Quickly Authenticate Users with FastAPI and Token Authentication
Вставка
- Опубліковано 14 лип 2024
- In this 2 part series on API Authentication, Tim from @TechWithTim explains how to build an authenticated API using python and Fast API. In this first episode, we'll cover how to set up a FastAPI project and start using tokens to authenticate users. Be sure to subscribe to catch the second video in this series.
Chapters:
0:00 - Introduction
1:58 - Install Python Packages
4:36 - FastAPI import and Project Setup
7:08 - Access FastAPI documentation
8:48 - Using Query and Path Parameters
11:03 - How to Accept API Requests
13:30 - Set up API User Authentication
19:36 - Hashing and Authenticating Passwords
26:30 - Create an Access Token based on Login Data
33:50 - Writing a Token Root
40:51 - Testing Token Authorization
45:31 - Conclusion
New to Cloud Computing? Get started here with a $100 credit → www.linode.com/lp/youtube-vie...
Check out Tim's code on GitHub → github.com/techwithtim/Fast-A...
Watch this video for an introduction to APIs → • Intro to APIs | What a...
Read the guide on choosing a Python API framework → www.linode.com/docs/guides/ho...
Subscribe to get notified of new episodes as they come out → ua-cam.com/users/linode?sub_co...
#Linode #FastAPI #API #TechWithTim
Product: Linode, API, FastAPI; @TechWithTim - Наука та технологія
Thank you Tim for teaching and sharing.
To all, study, take breaks, apply knowledge and understanding, keep learning, before you know it your understanding is increasing and becomes comprehensible overtime.
Thank you Tim for teaching and sharing. To all, study, take breaks, apply knowledge and understanding, keep learning, before you know it your understanding is increasing and becomes comprehensible overtime.
Thank you Tim for teaching and sharing. To all, study, take breaks, apply knowledge and understanding, keep learning, before you know it your understanding is increasing and becomes comprehensible overtime.
Thanks man , All my doubts regarding the Basemodels and those 2 astrisks and OAuth2 are cleared here.
Thanks for video, and line by line explanation .. helpful for the user, using the OAUTH for first time.
what a tutorial. Hats off for this one
thank you very much
Is possible to create with Oauth a role and permission model similar to RBAC?
Thank you Tim for sharing your knowledge although it's fastt paced i could follow pretty good.
It would be nice if you'd explain the code more extensively. For example why did you chose to make the functions get_current_user and get_current_active_user async?
Awesome, but i need second part, where is it?
Is there a second part?
This is quite confusing to be honest. But I appreciate its the nature of the topic, not the fault of the video. Will probably need to watch this again.
from what I previously understand, first user login with username and password from login form and gets jwt token, second user send that jwt token to protected api routes, middleware extract the token from header and check if it is valid or not and decides to continue or stop the request. But the logic in FastAPI is a bit complicated. why do I need to pass again the username and password to access every protected routes?
Fast but absolutely excellent
But is there some info of path login , logout, signup?
im getting an error of "'openssl' is not recognized as an internal or external command,
operable program or batch file." while creating Secret Key
It could be that 'openssl' is not installed on your system. If you're using a Windows machine, this post comment from GitHub may be useful:
github.com/facebook/flipper/issues/3294#issuecomment-1014466972
Alternatively, you can check out this Stack Exchange post for installation instructions on other Operating Systems:
stackoverflow.com/questions/9001316/how-to-install-openssl-for-python
great video thank you Tim .
For some this may be usefull, if you return an list and wnat to show it in docs response example, use response_model=list[schema] in api decorator. And with python 3.11 you do not need to use response_model var in api decorator but instead use function type hints as:
async def my_func(…) -> list[schema]:
FastAPI is the best :]
got stuck on the openssl rannd -hex 32 bit. installed pyopenssl. pip list shows its installed. terminal says there is no such module. tried to add it to path but couldnt find the file for it.
If i cant even follow a tutorial , should i just give up on programming? i swear to god nothing ever works when i try and do it
it´s part of the game my friend. I encourage you to keep going, but know that in order to be a programmer the most difficult task it is not how to code a complex method, but to know how to solve a problem. Cause everything its already made, we programmers only copy code from the web and make it work. Search your error, find an alternate path or ask for help, there is no other way than facing the problem and to keep trying for pointless hours until somehow it works, at first you re not going to understand how it happened, but as life keeps going it´s all going to start being easy and making sense
Don't give up Daniel! The odds are that someone else has also had this same issue. This guide has instructions for troubleshooting "No module named 'OpenSSL' in Python":
bobbyhadz.com/blog/python-no-module-named-openssl
Also, if you need to find the file path for the command, you can use the 'which' command on a Linux system and the 'where' command on a Windows machine.
superuser.com/questions/49104/how-do-i-find-the-location-of-an-executable-in-windows
linuxize.com/post/linux-which-command/
Is it possible not to give hardcoded db in the code, as its a senstive information.
why dont you just tell me this is an example on their documen.. waste damn time
Link?
I have facing a problem in line 98 where it says db is not defined I don't really see db written or defined in your code but I see that we have named it fake_db. so what is happening ?
ok it seems it was some error in the code even in Tim's perspective he fixes it at time 41:42
You can find the code for this tutorial in the techwithtim GitHub repo. You should be able cross reference your code with what is available here:
github.com/techwithtim/Fast-API-Tutorial/blob/94c7e9ae19d45b8cdda7e068fe156e4b548c91f3/main.py#L98
@@AkamaiDeveloper It will be very helpful if you can add the link to the repo in the video description.
This is all great but how come there isn’t a library that does most of this work for you ??
How to test the same on Postman instead of Swagger?
You need to make a request from postman to your API endpoint and pass the token in auth section or in the headers.
Python not always is simple. PHP Sessions wins! 😂
Would the same logic apply if I'd use Templates (jinja2) to display a frontend?
Yes and you would have to use key words in templates to display values in front
I'm sure this is helpful for a lot of new developers, but bare metal?
This isn't bare metal since there's an OS on top of the hardware. I assume you want docker, but if you know docker then use it, take the knowledge from this video and use containers, should be easy since you imply you're not a new dev.
@@nobytes2 Hehe I forgot about this video. Sorry I don't remember docker being brought up. Yeah this is just UA-cam auto play in action. So what I meant is that users are going to screw up their OS if they don't use a virtual environment when they install packages.
@@CrashingPotatoEngineer ah ok gotcha makes sense, yeah lots of tuts don't use virtual environments. Nowadays I use poetry instead of venv.
How to install fastapi with out internet
😮
just to increase length of video you make it complex.
45:33
aweful video!
Why would you take the time to insult someone who put effort into sharing his knowledge with the community?
I agree. All he did is just typing and typing. Very little intuition.
You just stole the tutorial from the official FastAPI docs.
So?
he explained it in nice manner.
Гашиш в русском переводе, норм перевод
Well. For an API, I would probably NEVER EVER use a program!!!
What does that even mean ?
I, too, have no idea what this means.
Your comment does not make sense. What do you mean?
If you're not using a program for an API, how are you handling API's? On paper?
Thanks for the tutorial. Wondering when the token expiration time is checked? Does jwt.decode check this internally?