hasB4K
commented
8 months ago I would love to see this PR merged into fastapi-users. The refresh token is something that is often necessary when a project start to scale. @frankie567 what do you think? :)
Open Ae-Mc opened 8 months ago
hasB4K
commented
8 months ago I would love to see this PR merged into fastapi-users. The refresh token is something that is often necessary when a project start to scale. @frankie567 what do you think? :)
Chiggy-Playz
commented
8 months ago @Ae-Mc is this PR in a usable state right now? I'd like to clone it locally and try it out in my project
Ae-Mc
commented
8 months ago @Chiggy-Playz I'm using it right now on one of my projects
Chiggy-Playz
commented
8 months ago I see. If the repository is public can you link me where its used? I'd like to get an idea of how to set things up properly 😅
Ae-Mc
commented
8 months ago Commit where I migrate from handmade version to library version: https://github.com/Ae-Mc/climbing-app-backend/commit/f2516e71f0c4e8ba11d96b7b2f54decc3481992b
Look at files climbing/api/api_v1/endpoints/auth.py climbing/core/security.py climbing/db/models/user.py climbing/db/session.py pyproject.toml
Chiggy-Playz
commented
8 months ago @Ae-Mc thanks for the links! I think i've managed to implement it properly in my project as well (hopefully), however I did find a bug. The DatabaseRefreshStrategy has a parameter refresh_lifetime_seconds but that is not used anywhere. So I added the following code
def _refresh_get_max_age(self) -> Optional[datetime]:
max_age = None
if self.refresh_lifetime_seconds:
max_age = datetime.now(timezone.utc) - timedelta(
seconds=self.refresh_lifetime_seconds
)
return max_ageinside the DatabaseRefreshStrategy class and then inside the read_token_by_refresh I use _refresh_get_max_age instead of _get_max_age. I've opened a PR on your repository and I'd be glad if you could merge it 😁
abdullah-alnahas
commented
7 months ago Hello,
I was wondering if you have any estimated timelines for when the merge will be completed and the release will take place.
hasB4K
commented
7 months ago @abdullah-alnahas It really depends if @frankie567 wants this feature or not. Since he didn't answer yet, it's not even sure that this PR will even be accepted.
ifigueroap
commented
6 months ago Please provide this feature, it is necessary to properly implement short-lived sessions using JWT....
ifigueroap
commented
5 months ago I'm revisiting some code today, and again I beg you to implement this feature
Dom4n
commented
3 months ago @frankie567 could You please look into it? Implementation is good imho. I would like to use it too.
mrgyf1
commented
3 months ago Also intersted in
paulocoutinhox
commented
1 month ago +1
galkinc
commented
1 month ago +1
integrajerome
commented
2 weeks ago +1
Add refresh token strategy, bearer token structure, database base class. Need help with JWT and redis strategies. Need help with cookie transport. Need help with test writing (I will wrote it later, but tests must be reviewed by somebody more professional). Need help with docs.
It can solve discussion #350. In difference with pull request #1075 by @jtv8 this pull request doesn't change so much. Mostly it adds new classes, without changing old.