JWT Authentication (Renew User Access Using Refresh Tokens) - FastAPI Beyond CRUD (Part 11)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what's up everyone welcome back in this video we going to be looking at how we can gain access tokens in case our access tokens are expired using our refresh tokens if you to recall from the previous videos we went ahead and created what is called a token pair and that token pair has an access token as well as a refresh token our access tokens are shortlived and therefore can expire but our refresh tokens are long lived and therefore can be used to generate more access tokens and that's what we're going to be doing in our video so we can go back to our code right here and what we have is the class that we created in the previous videos and this is just one to create or to create a dependency that shall be injected into every path Handler that will require an access token to allow access to resources so what we going to be doing is to rewrite this code so that you can create one class that is going to help us create the dependency for those end points that we shall need to access with a refresh token so to begin what we're going to do is to make sure that this is our BAS class so we're going to make this our token Bearer which is going to be the best class and then access token Bearer is just simply going to be a child class or a sub class of that class so we shall just come right here and say the our access token Bearer it's going to be a child class of our best token Bearer class so this is what we going to do the checks to check if a valid access token is provided to an endpoint and then we're going to create another class so this class is going to be one to check if a valid refresh token is being provided so these are just going to be the checks for Access and refresh tokens but the rest of the code for checking if a token is valid shall reside within our D call in the parent class so let's go ahead and implement this so to begin what we're going to do is to get that logic for checking if a token is a valid refresh or access token and if you to recall it's within this if statement right here that we check if a valid access token has been provided so in this case we're going to move this logic to a method inside our access Token Bar class so we're just going to come right here shall Define one method that's going to be called the verify token data method and this is going to be taken itself as well as the token data sorry for this so this is going to be our token data our token data is going to be a dictionary and then we shall have this being the token data so this is going to not return anything so we shall say return none and therefore we just simply going to paste the logic for checking if a valid access token has been provided so what this code is doing is to just simply check if a refresh token is sent to token that requires un access token and then it's going to throw an error in case we provide refresh token instead of un access token so to add on to this we can also check if our token data is not n so we shall do if token data and in this case we are going to go ahead and say and token data refresh meaning that this is a refresh token then we should erase our exception we're going to do the same inside our refresh token be so I'm going to rename this class to refresh token Bearer since this is going to be the one to allow us to create a dependency that we shall inject in that endpoint we need to access with a valid refresh token so what I me to do is to just simply copy this function or this method right here and then I'll paste it ins it here I'll fix the indentation and once I fck the indentation now we can go ahead and add the checks for a valid refresh token now this is going to be the opposite since here what we're doing is to check if a user is providing an access token so shall come right here and say and not token data refresh meaning that the refresh claim shall be false so in this case we need to remind them to provide a valid refresh token so we shall change this from provide an access token to provide a refresh token once this is done then we need to go ahead and make sure that these methods are accessed inside our parent class for us to do that I'm going to first format my code and then inside our parent class we're going to make sure that this method is accessed so what are you going to do what we're going to do is to come right in here and Define the verify so we're going to call this the verify token data Sim similar to what we have here so this shall be a method that shall be accessed from the parent class but these are going to just override it and this shall take itself as well as our token data just like we've done in the child classes but in case they are not implemented what shall do is just simply come right here and say raise and in this case raise and not implemented error me that when you fail to override that method we are going to throw you an error reminding you to do that so in this case shall say please override or in this case it's going to be override this method in child classes so every time you create child classes of the token Bearer class you'll be required to over override this method which is verify token data and once we've been able to do that now we need to go ahead and make use of this method inside our D call method right here so for us to do that we shall just come right here and say self dot in this case that's going to be a verify token data so we're just going to go ahead and call a verify token data and now we shall provide that token data in our case it's going to be our token data and this is just enough for us to go ahead and beat two bus with one stone by just making sure we have a best token Bearer class to do all the JWT checks and then having these classes to create our dependencies so now let's go ahead and check if this is working if I go back to rest for right here and I try to make this request we now see that it's working successfully that but I need to go to one that requires an access token so if I go here and try to make a request it seem like everything is working nothing has broken yet if you try to provide a refresh token instead of un access token to get all our books I'm going to copy our refresh token right here once I copy the refresh token I'm going to provide it as an access token and let's see what is going to happen so in our case we see that it's now telling us to provide a valid access token which is is working the way we want so once we have been able to do that now let's go ahead and implement the endpoint for allowing us to create new access tokens so to do that we're going to go back to our code and inside our routes right here where I created the or rout we're going to make use of our o service or our o router to create so this is going to Simply Be a post request actually let's just make it can we call it a post or a get request let's just say this is going to be a let's say this is going to be a get request and this get request is going to be on the slash refresh token endpoint so in this case shall just say refresh token and once we have this defined shall Define the Handler which is going to be a sync Dev and in that case we shall call this refresh token or a new session or whatever you want to call it so shall say refresh token or let's just call it get new access token so once you've been able to do that now we're simply going to come right in here and use our refresh token Bearer dependency so we're going to have to import it at the top right here so shall just come and say from do dependencies we're going to go ahead and import our refresh token beer and once we've imported our refresh token Bearer now we're going to create a dependency by simply coming here and saying so we're going to do the same thing like we did but I think a Mist this is supposed to be token details instead of user details because it's returning everything about the token so I'll just call this token details and in our case we are simply going to have this being the token detail so this shall be a dictionary and it shall be a dependency but that dependency is going to be an object of the refresh token Bearer class so we're just simply going to come and do that once that is done now we need to go ahead and provide an access token in case our refresh token is valid now to do that what is simply going to do is to first of all check if the user details so now just actually say return an empty dictionary so let's just try to make a request to this endpoint if you go back to our rest forx right here I'll create a new request and we're going to say this is going to be for refresh tokens and we're going to make a request to our endpoint so our endpoint is going to be found on the SL refresh token route or path I sent we now see not authenticate therefore require a token so I'm going to go to our header right here let us test our functionality so I'm going to create one for authorization and then we are going to come right here and say be and then we shall provide our access token or our refresh token so I'm going to go back where we created and try to provide an access token to see if our checks will pass so I'll copy this and then going to close some of the things we have here so I'll just come and paste in our access token and now we see that it's working we are required to provide a refresh token now need to go back to where we created our token pair and then I'll try to provide a valid refresh token if I copy we are going to come right here and then provide our refresh token and send we now see that it actually passes so we can for now uh we can now just return a successful response in case you provide a valid refresh token all right so now let's get coding and let's make this work so that we generate a new access token so since we now have our user details or our token details if want to access the expiry of uh token what you're going to do to just come right here and say the expir date is going to be equal to so in this case we shall get the time stamp which is going to be token Det details and in this case we shall get our exp claim once we've got our exp claim now keep in mind that this is going to be a time stamp so the time stamp is going to be different from a daytime object in fact if we go ahead and print it out we shall say expiry and actually let's just call this the expiry time stamp not the expiry date so I'm just going to rename this so that we can be so clear this is going to be our time stamp and and what I'm going to do is to print this out so if I go back here and try to make this request if we go within our terminal we shall notice that our time stamp is going to be printed in this so you need to convert it to a date time and we going to be looking at how we can do that so what we going to do is to check if our token is expired and if it's not expired then we shall just create a new access token with the user details that are found within our token so to do that shall just come right here and say if our expir time stamp or we're going to make use of the DAT time class so we need to go ahead and import that the top so in this case we shall say import date time once we've been able to do that shall say if dat time Dot from time stamps in this case we need to get this from a time stamp then we shall provide our expiry time stamp so this is going to convert time stamp into a DAT time object so if this dat time is greater than the date time dot now meaning the current date and the current time then we shall create a new access token so shall say that our new access token a new access token in this case is going to be equal to a call to our create access token but in this case our user data is going to be the same user data we shall get from our token details so in this case shall say token details and add token details in this case shall get the user claim that we set if you go ahead and log that then it's going to log the user details or the uid of the user as well as the email so once we've been able to do this now we shall just return a successful message so we shall say return in this case shall return a Json response that Json response is going to have the content being a dictionary this dictionary is going to have our new access token and then uh that will be our new access token in case it doesn't return that then we shall throw the error so this just return an error or raise an error so shall just come right here and say raise HTTP exception and in this case our status code is going to be something like let's say 400 or let's say status do HTTP 400 or let's say uh let's just say that this is going to be something like invalid credentials or something or log out not successful or this is actually going to be refreshing our token so we're going to say something like the detail being to invalid or expired token so this is going to be our refresh token anyway let's just say expired token so I'm going to format this and make this a little bit smaller so this is the code that we have we get our refresh token after checking if our refresh token is not exped then we shall go ahead and return our access token else we shall raise an exception so if we go back to our Forks right here and we try to make the request we shall now see that our new access token has been created once we've received uh the right refresh token in this case and in case we used an access token to generate a new access token of course we're going to see that it's not going to work because we require a refresh token so I'm going to provide our access token right here or our refresh token and then I think I missed something this is supposed to be e then blah blah blah and I think I missed that first character or the first letter yes I missed it so I'll have to provide it right here when i s we now see that we are required to provide a valid refresh token in this video look at how we can generate new tokens or renew a user session using a refresh token if you enjoyed this video I request you please leave a like it helps this videos get into the algorithm thanks for watching and see you in the next video in the series bye

Info

Channel: Ssali Jonathan

Views: 220

Rating: undefined out of 5

Keywords: fastapi, fastapi jwt auth, fastapi authentication, fastapi jwt authentication, fastapi tutorial, fastapi series

Id: JitVZm8rfks

Channel Id: undefined

Length: 17min 13sec (1033 seconds)

Published: Wed Jun 19 2024