Authx#
authx.main.AuthX #
AuthX(config=AuthXConfig(), model=None)
Bases: _CallbackHandler[T]
, _ErrorHandler
The base class for AuthX
AuthX enables JWT management within a FastAPI application. Its main purpose is to provide a reusable & simple syntax to protect API with JSON Web Token authentication.
PARAMETER | DESCRIPTION |
---|---|
config | Configuration instance to use. Defaults to AuthXConfig(). TYPE: |
model | Model type hint. Defaults to Dict[str, Any]. TYPE: |
Note
AuthX is a Generic python object. Its TypeVar is not mandatory but helps type hinting furing development
AuthX base object
PARAMETER | DESCRIPTION |
---|---|
config | TYPE: |
model | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
config | Configuration instance to use. Defaults to AuthXConfig(). TYPE: |
model | Model type hint. Defaults to Dict[str, Any]. TYPE: |
Source code in authx/main.py
MSG_MissingTokenError class-attribute
instance-attribute
#
MSG_MissingCSRFTokenError class-attribute
instance-attribute
#
MSG_TokenRequiredError class-attribute
instance-attribute
#
MSG_FreshTokenRequiredError class-attribute
instance-attribute
#
MSG_AccessTokenRequiredError class-attribute
instance-attribute
#
MSG_RefreshTokenRequiredError class-attribute
instance-attribute
#
MSG_CSRFError class-attribute
instance-attribute
#
config property
#
AuthX Configuration getter
RETURNS | DESCRIPTION |
---|---|
AuthXConfig | Configuration BaseSettings TYPE: |
DEPENDENCY property
#
FastAPI Dependency to return an AuthX sub-object within the route context
FRESH_REQUIRED property
#
FastAPI Dependency to enforce valid token availability in request
ACCESS_REQUIRED property
#
FastAPI Dependency to enforce presence of an access
token in request
REFRESH_REQUIRED property
#
FastAPI Dependency to enforce presence of a refresh
token in request
CURRENT_SUBJECT property
#
FastAPI Dependency to retrieve the current subject from request
fresh_token_required property
#
FastAPI Dependency to enforce presence of a fresh
access
token in request
access_token_required property
#
FastAPI Dependency to enforce presence of an access
token in request
refresh_token_required property
#
FastAPI Dependency to enforce presence of a refresh
token in request
handle_errors #
Add the FastAPI.exception_handlers
relative to AuthX exceptions
PARAMETER | DESCRIPTION |
---|---|
app | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
app | the FastAPI application to handle errors for TYPE: |
Source code in authx/_internal/_error.py
set_callback_get_model_instance #
set_callback_token_blocklist #
set_subject_getter #
Set the callback to run for subject retrieval and serialization
PARAMETER | DESCRIPTION |
---|---|
callback | TYPE: |
set_token_blocklist #
Set the callback to run for validation of revoked tokens
PARAMETER | DESCRIPTION |
---|---|
callback | TYPE: |
is_token_in_blocklist #
Check if token is in blocklist
PARAMETER | DESCRIPTION |
---|---|
token | TYPE: |
**kwargs | TYPE: |
Source code in authx/_internal/_callback.py
load_config #
Loads a AuthXConfig as the new configuration
PARAMETER | DESCRIPTION |
---|---|
config | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
config | Configuration to load TYPE: |
get_access_token_from_request async
#
Dependency to retrieve access token from request
PARAMETER | DESCRIPTION |
---|---|
request | TYPE: |
locations | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
request | Request to retrieve access token from TYPE: |
locations | Locations to retrieve token from. Defaults to None. TYPE: |
RAISES | DESCRIPTION |
---|---|
MissingTokenError | When no |
RETURNS | DESCRIPTION |
---|---|
RequestToken | Request Token instance for TYPE: |
Source code in authx/main.py
get_refresh_token_from_request async
#
Dependency to retrieve refresh token from request
PARAMETER | DESCRIPTION |
---|---|
request | TYPE: |
locations | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
request | Request to retrieve refresh token from TYPE: |
locations | Locations to retrieve token from. Defaults to None. TYPE: |
RAISES | DESCRIPTION |
---|---|
MissingTokenError | When no |
RETURNS | DESCRIPTION |
---|---|
RequestToken | Request Token instance for TYPE: |
Source code in authx/main.py
verify_token #
Verify a request token
PARAMETER | DESCRIPTION |
---|---|
token | TYPE: |
verify_type | TYPE: |
verify_fresh | TYPE: |
verify_csrf | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
token | RequestToken instance TYPE: |
verify_type | Apply token type verification. Defaults to True. TYPE: |
verify_fresh | Apply token freshness verification. Defaults to False. TYPE: |
verify_csrf | Apply token CSRF verification. Defaults to True. TYPE: |
RETURNS | DESCRIPTION |
---|---|
TokenPayload | description TYPE: |
Source code in authx/main.py
create_access_token #
create_access_token(uid, fresh=False, headers=None, expiry=None, data=None, audience=None, *args, **kwargs)
Generate an Access Token
PARAMETER | DESCRIPTION |
---|---|
uid | TYPE: |
fresh | TYPE: |
headers | TYPE: |
expiry | TYPE: |
data | TYPE: |
audience | TYPE: |
*args | TYPE: |
**kwargs | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
uid | Unique identifier to generate token for TYPE: |
fresh | Generate fresh token. Defaults to False. TYPE: |
headers | TODO. Defaults to None. TYPE: |
expiry | Use a user defined expiry claim. Defaults to None. TYPE: |
data | Additional data to store in token. Defaults to None. TYPE: |
audience | Audience claim. Defaults to None. TYPE: |
RETURNS | DESCRIPTION |
---|---|
str | Access Token TYPE: |
Source code in authx/main.py
create_refresh_token #
Generate a Refresh Token
PARAMETER | DESCRIPTION |
---|---|
uid | TYPE: |
headers | TYPE: |
expiry | TYPE: |
data | TYPE: |
audience | TYPE: |
*args | TYPE: |
**kwargs | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
uid | Unique identifier to generate token for TYPE: |
headers | TODO. Defaults to None. TYPE: |
expiry | Use a user defined expiry claim. Defaults to None. TYPE: |
data | Additional data to store in token. Defaults to None. TYPE: |
audience | Audience claim. Defaults to None. TYPE: |
RETURNS | DESCRIPTION |
---|---|
str | Refresh Token TYPE: |
Source code in authx/main.py
set_access_cookies #
Add 'Set-Cookie' for access token in response header
PARAMETER | DESCRIPTION |
---|---|
token | TYPE: |
response | TYPE: |
max_age | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
token | Access token TYPE: |
response | response to set cookie on TYPE: |
max_age | Max Age cookie parameter. Defaults to None. TYPE: |
Source code in authx/main.py
set_refresh_cookies #
Add 'Set-Cookie' for refresh token in response header
PARAMETER | DESCRIPTION |
---|---|
token | TYPE: |
response | TYPE: |
max_age | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
token | Refresh token TYPE: |
response | response to set cookie on TYPE: |
max_age | Max Age cookie parameter. Defaults to None. TYPE: |
Source code in authx/main.py
unset_access_cookies #
Remove 'Set-Cookie' for access token in response header
PARAMETER | DESCRIPTION |
---|---|
response | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
response | response to remove cooke from TYPE: |
unset_refresh_cookies #
Remove 'Set-Cookie' for refresh token in response header
PARAMETER | DESCRIPTION |
---|---|
response | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
response | response to remove cooke from TYPE: |
Source code in authx/main.py
unset_cookies #
Remove 'Set-Cookie' for tokens from response headers
PARAMETER | DESCRIPTION |
---|---|
response | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
response | response to remove token cookies from TYPE: |
Source code in authx/main.py
get_dependency #
FastAPI Dependency to return a AuthX sub-object within the route context
PARAMETER | DESCRIPTION |
---|---|
request | TYPE: |
response | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
request | Request context managed by FastAPI TYPE: |
response | Response context managed by FastAPI TYPE: |
Note
The AuthXDeps is a utility class, to enable quick token operations within the route logic. It provides methods to avoid additional code in your route that would be outside of the route logic
Such methods includes setting and unsetting cookies without the need to generate a response object beforehand
RETURNS | DESCRIPTION |
---|---|
AuthXDeps | The contextful AuthX object TYPE: |
Source code in authx/main.py
token_required #
token_required(type='access', verify_type=True, verify_fresh=False, verify_csrf=None, locations=None)
Dependency to enforce valid token availability in request
PARAMETER | DESCRIPTION |
---|---|
type | TYPE: |
verify_type | TYPE: |
verify_fresh | TYPE: |
verify_csrf | TYPE: |
locations | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
type | Require a given token type. Defaults to "access". TYPE: |
verify_type | Apply type verification. Defaults to True. TYPE: |
verify_fresh | Require token freshness. Defaults to False. TYPE: |
verify_csrf | Enable CSRF verification. Defaults to None. TYPE: |
locations | Locations to retrieve token from. Defaults to None. TYPE: |
RETURNS | DESCRIPTION |
---|---|
Callable[[Request], Awaitable[TokenPayload]] | Callable[[Request], TokenPayload]: Dependency for Valid token Payload retrieval |
Source code in authx/main.py
get_current_subject async
#
get_token_from_request #
Return token from response if available
PARAMETER | DESCRIPTION |
---|---|
type | TYPE: |
optional | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
type | The type of token to retrieve from request. Defaults to "access". TYPE: |
optional | Whether or not to enforce token presence in request. Defaults to True. TYPE: |
Note
When optional=True
, the return value might be None
if no token is available in request
When optional=False
, raises a MissingTokenError
RETURNS | DESCRIPTION |
---|---|
Callable[[Request], Awaitable[Optional[RequestToken]]] | Optional[RequestToken]: The RequestToken if available |
Source code in authx/main.py
implicit_refresh_middleware async
#
FastAPI Middleware to enable token refresh for an APIRouter
PARAMETER | DESCRIPTION |
---|---|
request | TYPE: |
call_next | TYPE: |
PARAMETER | DESCRIPTION |
---|---|
request | Incoming request TYPE: |
call_next | Endpoint logic to be called TYPE: |
Note
This middleware is only based on access
tokens. Using implicit refresh mechanism makes use of refresh
tokens unnecessary.
Note
The refreshed access
token will not be considered as fresh
Note
The implicit refresh mechanism is only enabled for authorization through cookies.
RETURNS | DESCRIPTION |
---|---|
Response | Response with update access token cookie if relevant TYPE: |