Authx
authx.main.AuthX
Bases: _CallbackHandler[T]
, _ErrorHandler
The base class for AuthX
AuthX enables JWT management within a FastAPI application. Its main purpose is to provide a reusable & simple syntax to protect API with JSON Web Token authentication.
PARAMETER | DESCRIPTION |
---|---|
config |
Configuration instance to use. Defaults to AuthXConfig().
TYPE:
|
model |
Model type hint. Defaults to Dict[str, Any].
TYPE:
|
Note
AuthX is a Generic python object. Its TypeVar is not mandatory but helps type hinting furing development
AuthX base object
PARAMETER | DESCRIPTION |
---|---|
config |
TYPE:
|
model |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
config |
Configuration instance to use. Defaults to AuthXConfig().
TYPE:
|
model |
Model type hint. Defaults to Dict[str, Any].
TYPE:
|
Source code in authx/main.py
MSG_MISSING_TOKEN_ERROR
class-attribute
instance-attribute
MSG_MISSING_CSRF_ERROR
class-attribute
instance-attribute
MSG_REVOKED_TOKEN_ERROR
class-attribute
instance-attribute
MSG_TOKEN_REQUIRED_ERROR
class-attribute
instance-attribute
MSG_FRESH_TOKEN_REQUIRED_ERROR
class-attribute
instance-attribute
MSG_ACCESS_TOKEN_REQUIRED_ERROR
class-attribute
instance-attribute
MSG_REFRESH_TOKEN_REQUIRED_ERROR
class-attribute
instance-attribute
MSG_CSRF_ERROR
class-attribute
instance-attribute
config
property
AuthX Configuration getter
RETURNS | DESCRIPTION |
---|---|
AuthXConfig
|
Configuration BaseSettings
TYPE:
|
DEPENDENCY
property
FastAPI Dependency to return an AuthX sub-object within the route context
FRESH_REQUIRED
property
FastAPI Dependency to enforce valid token availability in request
ACCESS_REQUIRED
property
FastAPI Dependency to enforce presence of an access
token in request
REFRESH_REQUIRED
property
FastAPI Dependency to enforce presence of a refresh
token in request
CURRENT_SUBJECT
property
FastAPI Dependency to retrieve the current subject from request
fresh_token_required
property
FastAPI Dependency to enforce presence of a fresh
access
token in request
access_token_required
property
FastAPI Dependency to enforce presence of an access
token in request
refresh_token_required
property
FastAPI Dependency to enforce presence of a refresh
token in request
handle_errors
Add the FastAPI.exception_handlers
relative to AuthX exceptions
PARAMETER | DESCRIPTION |
---|---|
app |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
app |
the FastAPI application to handle errors for
TYPE:
|
Source code in authx/_internal/_error.py
set_callback_get_model_instance
set_callback_token_blocklist
set_subject_getter
Set the callback to run for subject retrieval and serialization
PARAMETER | DESCRIPTION |
---|---|
callback |
TYPE:
|
set_token_blocklist
Set the callback to run for validation of revoked tokens
PARAMETER | DESCRIPTION |
---|---|
callback |
TYPE:
|
is_token_in_blocklist
Check if token is in blocklist
PARAMETER | DESCRIPTION |
---|---|
token |
TYPE:
|
**kwargs |
DEFAULT:
|
Source code in authx/_internal/_callback.py
load_config
Loads a AuthXConfig as the new configuration
PARAMETER | DESCRIPTION |
---|---|
config |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
config |
Configuration to load
TYPE:
|
get_access_token_from_request
async
Dependency to retrieve access token from request
PARAMETER | DESCRIPTION |
---|---|
request |
TYPE:
|
locations |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
request |
Request to retrieve access token from
TYPE:
|
locations |
Locations to retrieve token from. Defaults to None.
TYPE:
|
RAISES | DESCRIPTION |
---|---|
MissingTokenError
|
When no |
RETURNS | DESCRIPTION |
---|---|
RequestToken
|
Request Token instance for
TYPE:
|
Source code in authx/main.py
get_refresh_token_from_request
async
Dependency to retrieve refresh token from request
PARAMETER | DESCRIPTION |
---|---|
request |
TYPE:
|
locations |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
request |
Request to retrieve refresh token from
TYPE:
|
locations |
Locations to retrieve token from. Defaults to None.
TYPE:
|
RAISES | DESCRIPTION |
---|---|
MissingTokenError
|
When no |
RETURNS | DESCRIPTION |
---|---|
RequestToken
|
Request Token instance for
TYPE:
|
Source code in authx/main.py
verify_token
Verify a request token
PARAMETER | DESCRIPTION |
---|---|
token |
TYPE:
|
verify_type |
TYPE:
|
verify_fresh |
TYPE:
|
verify_csrf |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
token |
RequestToken instance
TYPE:
|
verify_type |
Apply token type verification. Defaults to True.
TYPE:
|
verify_fresh |
Apply token freshness verification. Defaults to False.
TYPE:
|
verify_csrf |
Apply token CSRF verification. Defaults to True.
TYPE:
|
RETURNS | DESCRIPTION |
---|---|
TokenPayload
|
description
TYPE:
|
Source code in authx/main.py
create_access_token
create_access_token(uid, fresh=False, headers=None, expiry=None, data=None, audience=None, *args, **kwargs)
Generate an Access Token
PARAMETER | DESCRIPTION |
---|---|
uid |
TYPE:
|
fresh |
TYPE:
|
headers |
TYPE:
|
expiry |
TYPE:
|
data |
TYPE:
|
audience |
TYPE:
|
*args |
DEFAULT:
|
**kwargs |
DEFAULT:
|
PARAMETER | DESCRIPTION |
---|---|
uid |
Unique identifier to generate token for
TYPE:
|
fresh |
Generate fresh token. Defaults to False.
TYPE:
|
headers |
TODO. Defaults to None.
TYPE:
|
expiry |
Use a user defined expiry claim. Defaults to None.
TYPE:
|
data |
Additional data to store in token. Defaults to None.
TYPE:
|
audience |
Audience claim. Defaults to None.
TYPE:
|
RETURNS | DESCRIPTION |
---|---|
str
|
Access Token
TYPE:
|
Source code in authx/main.py
create_refresh_token
Generate a Refresh Token
PARAMETER | DESCRIPTION |
---|---|
uid |
TYPE:
|
headers |
TYPE:
|
expiry |
TYPE:
|
data |
TYPE:
|
audience |
TYPE:
|
*args |
DEFAULT:
|
**kwargs |
DEFAULT:
|
PARAMETER | DESCRIPTION |
---|---|
uid |
Unique identifier to generate token for
TYPE:
|
headers |
TODO. Defaults to None.
TYPE:
|
expiry |
Use a user defined expiry claim. Defaults to None.
TYPE:
|
data |
Additional data to store in token. Defaults to None.
TYPE:
|
audience |
Audience claim. Defaults to None.
TYPE:
|
RETURNS | DESCRIPTION |
---|---|
str
|
Refresh Token
TYPE:
|
Source code in authx/main.py
set_access_cookies
Add 'Set-Cookie' for access token in response header
PARAMETER | DESCRIPTION |
---|---|
token |
TYPE:
|
response |
TYPE:
|
max_age |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
token |
Access token
TYPE:
|
response |
response to set cookie on
TYPE:
|
max_age |
Max Age cookie parameter. Defaults to None.
TYPE:
|
Source code in authx/main.py
set_refresh_cookies
Add 'Set-Cookie' for refresh token in response header
PARAMETER | DESCRIPTION |
---|---|
token |
TYPE:
|
response |
TYPE:
|
max_age |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
token |
Refresh token
TYPE:
|
response |
response to set cookie on
TYPE:
|
max_age |
Max Age cookie parameter. Defaults to None.
TYPE:
|
Source code in authx/main.py
unset_access_cookies
Remove 'Set-Cookie' for access token in response header
PARAMETER | DESCRIPTION |
---|---|
response |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
response |
response to remove cooke from
TYPE:
|
unset_refresh_cookies
Remove 'Set-Cookie' for refresh token in response header
PARAMETER | DESCRIPTION |
---|---|
response |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
response |
response to remove cooke from
TYPE:
|
Source code in authx/main.py
unset_cookies
Remove 'Set-Cookie' for tokens from response headers
PARAMETER | DESCRIPTION |
---|---|
response |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
response |
response to remove token cookies from
TYPE:
|
Source code in authx/main.py
get_dependency
FastAPI Dependency to return a AuthX sub-object within the route context
PARAMETER | DESCRIPTION |
---|---|
request |
TYPE:
|
response |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
request |
Request context managed by FastAPI
TYPE:
|
response |
Response context managed by FastAPI
TYPE:
|
Note
The AuthXDeps is a utility class, to enable quick token operations within the route logic. It provides methods to avoid additional code in your route that would be outside of the route logic
Such methods includes setting and unsetting cookies without the need to generate a response object beforehand
RETURNS | DESCRIPTION |
---|---|
AuthXDeps
|
The contextful AuthX object
TYPE:
|
Source code in authx/main.py
token_required
token_required(type='access', verify_type=True, verify_fresh=False, verify_csrf=None, locations=None)
Dependency to enforce valid token availability in request
PARAMETER | DESCRIPTION |
---|---|
type |
TYPE:
|
verify_type |
TYPE:
|
verify_fresh |
TYPE:
|
verify_csrf |
TYPE:
|
locations |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
type |
Require a given token type. Defaults to "access".
TYPE:
|
verify_type |
Apply type verification. Defaults to True.
TYPE:
|
verify_fresh |
Require token freshness. Defaults to False.
TYPE:
|
verify_csrf |
Enable CSRF verification. Defaults to None.
TYPE:
|
locations |
Locations to retrieve token from. Defaults to None.
TYPE:
|
RETURNS | DESCRIPTION |
---|---|
Callable[[Request], TokenPayload]
|
Callable[[Request], TokenPayload]: Dependency for Valid token Payload retrieval |
Source code in authx/main.py
get_current_subject
async
get_token_from_request
Return token from response if available
PARAMETER | DESCRIPTION |
---|---|
type |
TYPE:
|
optional |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
type |
The type of token to retrieve from request. Defaults to "access".
TYPE:
|
optional |
Whether or not to enforce token presence in request. Defaults to True.
TYPE:
|
Note
When optional=True
, the return value might be None
if no token is available in request
When optional=False
, raises a MissingTokenError
RETURNS | DESCRIPTION |
---|---|
Optional[RequestToken]
|
Optional[RequestToken]: The RequestToken if available |
Source code in authx/main.py
implicit_refresh_middleware
async
FastAPI Middleware to enable token refresh for an APIRouter
PARAMETER | DESCRIPTION |
---|---|
request |
TYPE:
|
call_next |
TYPE:
|
PARAMETER | DESCRIPTION |
---|---|
request |
Incoming request
TYPE:
|
call_next |
Endpoint logic to be called
TYPE:
|
Note
This middleware is only based on access
tokens.
Using implicit refresh mechanism makes use of refresh
tokens unnecessary.
Note
The refreshed access
token will not be considered as
fresh
Note
The implicit refresh mechanism is only enabled for authorization through cookies.
RETURNS | DESCRIPTION |
---|---|
Response
|
Response with update access token cookie if relevant
TYPE:
|