see that we we have our and we have an error here since we used the actually is the the user there is a model that we store in the database so let's go and correct that i'm going to go back to my code and when i go back to my code i'm going to specify that the user i want in this case is going to be the user from the login module so this is going to be user user login and save this hoping that our server is running we have no error so i'm going to go back when i send this time we are getting now this is because our server has reloaded now let's create a user so i'm going to create a user when i create this user i'm going to go back to getting a freshness token and when i send we get a new fresh token now this token is going to help us to access the route that is protected and only requires a freshness token so to do this i'm going to copy this fresh token i'm going to access this route which we call the fresh url route so we need to get our current user so i'm going to create a new request and i'm going to call this uh yet user identity so this is going to be getting a fresh fresh user identity i'm going to create this so i'm going to come and say this is going to be a low cost 000 and then we're going to call this refresh i'll press url so after doing this i'm going to pass in the header which is going to be our authorization header and say this is going to be authorization and then we're going to pass in it's going to be bearer then we shall pass in the first token when we send this we are going to get our current identity the user who has been logged in in this video we have been able to create a simple rest api and use the first api jwt both extension to carry out jwt authentication we've looked at various concepts such as creating tokens verifying users as well as creating freshness tokens and refresh tokens so if you've liked this video please leave a like and don't forget to subscribe to my channel if you i'll be creating content like this thank you for watching and see you in the next video bye

Info

Channel: Ssali Jonathan

Views: 1,354

Rating: 5 out of 5

Keywords: python, jwt, python jwt, python tutorial, python 3, jwt auth, jwt authentication, descifrar jwt con python, jwt authorization, python programming, jwt token, pyjwt, learn jwt, jwt in depth, jwt tutorial, jwt vs session, python http, why jwt, fastapi, fastapi tutorial, fastapi python tutorial, fastapi python, fastapi authentication, python fastapi example, python fastapi, fastapi full course, python fastapi course, python fastapi swagger, fastapi async, fastapi vs flask

Id: 1y4Nk4gH53Y

Channel Id: undefined

Length: 54min 45sec (3285 seconds)

Published: Mon Jun 28 2021