search

IndominusByte / fastapi-jwt-auth

FastAPI extension that provides JWT Auth support (secure, easy to use, and lightweight)
http://indominusbyte.github.io/fastapi-jwt-auth/
MIT License
660 stars 153 forks source link

Unable to use HTTPBasicCredentials for credentials #31

Open alucarddelta opened 3 years ago

alucarddelta commented 3 years ago

I am trying to use credentials from a Basic Auth form to be passed into a script to generate a JWT. However when I call the endpoint I get:

{ "detail": "Bad Authorization header. Expected value 'Bearer '" }

I believe this is because when looking at the Authorization header that is generated by the Basic Auth form, it sends Basic <token>. When the AuthJWT see's this, it rejects it as it is expecting Bearer <token> and sends a 422 Error code.

Is there a way to pass this?

@app.post('/auth/basic_login', tags=["Authentication"])
def auth_basic_login(credentials: HTTPBasicCredentials = Depends(security), Authorize: AuthJWT = Depends()):
    user = dict(username = credentials.username, password = credentials.password)
    access_token = Authorize.create_access_token(subject=user['username'],user_claims=dict(user), expires_time= False)
    response = jsonable_encoder(dict(login = True, username = user['username'], authorization = access_token))
    Authorize.set_access_cookies(access_token)
    return response
IndominusByte commented 3 years ago

another way to use fastapi-jwt-auth, you can change the header name and header type for more information detail you can check in docs

alucarddelta commented 3 years ago

In the same way as I can change the header name and type as described in your docs (a method which does work). Using the Authorization header is somewhat standard.

Is it possible to add a setting to bypass JWTAuth if it detects a header types from a list set by the user. Such as Basic, Digest, Hawk ect?

eg. authjwt_header_type_bypass = list = ["Basic"]

if re.match(r"{}\s".format(header_type),auth) in header_type_bypass:
    return None
IndominusByte commented 3 years ago

for right now it's not possible ā˜¹ļø, but I think it's a good idea to set header type by list, I will update in the next version šŸ˜, for right now you can change header type as I said before

vbigbang commented 3 years ago

This library is very useful, I am a python beginner. I hope this library will get better and better. I would like to ask what is the progress of this proposal. šŸ’—