search

IndominusByte / fastapi-jwt-auth

FastAPI extension that provides JWT Auth support (secure, easy to use, and lightweight)
http://indominusbyte.github.io/fastapi-jwt-auth/
MIT License
627 stars 143 forks source link

JWT in Cookies - Missing CSRF Token #62

Open denjas opened 2 years ago

denjas commented 2 years ago

Hi everyone! Please help me figure it out. Why the example from the manual JWT in Cookies does not work? The copied and run code gives the same error message for /logout and /refresh: "detail": "Missing CSRF Token" Tried it in several popular browsers.

  File "/home/denja/projects/gts2/src/gts/routers/auth.py", line 46, in __call__
    Authorize.jwt_required()
  File "/home/denja/.local/share/virtualenvs/gts2-k6IAi1d4/lib/python3.9/site-packages/fastapi_jwt_auth/auth_jwt.py", line 702, in jwt_required
    self._verify_and_get_jwt_in_cookies('access',self._request)
  File "/home/denja/.local/share/virtualenvs/gts2-k6IAi1d4/lib/python3.9/site-packages/fastapi_jwt_auth/auth_jwt.py", line 561, in _verify_and_get_jwt_in_cookies
    raise CSRFError(status_code=401,message="Missing CSRF Token")
fastapi_jwt_auth.exceptions.CSRFError
ultratin commented 2 years ago

You can refer to this issue https://github.com/IndominusByte/fastapi-jwt-auth/issues/29/ You probably need to set the X-CSRF-TOKEN from the client based on the value of csrf-access-token in the cookie.