DEV Community

Tlaloc-Es
Tlaloc-Es

Posted on

Authentication example with FastAPI and JWT, is it as easy and straightforward as they claim?

When we talk about JWT, we are referring to the implementation of an access management system for resources. It is generally argued that JWT is easy and secure to use. However, as we saw in The Dark Side of JWT: Why It's Not as Secure as You Think?, this is not entirely true. In this article, we will design an authentication system that utilizes JWT. To begin, we will describe the needs we want to address. I understand that software architecture should involve identifying a problem and then choosing the most appropriate technology to solve it, rather than selecting a technology and trying to fit a problem into it. However, we will make an exception in this case to evaluate the feasibility of this technology.

And the cases we want to cover are:

  • Ability to log in
  • Ability to log out
  • Ability to track created sessions and their timestamps
  • Ability to log out of all sessions at once
  • Ability to have different roles
  • Security against XSS
  • Security against CSRF
  • To achieve all this, we will start with the first point and progress by revisiting and updating the previous points.

Let's remember that JWT is supposed to be:

  • Easy to use
  • Secure
  • Stateless
  • Fast
  • Cross-Domain Authentication

It's important to remember that JWT is simply a way to secure permissions, much like sessions. On the other hand, we have authentication protocols such as OAuth or Password Grant. Throughout the upcoming entries in this series, we will be exploring and explaining each of the points mentioned earlier.

In the examples I provide, only the basic part of the code will be included. If you want to see the entire code, I recommend giving a star to this repository: https://github.com/Tlaloc-Es/fastapi-basic-api-template, where I will start uploading the content.

Image of Timescale

Timescale โ€“ the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Billboard image

Try REST API Generation for Snowflake

DevOps for Private APIs. Automate the building, securing, and documenting of internal/private REST APIs with built-in enterprise security on bare-metal, VMs, or containers.

  • Auto-generated live APIs mapped from Snowflake database schema
  • Interactive Swagger API documentation
  • Scripting engine to customize your API
  • Built-in role-based access control

Learn more

๐Ÿ‘‹ Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay