Swagger's Authentication part have told about bearer authentication method:
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources.
The Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750, but is sometimes also used on its own. Similarly to Basic authentication, Bearer authentication should only be used over HTTPS (SSL).
- Currently, this package only supports bearer token scheme authorization.
- This package only supports the FastAPI web framework
pip install lollol
A Client must send token in header which have name "Authorization" as below:
"Authorization": "Bearer <token>"
If you want to decode token with extra key, set a value in headers with 'X-EXTRA-SECRET-KEY' key.
"X-EXTRA-SECRET-KEY": "<extra secret key>"
A extra secret key just concatenate the string with origin secret key.
If you want to manager a authorization per endpoint,
First, initialize the Permission manager with required parameters.
import lollol
from pydantic import BaseModel
from fastapi import FastAPI
from fastapi.security import SecurityScopes
secret_key = "test_secret"
token_url = '/auth'
# Permission manager initialize
lollol.PermissionManager(
lollol.LoginManager(secret_key, token_url, use_header=True)
)
class Users(BaseModel):
id: int
name: str
passwd: str
email: str
users = []
def get_fake_user(user_id):
for user in users:
if user["user_id"] == user_id:
return Users(users)
return
def create_fake_user(user: Users):
users.append(user.dict())
return user- Decorator the function to be wanted to check a authorization with 'lollol.authorization'
- Add scopes parameter in the function with 'SecurityScopes' object which contains authorizations.
app = FastAPI()
@app.get("/users/{user_id}")
@lollol.authorize_required
async def get_user(user_id: str, scopes=SecurityScopes(["users", "user:read"])):
user = get_fake_user(user_id)
return user
@app.post("/users")
@lollol.authorize_required
async def create_user(user: Users, scopes=SecurityScopes(["users", "user:create"])):
user = create_fake_user(user)
return user- Just, calling 'lollol.authorize_router' with 'router' and 'SecurityScopes' which contains auths as parameter.
router = APIRouter()
# Authorization per router
lollol.authorize_router(router, SecurityScopes(["users"]))
@router.get("/users/{user_id}")
async def get_user(user_id: str):
user = get_fake_user(user_id)
return user
@router.post("/users")
async def create_user(user: Users):
user = create_fake_user(user)
return user- Just, calling 'lollol.authorize_app' with 'app' and 'SecurityScopes' which contains auths as parameter.
app = FastAPI()
lollol.authorize_app(app, SecurityScopes(["users"]))
@app.get("/users/{user_id}")
async def get_user(user_id: str):
user = get_fake_user(user_id)
return user
@app.post("/users")
async def create_user(user: Users):
user = create_fake_user(user)
return user