fastapi-jwt-auth

MuhammedSuhaib/fastapi-jwt-auth

Security

1 installs

About

SKILL.md

fastapi-jwt-auth

MuhammedSuhaib/fastapi-jwt-auth

Security

1 installs

About

Expert skill for implementing JWT-based authentication in FastAPI applications. Handles token generation, verification, user authentication, protected routes, and security best practices...

SKILL.md

FastAPI JWT Authentication Skill

When to Use This Skill

User wants to implement JWT authentication in FastAPI
Need to secure API endpoints with token-based authentication
Want to implement user registration and login functionality
Looking for OAuth2 password flow implementation
Need to set up password hashing and verification

How This Skill Works (Step-by-Step Execution)

Dependency Installation
- Install pyjwt, pwdlib[argon2], and other required packages
- Set up environment variables for secret keys
User Model and Database Setup
- Create User model with proper fields
- Set up database connection and session management
- Implement password hashing utilities
JWT Token Generation
- Create token generation function with proper expiration
- Implement OAuth2PasswordBearer security scheme
- Add token verification utilities
Authentication Endpoints
- Create /token endpoint for login
- Implement user retrieval and validation
- Add protected route examples
Security Implementation
- Add proper error handling for authentication failures
- Implement user isolation
- Configure security headers

Output You Will Receive

After activation, I will deliver:

Complete dependency installation commands
User model and database setup
JWT token generation and verification functions
Login endpoint with proper error handling
Protected route examples
Security best practices and configurations

Example Usage

User says: "I need to add JWT authentication to my FastAPI application."

This Skill Instantly Activates → Delivers:

Complete dependency setup with pyjwt and pwdlib
User model with proper password hashing
OAuth2 password flow implementation
Token generation and verification functions
Protected route examples
Security best practices

User says: "Secure my API endpoints with JWT tokens in FastAPI."

This Skill Responds: → Sets up OAuth2PasswordBearer security scheme → Creates token generation endpoint → Implements JWT verification middleware → Provides protected route examples with user isolation

Activate This Skill By Saying

"Add JWT authentication to my FastAPI app"
"Secure my API endpoints with JWT tokens"
"Implement login and registration in FastAPI"
"I need OAuth2 password flow in FastAPI"

Core Implementation Steps

1. Install Dependencies

pip install pyjwt pwdlib[argon2]

2. User Model and Password Hashing

from pwdlib import PasswordHash
from typing import Annotated
from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic import BaseModel

password_hash = PasswordHash.recommended()

def hash_password(password: str):
    return password_hash.hash(password)

def verify_password(password: str, hashed_password: str):
    return password_hash.verify(password, hashed_password)

3. JWT Token Generation

from datetime import datetime, timedelta
import jwt

SECRET_KEY = "your-secret-key"  # Use environment variable
ALGORITHM = "HS256"

def create_access_token(data: dict, expires_delta: timedelta = None):
    to_encode = data.copy()
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
    else:
        expire = datetime.utcnow() + timedelta(minutes=15)
    to_encode.update({"exp": expire})
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt

4. Authentication Endpoint

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

@app.post("/token")
async def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
    user = fake_users_db.get(form_data.username)
    if not user or not verify_password(form_data.password, user["hashed_password"]):
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    access_token_expires = timedelta(minutes=30)
    access_token = create_access_token(
        data={"sub": user["username"]}, expires_delta=access_token_expires
    )
    return {"access_token": access_token, "token_type": "bearer"}

5. Protected Route

async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
    except jwt.PyJWTError:
        raise credentials_exception
    user = get_user(username=username)
    if user is None:
        raise credentials_exception
    return user

@app.get("/users/me")
async def read_users_me(current_user: User = Depends(get_current_user)):
    return current_user

About

SKILL.md

About

Expert skill for implementing JWT-based authentication in FastAPI applications. Handles token generation, verification, user authentication, protected routes, and security best practices...

SKILL.md

FastAPI JWT Authentication Skill

When to Use This Skill

User wants to implement JWT authentication in FastAPI
Need to secure API endpoints with token-based authentication
Want to implement user registration and login functionality
Looking for OAuth2 password flow implementation
Need to set up password hashing and verification

How This Skill Works (Step-by-Step Execution)

Dependency Installation
- Install pyjwt, pwdlib[argon2], and other required packages
- Set up environment variables for secret keys
User Model and Database Setup
- Create User model with proper fields
- Set up database connection and session management
- Implement password hashing utilities
JWT Token Generation
- Create token generation function with proper expiration
- Implement OAuth2PasswordBearer security scheme
- Add token verification utilities
Authentication Endpoints
- Create /token endpoint for login
- Implement user retrieval and validation
- Add protected route examples
Security Implementation
- Add proper error handling for authentication failures
- Implement user isolation
- Configure security headers

Output You Will Receive

After activation, I will deliver:

Complete dependency installation commands
User model and database setup
JWT token generation and verification functions
Login endpoint with proper error handling
Protected route examples
Security best practices and configurations

Example Usage

User says: "I need to add JWT authentication to my FastAPI application."

This Skill Instantly Activates → Delivers:

Complete dependency setup with pyjwt and pwdlib
User model with proper password hashing
OAuth2 password flow implementation
Token generation and verification functions
Protected route examples
Security best practices

User says: "Secure my API endpoints with JWT tokens in FastAPI."

Activate This Skill By Saying

"Add JWT authentication to my FastAPI app"
"Secure my API endpoints with JWT tokens"
"Implement login and registration in FastAPI"
"I need OAuth2 password flow in FastAPI"

Core Implementation Steps

1. Install Dependencies

pip install pyjwt pwdlib[argon2]

2. User Model and Password Hashing

from pwdlib import PasswordHash
from typing import Annotated
from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic import BaseModel

password_hash = PasswordHash.recommended()

def hash_password(password: str):
    return password_hash.hash(password)

def verify_password(password: str, hashed_password: str):
    return password_hash.verify(password, hashed_password)

3. JWT Token Generation

from datetime import datetime, timedelta
import jwt

SECRET_KEY = "your-secret-key"  # Use environment variable
ALGORITHM = "HS256"

def create_access_token(data: dict, expires_delta: timedelta = None):
    to_encode = data.copy()
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
    else:
        expire = datetime.utcnow() + timedelta(minutes=15)
    to_encode.update({"exp": expire})
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt

4. Authentication Endpoint

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

@app.post("/token")
async def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
    user = fake_users_db.get(form_data.username)
    if not user or not verify_password(form_data.password, user["hashed_password"]):
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    access_token_expires = timedelta(minutes=30)
    access_token = create_access_token(
        data={"sub": user["username"]}, expires_delta=access_token_expires
    )
    return {"access_token": access_token, "token_type": "bearer"}

5. Protected Route

async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
    except jwt.PyJWTError:
        raise credentials_exception
    user = get_user(username=username)
    if user is None:
        raise credentials_exception
    return user

@app.get("/users/me")
async def read_users_me(current_user: User = Depends(get_current_user)):
    return current_user