Ready-to-use and customizable users management for FastAPI

Overview

FastAPI Users

FastAPI Users

Ready-to-use and customizable users management for FastAPI

build codecov PyPI version Downloads

All Contributors

Buy Me A Coffee


Documentation: https://frankie567.github.io/fastapi-users/

Source Code: https://github.com/frankie567/fastapi-users


Add quickly a registration and authentication system to your FastAPI project. FastAPI Users is designed to be as customizable and adaptable as possible.

Features

  • Extensible base user model

  • Ready-to-use register, login, reset password and verify e-mail routes

  • Ready-to-use OAuth2 flow

  • Dependency callables to inject current user in route

  • Customizable database backend

  • Multiple customizable authentication backends

    • JWT authentication backend included
    • Cookie authentication backend included
  • Full OpenAPI schema support, even with several authentication backends

Contributors and sponsors ☕️

Thanks goes to these wonderful people (emoji key):


François Voron

🚧

Paolo Dina

💵 💻

Dmytro Ohorodnik

🐛

Matthew D. Scholefield

🐛

roywes

🐛 💻

Satwik Kansal

📖

Edd Salkield

💻 📖

mark-todd

💻 📖

lill74

🐛 💻

SelfhostedPro

🛡️ 💻

Oskar Gmerek

📖

Martin Collado

🐛 💻

Eric Lopes

📖 🛡️

Beau Breon

💻

Niyas Mohammed

📖

prostomarkeloff

📖 💻

Marius Mézerette

🐛 🤔

Nickolas Grigoriadis

🐛

Open Data Coder

🤔

Mohammed Alshehri

🤔

Tyler Renelle

🤔

collerek

💻

This project follows the all-contributors specification. Contributions of any kind welcome!

Development

Setup environement

You should have Pipenv installed. Then, you can install the dependencies with:

pipenv install --dev

After that, activate the virtual environment:

pipenv shell

Run unit tests

You can run all the tests with:

make test

The command will start a MongoDB container for the related unit tests. So you should have Docker installed.

Alternatively, you can run pytest yourself. The MongoDB unit tests will be skipped if no server is available on your local machine:

pytest

There are quite a few unit tests, so you might run into ulimit issues where there are too many open file descriptors. You may be able to set a new, higher limit temporarily with:

ulimit -n 2048

Format the code

Execute the following command to apply isort and black formatting:

make format

License

This project is licensed under the terms of the MIT license.

Comments
  • Add routes for user activation

    Add routes for user activation

    Allow user accounts to be activated via an activation_callback, which is called in the /register route to handle user verification, resolving #106.

    User accounts created through the /register route have is_active == True if and only if activation_callback is supplied to get_register_router.

    The activation_callback expects a token, which if supplied to the /activate route will activate the user upon token verification.

    The semantics of after_register have been changed slightly: it's called at the point when an activated user has been created. If no activation_callback is supplied, it's called after the /register route. Otherwise, it's called after the /activate route; then any desired behaviour to be run after /register should be put in the activation_callback.

    This PR additionally:

    • Adds new error codes to fastapi_users/router/common.py
    • Update documentation
    • Add tests
    • Is backward-compatible with all previous function interfaces.

    Co-authored-by: Mark Todd

    enhancement 
    opened by eddsalkield 24
  • Duplicate Key Error (maybe not related with Fastapi-user but help needed)

    Duplicate Key Error (maybe not related with Fastapi-user but help needed)

    Hi @frankie567

    Sometimes in a "production" application using fastapi-user (with Gunicorn and uvicorn and concurrency), I have this error I'm not unable to reproduce by myself in dev mode.

    It occurs sometime at registration when two users want to register in the same two minutes. I don't know if it's related to the use of Fastapi-user but maybe I can find some help here to understand this error :-)

    In fact this UUID mentioned in the error below appear to be the uuid of the previous saved user. I'm wondering if it's not a concurrency issue with gunicorn?

    DuplicateKeyError: E11000 duplicate key error collection: myproject_db.users index: id_1 dup key: { id: UUID("c8ff467d-d490-4e32-b0b6-21ac94905dd5") }, full error: {'index': 0, 'code': 11000, 'keyPattern': {'id': 1}, 'keyValue': {'id': UUID('c8ff467d-d490-4e32-b0b6-21ac94905dd5')}, 'errmsg': 'E11000 duplicate key error collection: myproject_db.users index: id_1 dup key: { id: UUID("c8ff467d-d490-4e32-b0b6-21ac94905dd5") }'} File "myprojectapp/core/proxy_headers_middleware.py", line 43, in call return await self.app(scope, receive, send) File "starlette/middleware/cors.py", line 86, in call await self.simple_response(scope, receive, send, request_headers=headers) File "starlette/middleware/cors.py", line 142, in simple_response await self.app(scope, receive, send) File "starlette/exceptions.py", line 82, in call raise exc from None File "starlette/exceptions.py", line 71, in call await self.app(scope, receive, sender) File "starlette/routing.py", line 566, in call await route.handle(scope, receive, send) File "starlette/routing.py", line 227, in handle await self.app(scope, receive, send) File "starlette/routing.py", line 41, in app response = await func(request) File "fastapi/routing.py", line 183, in app dependant=dependant, values=values, is_coroutine=is_coroutine File "fastapi/routing.py", line 133, in run_endpoint_function return await dependant.call(**values) File "fastapi_users/router/register.py", line 38, in register created_user = await user_db.create(db_user) File "fastapi_users/db/mongodb.py", line 64, in create await self.collection.insert_one(user.dict()) File "concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "pymongo/collection.py", line 701, in insert_one session=session), File "pymongo/collection.py", line 615, in _insert bypass_doc_val, session) File "pymongo/collection.py", line 603, in _insert_one acknowledged, _insert_command, session) File "pymongo/mongo_client.py", line 1498, in _retryable_write return self._retry_with_session(retryable, func, s, None) File "pymongo/mongo_client.py", line 1384, in _retry_with_session return self._retry_internal(retryable, func, session, bulk) File "pymongo/mongo_client.py", line 1416, in _retry_internal return func(session, sock_info, retryable) File "pymongo/collection.py", line 600, in _insert_command _check_write_command_response(result) File "pymongo/helpers.py", line 230, in _check_write_command_response _raise_last_write_error(write_errors) File "pymongo/helpers.py", line 211, in _raise_last_write_error raise DuplicateKeyError(error.get("errmsg"), 11000, error)

    question 
    opened by MariusMez 19
  • Use sqlalchemy.orm.session instead of databases?

    Use sqlalchemy.orm.session instead of databases?

    Got a decent-sized project already built on SQLAlchemy. I'm using fastapi-sqlalchemy to inject a Session object into routes. Alternatively, FastAPI's documentation uses samples of SessionLocal = sessionmaker(... bind=engine) used with injection:

    # Dependency
    def get_db():
        db = SessionLocal()
        try:
            yield db
        finally:
            db.close()
    ...
    @app.post("/users")
    def create_user(..., db: Session = Depends(get_db)):
        ...
    

    I figured: that's fine, I'll have fastapi-users's use of databases alongside my use of SQLAlchemy. But I'm hitting all sorts of snags in how fastapi-users loads the user model for downstream tasks, and how my app intends to work with such. Pretty vague, I'll update this ticket with specific issues as I unravel them (currently just error-mania and hard to wrap my head around). But in the meantime, I'm wondering what your thoughts are on supporting passing a sqlalchemy.orm.session object into SQLAlchemyUserDatabase instead of a databases.Database object? Something like:

    # change this
    database = databases.Database(DB_URL)
    fastapi_users = FastAPIUsers(
        SQLAlchemyUserDatabase(UserDB, database, User.__table__), 
        [jwt_authentication], User, UserCreate, UserUpdate, UserDB,
    )
    # to this
    engine = sqlalchemy.create_engine(DB_URL)
    Sess = sqlalchemy.orm.sessionmaker(autocommit=False, autoflush=False, bind=engine)
    fastapi_users = FastAPIUsers(
        SQLAlchemyUserDatabase(UserDB, Sess, User.__table__), 
        [jwt_authentication], User, UserCreate, UserUpdate, UserDB,
    )
    
    question 
    opened by lefnire 14
  • Routes for email verification

    Routes for email verification

    First of all, well done 👏🏼 I'm really impressed by the ideas, quality of code and documentation.

    I'm thinking about adding email verification. Yes, it has some complexity, because you need to verify email after registration and when changing email but it's still essential for many apps.

    I got inspired by forgot-password and reset-password routes. Here is my idea:

    1. generate-token route that takes an email as input and returns a token.
    2. on_after_generate_token event to handle email sending or what ever.
    3. verify-token route that takes the generated token and returns a relevant status code.

    Do you think it would work that way or there is a better way?

    enhancement feedback 
    opened by mhalshehri 13
  • trying to migrate 0.8.x ➡️ 1.0.x

    trying to migrate 0.8.x ➡️ 1.0.x

    I am trying to migrate from old version but suggested script for MongoDB

    db.getCollection('users').find().forEach(function(user) {
      var uuid = UUID(user.id);
      db.getCollection('users').update({_id: user._id}, [{$set: {id: uuid}}]);
    });
    

    gives an error

    [thread1] Error: Invalid UUID string: UUID("49caa9b2-a1f1-4459-bc4c-7e5a5d7d88e1") :

    so later i created new account and clearly see, that something have changed image

    Update I managed to update user in DB(?) well I think so, but nothing have changed(still same as showed in first picture) image using admin user (which one was created in old version), I can't login, using a new one I can

    documentation question 
    opened by galvakojis 12
  • Cookie transport must return empty json and not `null` in `response.data` on login

    Cookie transport must return empty json and not `null` in `response.data` on login

    This causes issues when integrating the openapi schema into openapi-generator. Because the code generator expects the response to be a JSON, as it should be.

    opened by caniko 11
  • Swagger issue for endpoints register & update

    Swagger issue for endpoints register & update

    Hi, First of all, great job. It's a very useful library.

    However, after having setup my project. I noticed a few issues in the generated Swagger documentation. Indeed, the request body is pre-filled with the following information:

    {
      "id": "string",
      "email": "[email protected]",
      "is_active": true,
      "is_superuser": false,
      "password": "string"
    }
    

    However, according to your documentation, only the fields email & password are required. It can lead to some misunderstandings for someone wanting to use the API for the first time since the Swagger (or redoc) should describe how to use the API.

    I think it's a cheap fix that can be very useful for when you'll find a solution for adding auth in the Swagger. Indeed, after having had a look at your code, one solution could be to make the models BaseUserCreate and BaseUserUpdate not to inherit from BaseUser but BaseModel instead.

    Looking forward to hearing from you :)

    enhancement 
    opened by anancarv 11
  • Return 403 instead of 401 when a user is known

    Return 403 instead of 401 when a user is known

    Hi @frankie567,

    I would like to propose to return a 403 whenever a user is known but doesn't have enough privileges to access a resource and return a 401 if a user could not be authenticated at all (wrong or no credentials provided). This follows the conventions outlined in rfc7235 and lets fastapi-users play nicely with frontend frameworks such as vue-auth which will log you out on receiving a 401.

    Let me know if you agree, so I can also update the tests.

    opened by daanbeverdam 10
  • Tortoise-orm custom user

    Tortoise-orm custom user

    Iḿ trying make custom user with fastapi_users,

    so

    from fastapi_users import models from fastapi_users.db import TortoiseBaseUserModel, TortoiseUserDatabase import datetime

    class User(models.BaseUser):

    nome: str = "defaultuserteste"
    data_criado: str = datetime.datetime.now()
    is_fund: bool = False
    is_agendador: bool = False
    is_revisor: bool = False
    is_aprovador: bool = False
    

    class UserCreate(models.BaseUserCreate):

    nome: str = "defaultuserteste"
    data_criado: str = datetime.datetime.now()
    is_fund: bool = False
    is_agendador: bool = False
    is_revisor: bool = False
    is_aprovador: bool = False
    

    class UserUpdate(User, models.BaseUserUpdate):

    nome: str = "defaultuserteste"
    data_criado: str = datetime.datetime.now()
    is_fund: bool = False
    is_agendador: bool = False
    is_revisor: bool = False
    is_aprovador: bool = False
    

    class UserDB(User, models.BaseUserDB):

    nome: str = "defaultuserteste"
    data_criado: str = datetime.datetime.now()
    is_fund: bool = False
    is_agendador: bool = False
    is_revisor: bool = False
    is_aprovador: bool = False
    

    class UserModel(TortoiseBaseUserModel):

    nome: str = "defaultuserteste"
    data_criado: str = datetime.datetime.now()
    is_fund: bool = False
    is_agendador: bool = False
    is_revisor: bool = False
    is_aprovador: bool = False
    

    user_db = TortoiseUserDatabase(UserDB, UserModel)

    Database not changed i'm using mysql ... nothings happening.

    documentation question 
    opened by ScrimForever 10
  • Issue with tortoise orm 0.18.1

    Issue with tortoise orm 0.18.1

    Describe the bug

    There is an error with tortoise orm 0.18.1 using aerich, when I ugrade to 0.19.0 the error goes away but the tortoise orm adapter lock to versions below 0.19.0, there is already a PR from a dependatbot fixing this, it just needs to be reviewed. The error in question is AttributeError: 'NoneType' object has no attribute 'acquire' when using the aerich upgrade command.

    To Reproduce

    Steps to reproduce the behavior:

    1. Install fastapi-users
    2. Setup Tortoise orm with fastapi-users
    3. Install aerich
    4. Initialize your database with aerich
    5. Make a DB model change
    6. Run aerich upgrade

    Expected behavior

    AttributeError: 'NoneType' object has no attribute 'acquire'
    

    Configuration

    • Python version : 3.10
    • FastAPI version : 0.75.2
    • FastAPI Users version : 9.3.2
    • Tortoise Orm version: 0.18.1

    This is not specific to fastapi users and the fix is quite simple.

    bug 
    opened by Tobi-De 9
  • login Response when user not found

    login Response when user not found

    I send the login params and if the user is not found on db, the app just raise an internal console exception with this message:

    tortoise.exceptions.DoesNotExist: Object does not exist

    I have a frontend interface running on different port...so when I try to see the response from the login request, there is no message on browser console, just error 500, with no description. Is there a way of add one ?

    question 
    opened by Master-Y0da 9
  • `GET users/me` returns different ObjectId on each call

    `GET users/me` returns different ObjectId on each call

    Describe the bug

    Configured with beanie, calling GET users/me returns an apparently-random ObjectId, different each time the query is made.

    To Reproduce

    Steps to reproduce the behavior:

    1. Set up as directed, query GET users/me

    Expected behavior

    The correct ID should be returned

    Configuration

    • Python version : 3.10.4
    • FastAPI version : 0.88.0
    • FastAPI Users version : 10.2.1
    bug 
    opened by gegnew 1
  • Refresh tokens, freshness pattern and scopes

    Refresh tokens, freshness pattern and scopes

    This is a draft for feedback, and follows on from this discussion earlier in the year: https://github.com/fastapi-users/fastapi-users/discussions/350

    I've made a first attempt here at implementing refresh tokens and the "freshness pattern" from fastapi-jwt-auth. It doesn't yet have any updates to docs, etc, as I'd like to get your initial input first.

    Breaking changes

    Any implementation of these features involves breaking changes to parts of the API. This is, unfortunately, inevitable because any solution will need to address these challenges:

    Token metadata

    It's no longer sufficient to determine whether a token simply exists for a given user and strategy, because we now also need to:

    • Determine a token's "fresh" status
    • Distinguish between an access token and a refresh token

    For JWTStrategy this is straightforward (adding additional claims to the token), but for other strategies this requires non-backward-compatible changes. In this solution, that includes storing JSON in the Redis value for RedisStrategy and adding additional fields for DatabaseStrategy.

    We also need to consider how to store and retrieve this metadata with the Strategy. For this I propose a Pydantic model, UserTokenData, which wraps the user object (conforming to UserProtocol) and its metadata. In this first draft I've created four metadata fields:

    | Field | Description | | --- | --- | | created_at: datetime | the UTC datetime when the token was issued | | expires_at: Optional[datetime] | the UTC datetime when the token expires - this is no longer set by the Strategy but passed in by the AuthenticationBackend (see below) | | last_authenticated: datetime | the UTC datetime when the user was last explicitly authenticated (not with a refresh token) - a token is considered "fresh" when created_at == last_authenticated | | scopes: Set[str] | distinguishes between an access and refresh token, and can be extended for other purposes later |

    Token response model

    It's now no longer sufficient for a Transport instance to receive a string as a token, as it now needs to process an access tokan and (optionally) a refresh token. In this draft I've created a model

    class TransportTokenResponse(BaseModel):
        access_token: str
        refresh_token: Optional[str] = None
    

    which replaces the previous str type expected by Transport.get_login_response.

    Moving token lifetime to AuthenticationBackend

    As access tokens and refresh tokens have different lifetimes - and this could be extended to other token types in future - I've proposed removing the token lifetime configuration from Strategy and instead setting it in AuthenticationBackend, as well as whether refresh tokens should be generated and accepted:

        access_token_lifetime_seconds: Optional[int] = 3600,
        refresh_token_enabled: bool = False,
        refresh_token_lifetime_seconds: Optional[int] = 86400,
    

    New features

    New refresh router

    I've added an OAuth2-compatible token refresh router, get_refresh_router in refresh.py for processing refresh tokens.

    New "fresh" keyword arg in Authenticator methods

    • The public methods in Authenticator now have a fresh: bool keyword arg, which, when true, will throw 403 Forbidden if the token is not fresh.
    • I've also added an additional method, current_token, for users who need to inspect the token metadata.

    Scopes

    I've borrowed the concept of OAuth2 scopes to distinguish between access tokens and refresh tokens, and I've also defined some additional scopes to distinguish between classes of users.

    | Enum | String | Description | | --- | --- | --- | | SystemScope.USER | "fastapi-users:user" | An access token belonging to an active user | | SystemScope.SUPERUSER | "fastapi-users:superuser" | An access token belonging to an active superuser | | SystemScope.VERIFIED | "fastapi-users:verified" | An access token belonging to an active and verified user | | SystemScope.REFRESH | "fastapi-users:refresh" | A refresh token |

    This could be developed further - for example, both system- and user-defined routes could have "required scopes" that restrict what routes a particular token is permitted to access. By adding user-defined scopes, this could be used as a basis for a general-purpose user permissions system.

    Potential additional features

    The following additional security measures might be valuable but would require additional work:

    • Preventing refresh token reuse: store the created_at datetime for the most recently used refresh token so that it (and any older refresh token) cannot be reused.
    • Refreshing OAuth2 tokens: on token refresh, refresh an associated OAuth2 token with the original provider if it has expired
    • Checking for revoked OAuth2 tokens: on token refresh, re-verify an associated OAuth2 token with the original provider

    Open questions

    • How should CookieTransport handle the concept of refresh tokens? Currently it ignores them entirely.

    Alternative ideas

    • This could be implemented in a non-breaking way by implementing it only for IWTStrategy and BearerTransport and having any use of refresh tokens / freshness with other strategies raise a NotImplementedError, but I do think it's possible that users will want this for other strategies and transports.
    • I also considered using separate strategies for access and refresh tokens by adding a get_refresh_strategy to AuthenticationBackend, but this adds additional complexity. If this is something that user feedback indicates would be likely to be used I could add it back in.

    Feedback welcome

    Please let me know whether this is heading in the right direction and what other changes / different approaches you might have in mind!

    opened by jtv8 3
  • FastAPI-Users v10.1.2 issue with cookie authentication

    FastAPI-Users v10.1.2 issue with cookie authentication

    Discussed in https://github.com/fastapi-users/fastapi-users/discussions/1047

    Originally posted by davidbrochart July 25, 2022 It seems that #1037 breaks cookie authentication in jupyverse. Not sure what's going on, do you have any clue?

    bug 
    opened by frankie567 1
  • Add CSRF recipe into the documentation

    Add CSRF recipe into the documentation

    It's possible to have it thanks to asgi-csrf. A detailed explanation and example in the doc would be nice.

    Add an alert in the Cookie authentication backend to invite the user to check it out.

    documentation 
    opened by frankie567 3
Releases(v10.2.1)
  • v10.2.1(Nov 4, 2022)

  • v10.2.0(Oct 18, 2022)

  • v10.1.5(Aug 11, 2022)

  • v10.1.4(Jul 25, 2022)

  • v10.1.3(Jul 23, 2022)

  • v10.1.2(Jul 22, 2022)

  • v10.1.1(Jun 21, 2022)

  • v10.1.0(Jun 21, 2022)

    New features and improvements

    • Account e-mail association when authenticating with OAuth is now disabled by default for security reasons. It can be re-enabled on the router using the associate_by_email flag. [Documentation]
    • New router to associate an OAuth account with an authenticated user account. [Documentation]
    • New hooks on_before_delete and on_after_delete. [Documentation] Thanks @schwannden 🎉
    • Bump dependencies:
      • httpx-oauth >=0.4,<=0.7 Thanks @carloe 🎉
    Source code(tar.gz)
    Source code(zip)
  • v10.0.7(Jun 7, 2022)

    Improvements

    • FastAPI dependency is now unconstrained, meaning FastAPI Users will always be installable with the latest version of FastAPI. Thanks @austinorr 🎉
    • Optional Redis dependency now uses the main redis package, as async support has been merged into it. Thanks @applied-mathematician 🎉
    Source code(tar.gz)
    Source code(zip)
  • v10.0.6(May 27, 2022)

  • v10.0.5(May 25, 2022)

  • v10.0.4(May 19, 2022)

  • v10.0.3(May 10, 2022)

  • v10.0.2(May 6, 2022)

  • v10.0.1(May 6, 2022)

    Bug fixes

    • Fix generic typing on AuthenticationBackend class
    • Move exceptions in a dedicated module to avoid circular imports (related to #978)
    Source code(tar.gz)
    Source code(zip)
  • v10.0.0(May 5, 2022)

    Breaking changes

    Version 10 marks important changes in how we manage User models and their ID.

    Before, we were relying only on Pydantic models to work with users. In particular the current_user dependency would return you an instance of UserDB, a Pydantic model. This proved to be quite problematic with some ORM if you ever needed to retrieve relationship data or make specific requests.

    Now, FastAPI Users is designed to always return you a native object for your ORM model, whether it's an SQLAlchemy model or a Beanie document. Pydantic models are now only used for validation and serialization inside the API.

    Before, we were forcing the use of UUID as primary key ID; a consequence of the design above. This proved to be quite problematic on some databases, like MongoDB which uses a special ObjectID format by default. Some SQL folks also prefer to use traditional auto-increment integers.

    Now, FastAPI Users is designed to use generic ID type. It means that you can use any type you want for your user's ID. By default, SQLAlchemy adapter still use UUID; but you can quite easily switch to another thing, like an integer. Beanie adapter for MongoDB will use native ObjectID by default, but it also can be overriden.

    READ THE MIGRATION PATH

    Documentation improvements

    • From this day, the documentation is versioned. It means that you'll be able read the documentation for older versions, starting at v9.3. There is a menu switch on top!
    Source code(tar.gz)
    Source code(zip)
  • v9.3.2(May 5, 2022)

  • v9.3.1(Apr 21, 2022)

    Bug fixes and improvements

    • Fix a bug where OAuth accounts could collide if providers use the same ID. Thanks @ricfri 🎉
    • Bump dependencies:
      • httpx-oauth >=0.4,<0.7
    Source code(tar.gz)
    Source code(zip)
  • v9.3.0(Mar 22, 2022)

    Fixes and improvements

    • Allow to use RS256/ES256 algorithms to sign JWT. [Documentation] Thanks @jtv8 🎉
    • Allow to customize password hash strategy and algorithms [Documentation]
      • ⚠️ For SQLAlchemy (v3.0.0) and Tortoise ORM (v2.0.0), models have been updated so that the password_hash column can store longer strings. You'll likely need to perform a database migration.
    Source code(tar.gz)
    Source code(zip)
  • v9.2.6(Mar 16, 2022)

  • v9.2.5(Feb 18, 2022)

    Fixes and improvements

    • Improve route names to avoid duplicates. Thanks @gaganpreet 🎉
    • Improve DependencyCallable type to allow for AsyncGenerator and Generator.
    • Bump dependencies:
      • fastapi >=0.65.2,<0.75.0
    Source code(tar.gz)
    Source code(zip)
  • v9.2.4(Feb 7, 2022)

  • v9.2.3(Feb 1, 2022)

  • v9.2.2(Jan 15, 2022)

    Bug fixes and improvements

    • Fix #865: fastapi_users.db module exports were not discovered correctly by IDE. Thanks @Ae-Mc 🎉
    • Improve typing for classes and functions expecting a dependency callable.
    Source code(tar.gz)
    Source code(zip)
  • v9.2.1(Jan 10, 2022)

    Bug fixes and improvements

    • Fix #846: cookies are now correctly deleted when using custom SameSite option. Thanks @Hazedd 🎉
    • Bump dependencies
      • fastapi >=0.65.2,<0.72.0
      • makefun >=1.11.2,<1.14
    Source code(tar.gz)
    Source code(zip)
  • v9.2.0(Jan 4, 2022)

    New features and improvements

    • Revamp of SQLAlchemy database adapter using pure SQLAlchemy ORM with asyncio support. [Documentation]
      • You can install it with pip install fastapi-users[sqlalchemy2]
      • The previous one is still available on fastapi-users[sqlalchemy] but is now deprecated.
    Source code(tar.gz)
    Source code(zip)
  • v9.1.1(Jan 3, 2022)

  • v8.1.5(Jan 3, 2022)

    This is a critical bug fix for v8 branch. Still, I can't commit to maintain both versions, so consider upgrading to v9 as soon as possible.

    Bug fixes

    • Fix #834: backend name were incorrectly set during OAuth request. Thanks @Hazedd 🎉
    Source code(tar.gz)
    Source code(zip)
  • v9.1.0(Jan 3, 2022)

  • v9.0.1(Dec 30, 2021)

Owner
François Voron
Co-founder & CTO @BeeMyDesk - Python enthusiast 🐍
François Voron
Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Flask-User v1.0 Attention: Flask-User v1.0 is a Production/Stable version. The previous version is Flask-User v0.6. User Authentication and Management

Ling Thio 916 Feb 15, 2021
FastAPI extension that provides JWT Auth support (secure, easy to use, and lightweight)

FastAPI JWT Auth Documentation: https://indominusbyte.github.io/fastapi-jwt-auth Source Code: https://github.com/IndominusByte/fastapi-jwt-auth Featur

Nyoman Pradipta Dewantara 468 Jan 1, 2023
Auth for use with FastAPI

FastAPI Auth Pluggable auth for use with FastAPI Supports OAuth2 Password Flow Uses JWT access and refresh tokens 100% mypy and test coverage Supports

David Montague 95 Jan 2, 2023
API-key based security utilities for FastAPI, focused on simplicity of use

FastAPI simple security API key based security package for FastAPI, focused on simplicity of use: Full functionality out of the box, no configuration

Tolki 154 Jan 3, 2023
it's a Django application to register and authenticate users using phone number.

django-phone-auth It's a Django application to register and authenticate users using phone number. CustomUser model created using AbstractUser class.

MsudD 4 Nov 29, 2022
Django Auth Protection This package logout users from the system by changing the password in Simple JWT REST API.

Django Auth Protection Django Auth Protection This package logout users from the system by changing the password in REST API. Why Django Auth Protecti

Iman Karimi 5 Oct 26, 2022
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Easy and secure implementation of Azure AD for your FastAPI APIs ?? Single- and multi-tenant support.

Intility 220 Jan 5, 2023
A full Rest-API With Oauth2 and JWT for request & response a JSON file Using FastAPI and SQLAlchemy 🔑

Pexon-Rest-API A full Rest-API for request & response a JSON file, Building a Simple WorkFlow that help you to Request a JSON File Format and Handling

Yasser Tahiri 15 Jul 22, 2022
Implements authentication and authorization as FastAPI dependencies

FastAPI Security Implements authentication and authorization as dependencies in FastAPI. Features Authentication via JWT-based OAuth 2 access tokens a

Jacob Magnusson 111 Jan 7, 2023
Imia is an authentication library for Starlette and FastAPI (python 3.8+).

Imia Imia (belarussian for "a name") is an authentication library for Starlette and FastAPI (python 3.8+). Production status The library is considered

Alex Oleshkevich 91 Nov 24, 2022
Authentication with fastapi and jwt cd realistic

Authentication with fastapi and jwt cd realistic Dependencies bcrypt==3.1.7 data

Fredh Macau 1 Jan 4, 2022
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 1, 2023
Flask user session management.

Flask-Login Flask-Login provides user session management for Flask. It handles the common tasks of logging in, logging out, and remembering your users

Max Countryman 3.2k Dec 28, 2022
Flask user session management.

Flask-Login Flask-Login provides user session management for Flask. It handles the common tasks of logging in, logging out, and remembering your users

Max Countryman 2.7k Feb 17, 2021
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 3, 2023
FastAPI-Login tries to provide similar functionality as Flask-Login does.

FastAPI-Login FastAPI-Login tries to provide similar functionality as Flask-Login does. Installation $ pip install fastapi-login Usage To begin we hav

null 417 Jan 7, 2023
row level security for FastAPI framework

Row Level Permissions for FastAPI While trying out the excellent FastApi framework there was one peace missing for me: an easy, declarative way to def

Holger Frey 315 Dec 25, 2022
Simple implementation of authentication in projects using FastAPI

Fast Auth Facilita implementação de um sistema de autenticação básico e uso de uma sessão de banco de dados em projetos com tFastAPi. Instalação e con

null 3 Jan 8, 2022
Auth-Starters - Different APIs using Django & Flask & FastAPI to see Authentication Service how its work

Auth-Starters Different APIs using Django & Flask & FastAPI to see Authentication Service how its work, and how to use it. This Repository based on my

Yasser Tahiri 7 Apr 22, 2022