alihan/awesome-reviewers
1
0
Fork 0
mirror of https://github.com/baz-scm/awesome-reviewers.git synced 2025-08-20 18:58:52 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
awesome-reviewers/_reviewers/fastapi-secure-jwt-authentication.md
internal-baz-ci-app[bot] 1c1b63cffd Add 24 awesome reviewers for fastapi/fastapi
2025-07-03 17:01:12 +00:00

2.2 KiB
Raw Permalink Blame History

title, description, repository, label, language, comments_count, repository_stars
title description repository label language comments_count repository_stars
Secure JWT authentication Implement secure authentication using JWT tokens by following these best practices: 1. **Use secure libraries**: Prefer well-maintained libraries like `PyJWT` for JWT handling and `passlib` with bcrypt for password hashing: fastapi/fastapi Security Markdown 3 86871

Implement secure authentication using JWT tokens by following these best practices:

  1. Use secure libraries: Prefer well-maintained libraries like PyJWT for JWT handling and passlib with bcrypt for password hashing:
from passlib.context import CryptContext
import jwt

# Password hashing setup
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

# JWT configuration
SECRET_KEY = "your-secure-secret-key"  # Generate with: openssl rand -hex 32
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30

# Functions for security
def verify_password(plain_password, hashed_password):
    return pwd_context.verify(plain_password, hashed_password)
    
def get_password_hash(password):
    return pwd_context.hash(password)
    
def create_access_token(data: dict, expires_delta: timedelta):
    to_encode = data.copy()
    expire = datetime.utcnow() + expires_delta
    to_encode.update({"exp": expire})
    return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)

  1. Never store plaintext passwords: Always hash passwords before storage and compare hashed values during verification.

  2. Set appropriate token expiration: Balance security with user experience by setting reasonable token expiration times.

  3. Distinguish authentication from authorization: Authentication verifies user identity while authorization determines their permissions. Implement both correctly.

  4. Configure secure settings: Avoid security risks in configurations. For example, never use allow_credentials=True with allow_origins=['*'] in CORS settings, as this would allow any third-party origin to access sensitive cookie information.

  5. Protect JWT tokens: Store tokens securely (HTTP-only cookies or secure client-side storage), validate them on each request, and implement proper token revocation strategies.