The latest articles on DEV Community by SubGame (@subgame). https://dev.to/subgame https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F11624%2Fb184e417-7d38-4abb-b581-6af92457aeec.png https://dev.to/subgame en SubGame Wed, 24 Sep 2025 08:30:19 +0000 https://dev.to/subgame/implementing-jwt-authentication-with-fastapi-and-nextjs-50ni https://dev.to/subgame/implementing-jwt-authentication-with-fastapi-and-nextjs-50ni <h2> Introduction </h2> <p>Authentication is one of the most important aspects of modern web applications. Whether you’re building a small personal project or a large-scale marketplace, you need a secure and scalable way to handle user login, registration, and session management.</p> <p>In this article, I’ll share my experience implementing JWT-based authentication using FastAPI for the backend and Next.js for the frontend</p> <h2> Why JWT? </h2> <p>JWT (JSON Web Token) is widely used because:<br> It’s stateless (no need to store sessions in the backend).<br> It works perfectly with APIs and SPAs.<br> It can securely store claims about the user (like user ID, roles, permissions)</p> <h2> Backend: FastAPI Setup </h2> <p>First, let’s create a simple FastAPI app with JWT authentication.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from fastapi import FastAPI, Depends, HTTPException from fastapi.security import OAuth2PasswordBearer from jose import JWTError, jwt from datetime import datetime, timedelta app = FastAPI() SECRET_KEY = "your-secret-key" ALGORITHM = "HS256" ACCESS_TOKEN_EXPIRE_MINUTES = 30 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token") def create_access_token(data: dict, expires_delta: timedelta | None = None): to_encode = data.copy() expire = datetime.utcnow() + (expires_delta or timedelta(minutes=15)) to_encode.update({"exp": expire}) return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) </code></pre> </div> <p>This function creates a JWT with an expiration time.</p> <h2> Frontend: Next.js Integration </h2> <p>On the frontend, we’ll store the JWT securely and send it with each request.</p> <p>Here’s a simple example using fetch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>async function fetchUserProfile(token) { const res = await fetch("http://localhost:8000/users/me", { headers: { Authorization: `Bearer ${token}`, }, }); if (!res.ok) { throw new Error("Failed to fetch user profile"); } return res.json(); } </code></pre> </div> <h2> Best Practices </h2> <p>Don’t store JWT in localStorage – use HTTP-only cookies when possible.<br> Use refresh tokens for longer sessions.<br> Rotate tokens regularly for better security.<br> Handle expiration gracefully on the frontend.</p> <h2> Conclusion </h2> <p>Implementing JWT authentication with FastAPI and Next.js is straightforward, but security best practices must always be followed. By combining a fast Python backend with a modern React-based frontend, you can build secure and scalable applications with ease.</p> programming webdev fastapi nextjs