Skip to content

Authx#

authx.main.AuthX #

AuthX(config=AuthXConfig(), model=None)

Bases: _CallbackHandler[T], _ErrorHandler

The base class for AuthX.

AuthX enables JWT management within a FastAPI application. Its main purpose is to provide a reusable & simple syntax to protect API with JSON Web Token authentication.

PARAMETER DESCRIPTION
config

Configuration instance to use. Defaults to AuthXConfig().

TYPE: AuthXConfig DEFAULT: AuthXConfig()

model

Model type hint. Defaults to dict[str, Any].

TYPE: Optional[T] DEFAULT: None

Note

AuthX is a Generic python object. Its TypeVar is not mandatory but helps type hinting furing development

AuthX base object.

PARAMETER DESCRIPTION
config

TYPE: AuthXConfig DEFAULT: AuthXConfig()

model

TYPE: Optional[T] DEFAULT: None

PARAMETER DESCRIPTION
config

Configuration instance to use. Defaults to AuthXConfig().

TYPE: AuthXConfig DEFAULT: AuthXConfig()

model

Model type hint. Defaults to dict[str, Any].

TYPE: Optional[T] DEFAULT: None

Source code in authx/main.py 
51
52
53
54
55
56
57
58
59
60
61
def __init__(self, config: AuthXConfig = AuthXConfig(), model: Optional[T] = None) -> None:
    """AuthX base object.

    Args:
        config (AuthXConfig, optional): Configuration instance to use. Defaults to AuthXConfig().
        model (Optional[T], optional): Model type hint. Defaults to dict[str, Any].
    """
    self.model: Union[T, dict[str, Any]] = model if model is not None else {}
    super().__init__(model=model)
    super(_CallbackHandler, self).__init__()
    self._config = config

MSG_TokenError class-attribute instance-attribute #

MSG_TokenError = 'Token Error'

MSG_MissingTokenError class-attribute instance-attribute #

MSG_MissingTokenError = 'Missing JWT in request'

MSG_MissingCSRFTokenError class-attribute instance-attribute #

MSG_MissingCSRFTokenError = 'Missing CSRF double submit token in request'

MSG_TokenTypeError class-attribute instance-attribute #

MSG_TokenTypeError = 'Bad token type'

MSG_RevokedTokenError class-attribute instance-attribute #

MSG_RevokedTokenError = 'Invalid token'

MSG_TokenRequiredError class-attribute instance-attribute #

MSG_TokenRequiredError = 'Token required'

MSG_FreshTokenRequiredError class-attribute instance-attribute #

MSG_FreshTokenRequiredError = 'Fresh token required'

MSG_AccessTokenRequiredError class-attribute instance-attribute #

MSG_AccessTokenRequiredError = 'Access token required'

MSG_RefreshTokenRequiredError class-attribute instance-attribute #

MSG_RefreshTokenRequiredError = 'Refresh token required'

MSG_CSRFError class-attribute instance-attribute #

MSG_CSRFError = 'CSRF double submit does not match'

MSG_JWTDecodeError class-attribute instance-attribute #

MSG_JWTDecodeError = 'Invalid Token'

callback_get_model_instance instance-attribute #

callback_get_model_instance = None

callback_is_token_in_blocklist instance-attribute #

callback_is_token_in_blocklist = None

is_model_callback_set property #

is_model_callback_set

Check if callback is set for model instance.

is_token_callback_set property #

is_token_callback_set

Check if callback is set for token.

model instance-attribute #

model = model if model is not None else {}

config property #

config

AuthX Configuration getter.

RETURNS DESCRIPTION
AuthXConfig

Configuration BaseSettings

TYPE: AuthXConfig

DEPENDENCY property #

DEPENDENCY

FastAPI Dependency to return an AuthX sub-object within the route context.

BUNDLE property #

BUNDLE

FastAPI Dependency to return a AuthX sub-object within the route context.

FRESH_REQUIRED property #

FRESH_REQUIRED

FastAPI Dependency to enforce valid token availability in request.

ACCESS_REQUIRED property #

ACCESS_REQUIRED

FastAPI Dependency to enforce presence of an access token in request.

REFRESH_REQUIRED property #

REFRESH_REQUIRED

FastAPI Dependency to enforce presence of a refresh token in request.

ACCESS_TOKEN property #

ACCESS_TOKEN

FastAPI Dependency to retrieve access token from request.

REFRESH_TOKEN property #

REFRESH_TOKEN

FastAPI Dependency to retrieve refresh token from request.

CURRENT_SUBJECT property #

CURRENT_SUBJECT

FastAPI Dependency to retrieve the current subject from request.

fresh_token_required property #

fresh_token_required

FastAPI Dependency to enforce presence of a fresh access token in request.

access_token_required property #

access_token_required

FastAPI Dependency to enforce presence of an access token in request.

refresh_token_required property #

refresh_token_required

FastAPI Dependency to enforce presence of a refresh token in request.

handle_errors #

handle_errors(app)

Add the FastAPI.exception_handlers relative to AuthX exceptions.

PARAMETER DESCRIPTION
app

TYPE: FastAPI

PARAMETER DESCRIPTION
app

the FastAPI application to handle errors for

TYPE: FastAPI

Source code in authx/_internal/_error.py 
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
def handle_errors(self, app: FastAPI) -> None:
    """Add the `FastAPI.exception_handlers` relative to AuthX exceptions.

    Args:
        app (FastAPI): the FastAPI application to handle errors for
    """
    self._set_app_exception_handler(app, exception=exceptions.JWTDecodeError, status_code=422, message=None)
    self._set_app_exception_handler(
        app,
        exception=exceptions.MissingTokenError,
        status_code=401,
        message=self.MSG_TokenError,
    )
    self._set_app_exception_handler(
        app,
        exception=exceptions.MissingCSRFTokenError,
        status_code=401,
        message=self.MSG_MissingCSRFTokenError,
    )
    self._set_app_exception_handler(
        app,
        exception=exceptions.TokenTypeError,
        status_code=401,
        message=self.MSG_TokenTypeError,
    )
    self._set_app_exception_handler(
        app,
        exception=exceptions.RevokedTokenError,
        status_code=401,
        message=self.MSG_RevokedTokenError,
    )
    self._set_app_exception_handler(
        app,
        exception=exceptions.TokenRequiredError,
        status_code=401,
        message=self.MSG_TokenRequiredError,
    )
    self._set_app_exception_handler(
        app,
        exception=exceptions.FreshTokenRequiredError,
        status_code=401,
        message=self.MSG_FreshTokenRequiredError,
    )
    self._set_app_exception_handler(
        app,
        exception=exceptions.AccessTokenRequiredError,
        status_code=401,
        message=self.MSG_AccessTokenRequiredError,
    )
    self._set_app_exception_handler(
        app,
        exception=exceptions.RefreshTokenRequiredError,
        status_code=401,
        message=self.MSG_RefreshTokenRequiredError,
    )
    self._set_app_exception_handler(
        app,
        exception=exceptions.CSRFError,
        status_code=401,
        message=self.MSG_CSRFError,
    )

set_callback_get_model_instance #

set_callback_get_model_instance(callback)

Set callback for model instance.

PARAMETER DESCRIPTION
callback

TYPE: ModelCallback[T]

Source code in authx/_internal/_callback.py 
67
68
69
def set_callback_get_model_instance(self, callback: ModelCallback[T]) -> None:
    """Set callback for model instance."""
    self.callback_get_model_instance = callback

set_callback_token_blocklist #

set_callback_token_blocklist(callback)

Set callback for token.

PARAMETER DESCRIPTION
callback

TYPE: TokenCallback

Source code in authx/_internal/_callback.py 
71
72
73
def set_callback_token_blocklist(self, callback: TokenCallback) -> None:
    """Set callback for token."""
    self.callback_is_token_in_blocklist = callback

set_subject_getter #

set_subject_getter(callback)

Set the callback to run for subject retrieval and serialization.

PARAMETER DESCRIPTION
callback

TYPE: ModelCallback[T]

Source code in authx/_internal/_callback.py 
75
76
77
def set_subject_getter(self, callback: ModelCallback[T]) -> None:
    """Set the callback to run for subject retrieval and serialization."""
    self.set_callback_get_model_instance(callback)

set_token_blocklist #

set_token_blocklist(callback)

Set the callback to run for validation of revoked tokens.

PARAMETER DESCRIPTION
callback

TYPE: TokenCallback

Source code in authx/_internal/_callback.py 
79
80
81
def set_token_blocklist(self, callback: TokenCallback) -> None:
    """Set the callback to run for validation of revoked tokens."""
    self.set_callback_token_blocklist(callback)

is_token_in_blocklist #

is_token_in_blocklist(token, **kwargs)

Check if token is in blocklist.

PARAMETER DESCRIPTION
token

TYPE: Optional[str]

**kwargs

TYPE: ParamSpecKwargs DEFAULT: {}

Source code in authx/_internal/_callback.py 
89
90
91
92
93
94
95
def is_token_in_blocklist(self, token: Optional[str], **kwargs: ParamSpecKwargs) -> bool:
    """Check if token is in blocklist."""
    if self._check_token_callback_is_set(ignore_errors=True):
        callback: Optional[TokenCallback] = self.callback_is_token_in_blocklist
        if callback is not None and token is not None:
            return callback(token, **kwargs)  # type: ignore
    return False

load_config #

load_config(config)

Load and store the configuration for the authentication system.

Sets the internal configuration object with the provided authentication configuration.

PARAMETER DESCRIPTION
config

TYPE: AuthXConfig

PARAMETER DESCRIPTION
config

The configuration settings for the AuthX authentication system.

TYPE: AuthXConfig

RETURNS DESCRIPTION
None

None
Source code in authx/main.py 
63
64
65
66
67
68
69
70
71
72
73
74
def load_config(self, config: AuthXConfig) -> None:
    """Load and store the configuration for the authentication system.

    Sets the internal configuration object with the provided authentication configuration.

    Args:
        config: The configuration settings for the AuthX authentication system.

    Returns:
        None
    """
    self._config = config

get_access_token_from_request async #

get_access_token_from_request(request, locations=None)

Dependency to retrieve access token from request.

PARAMETER DESCRIPTION
request

TYPE: Request

locations

TYPE: Optional[TokenLocations] DEFAULT: None

PARAMETER DESCRIPTION
request

Request to retrieve access token from

TYPE: Request

locations

Locations to retrieve token from. Defaults to None.

TYPE: Optional[TokenLocations] DEFAULT: None

RAISES DESCRIPTION
MissingTokenError

When no access token is available in request
RETURNS DESCRIPTION
RequestToken

Request Token instance for access token type

TYPE: RequestToken

Source code in authx/main.py 
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
async def get_access_token_from_request(
    self, request: Request, locations: Optional[TokenLocations] = None
) -> RequestToken:
    """Dependency to retrieve access token from request.

    Args:
        request (Request): Request to retrieve access token from
        locations (Optional[TokenLocations], optional): Locations to retrieve token from. Defaults to None.

    Raises:
        MissingTokenError: When no `access` token is available in request

    Returns:
        RequestToken: Request Token instance for `access` token type
    """
    return await self._get_token_from_request(request, optional=False, locations=locations)

get_refresh_token_from_request async #

get_refresh_token_from_request(request, locations=None)

Dependency to retrieve refresh token from request.

PARAMETER DESCRIPTION
request

TYPE: Request

locations

TYPE: Optional[TokenLocations] DEFAULT: None

PARAMETER DESCRIPTION
request

Request to retrieve refresh token from

TYPE: Request

locations

Locations to retrieve token from. Defaults to None.

TYPE: Optional[TokenLocations] DEFAULT: None

RAISES DESCRIPTION
MissingTokenError

When no refresh token is available in request
RETURNS DESCRIPTION
RequestToken

Request Token instance for refresh token type

TYPE: RequestToken

Source code in authx/main.py 
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
async def get_refresh_token_from_request(
    self, request: Request, locations: Optional[TokenLocations] = None
) -> RequestToken:
    """Dependency to retrieve refresh token from request.

    Args:
        request (Request): Request to retrieve refresh token from
        locations (Optional[TokenLocations], optional): Locations to retrieve token from. Defaults to None.

    Raises:
        MissingTokenError: When no `refresh` token is available in request

    Returns:
        RequestToken: Request Token instance for `refresh` token type
    """
    return await self._get_token_from_request(request, refresh=True, optional=False, locations=locations)

verify_token #

verify_token(token, verify_type=True, verify_fresh=False, verify_csrf=True)

Verify a request token.

PARAMETER DESCRIPTION
token

TYPE: RequestToken

verify_type

TYPE: bool DEFAULT: True

verify_fresh

TYPE: bool DEFAULT: False

verify_csrf

TYPE: bool DEFAULT: True

PARAMETER DESCRIPTION
token

RequestToken instance

TYPE: RequestToken

verify_type

Apply token type verification. Defaults to True.

TYPE: bool DEFAULT: True

verify_fresh

Apply token freshness verification. Defaults to False.

TYPE: bool DEFAULT: False

verify_csrf

Apply token CSRF verification. Defaults to True.

TYPE: bool DEFAULT: True

RETURNS DESCRIPTION
TokenPayload

description

TYPE: TokenPayload

Source code in authx/main.py 
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
def verify_token(
    self,
    token: RequestToken,
    verify_type: bool = True,
    verify_fresh: bool = False,
    verify_csrf: bool = True,
) -> TokenPayload:
    """Verify a request token.

    Args:
        token (RequestToken): RequestToken instance
        verify_type (bool, optional): Apply token type verification. Defaults to True.
        verify_fresh (bool, optional): Apply token freshness verification. Defaults to False.
        verify_csrf (bool, optional): Apply token CSRF verification. Defaults to True.

    Returns:
        TokenPayload: _description_
    """
    return token.verify(
        key=self.config.public_key,
        algorithms=[self.config.JWT_ALGORITHM],
        verify_fresh=verify_fresh,
        verify_type=verify_type,
        verify_csrf=verify_csrf,
        audience=self.config.JWT_DECODE_AUDIENCE,
        issuer=self.config.JWT_DECODE_ISSUER,
    )

create_access_token #

create_access_token(uid, fresh=False, headers=None, expiry=None, data=None, audience=None, *args, **kwargs)

Generate an Access Token.

PARAMETER DESCRIPTION
uid

TYPE: str

fresh

TYPE: bool DEFAULT: False

headers

TYPE: Optional[dict[str, Any]] DEFAULT: None

expiry

TYPE: Optional[DateTimeExpression] DEFAULT: None

data

TYPE: Optional[dict[str, Any]] DEFAULT: None

audience

TYPE: Optional[StringOrSequence] DEFAULT: None

*args

TYPE: Any DEFAULT: ()

**kwargs

TYPE: Any DEFAULT: {}

PARAMETER DESCRIPTION
uid

Unique identifier to generate token for

TYPE: str

fresh

Generate fresh token. Defaults to False.

TYPE: bool DEFAULT: False

headers

TODO. Defaults to None.

TYPE: Optional[dict[str, Any]] DEFAULT: None

expiry

Use a user defined expiry claim. Defaults to None.

TYPE: Optional[DateTimeExpression] DEFAULT: None

data

Additional data to store in token. Defaults to None.

TYPE: Optional[dict[str, Any]] DEFAULT: None

audience

Audience claim. Defaults to None.

TYPE: Optional[StringOrSequence] DEFAULT: None

RETURNS DESCRIPTION
str

Access Token

TYPE: str

Source code in authx/main.py 
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
def create_access_token(
    self,
    uid: str,
    fresh: bool = False,
    headers: Optional[dict[str, Any]] = None,
    expiry: Optional[DateTimeExpression] = None,
    data: Optional[dict[str, Any]] = None,
    audience: Optional[StringOrSequence] = None,
    *args: Any,
    **kwargs: Any,
) -> str:
    """Generate an Access Token.

    Args:
        uid (str): Unique identifier to generate token for
        fresh (bool, optional): Generate fresh token. Defaults to False.
        headers (Optional[dict[str, Any]], optional): TODO. Defaults to None.
        expiry (Optional[DateTimeExpression], optional): Use a user defined expiry claim. Defaults to None.
        data (Optional[dict[str, Any]], optional): Additional data to store in token. Defaults to None.
        audience (Optional[StringOrSequence], optional): Audience claim. Defaults to None.

    Returns:
        str: Access Token
    """
    return self._create_token(
        uid=uid,
        type="access",
        fresh=fresh,
        headers=headers,
        expiry=expiry,
        data=data,
        audience=audience,
    )

create_refresh_token #

create_refresh_token(uid, headers=None, expiry=None, data=None, audience=None, *args, **kwargs)

Generate a Refresh Token.

PARAMETER DESCRIPTION
uid

TYPE: str

headers

TYPE: Optional[dict[str, Any]] DEFAULT: None

expiry

TYPE: Optional[DateTimeExpression] DEFAULT: None

data

TYPE: Optional[dict[str, Any]] DEFAULT: None

audience

TYPE: Optional[StringOrSequence] DEFAULT: None

*args

TYPE: Any DEFAULT: ()

**kwargs

TYPE: Any DEFAULT: {}

PARAMETER DESCRIPTION
uid

Unique identifier to generate token for

TYPE: str

headers

TODO. Defaults to None.

TYPE: Optional[dict[str, Any]] DEFAULT: None

expiry

Use a user defined expiry claim. Defaults to None.

TYPE: Optional[DateTimeExpression] DEFAULT: None

data

Additional data to store in token. Defaults to None.

TYPE: Optional[dict[str, Any]] DEFAULT: None

audience

Audience claim. Defaults to None.

TYPE: Optional[StringOrSequence] DEFAULT: None

RETURNS DESCRIPTION
str

Refresh Token

TYPE: str

Source code in authx/main.py 
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
def create_refresh_token(
    self,
    uid: str,
    headers: Optional[dict[str, Any]] = None,
    expiry: Optional[DateTimeExpression] = None,
    data: Optional[dict[str, Any]] = None,
    audience: Optional[StringOrSequence] = None,
    *args: Any,
    **kwargs: Any,
) -> str:
    """Generate a Refresh Token.

    Args:
        uid (str): Unique identifier to generate token for
        headers (Optional[dict[str, Any]], optional): TODO. Defaults to None.
        expiry (Optional[DateTimeExpression], optional): Use a user defined expiry claim. Defaults to None.
        data (Optional[dict[str, Any]], optional): Additional data to store in token. Defaults to None.
        audience (Optional[StringOrSequence], optional): Audience claim. Defaults to None.

    Returns:
        str: Refresh Token
    """
    return self._create_token(
        uid=uid,
        type="refresh",
        headers=headers,
        expiry=expiry,
        data=data,
        audience=audience,
    )

set_access_cookies #

set_access_cookies(token, response, max_age=None)

Add 'Set-Cookie' for access token in response header.

PARAMETER DESCRIPTION
token

TYPE: str

response

TYPE: Response

max_age

TYPE: Optional[int] DEFAULT: None

PARAMETER DESCRIPTION
token

Access token

TYPE: str

response

response to set cookie on

TYPE: Response

max_age

Max Age cookie parameter. Defaults to None.

TYPE: Optional[int] DEFAULT: None

Source code in authx/main.py 
450
451
452
453
454
455
456
457
458
459
460
461
462
463
def set_access_cookies(
    self,
    token: str,
    response: Response,
    max_age: Optional[int] = None,
) -> None:
    """Add 'Set-Cookie' for access token in response header.

    Args:
        token (str): Access token
        response (Response): response to set cookie on
        max_age (Optional[int], optional): Max Age cookie parameter. Defaults to None.
    """
    self._set_cookies(token=token, type="access", response=response, max_age=max_age)

set_refresh_cookies #

set_refresh_cookies(token, response, max_age=None)

Add 'Set-Cookie' for refresh token in response header.

PARAMETER DESCRIPTION
token

TYPE: str

response

TYPE: Response

max_age

TYPE: Optional[int] DEFAULT: None

PARAMETER DESCRIPTION
token

Refresh token

TYPE: str

response

response to set cookie on

TYPE: Response

max_age

Max Age cookie parameter. Defaults to None.

TYPE: Optional[int] DEFAULT: None

Source code in authx/main.py 
465
466
467
468
469
470
471
472
473
474
475
476
477
478
def set_refresh_cookies(
    self,
    token: str,
    response: Response,
    max_age: Optional[int] = None,
) -> None:
    """Add 'Set-Cookie' for refresh token in response header.

    Args:
        token (str): Refresh token
        response (Response): response to set cookie on
        max_age (Optional[int], optional): Max Age cookie parameter. Defaults to None.
    """
    self._set_cookies(token=token, type="refresh", response=response, max_age=max_age)

unset_access_cookies #

unset_access_cookies(response)

Remove 'Set-Cookie' for access token in response header.

PARAMETER DESCRIPTION
response

TYPE: Response

PARAMETER DESCRIPTION
response

response to remove cooke from

TYPE: Response

Source code in authx/main.py 
480
481
482
483
484
485
486
487
488
489
def unset_access_cookies(
    self,
    response: Response,
) -> None:
    """Remove 'Set-Cookie' for access token in response header.

    Args:
        response (Response): response to remove cooke from
    """
    self._unset_cookies("access", response=response)

unset_refresh_cookies #

unset_refresh_cookies(response)

Remove 'Set-Cookie' for refresh token in response header.

PARAMETER DESCRIPTION
response

TYPE: Response

PARAMETER DESCRIPTION
response

response to remove cooke from

TYPE: Response

Source code in authx/main.py 
491
492
493
494
495
496
497
498
499
500
def unset_refresh_cookies(
    self,
    response: Response,
) -> None:
    """Remove 'Set-Cookie' for refresh token in response header.

    Args:
        response (Response): response to remove cooke from
    """
    self._unset_cookies("refresh", response=response)

unset_cookies #

unset_cookies(response)

Remove 'Set-Cookie' for tokens from response headers.

PARAMETER DESCRIPTION
response

TYPE: Response

PARAMETER DESCRIPTION
response

response to remove token cookies from

TYPE: Response

Source code in authx/main.py 
502
503
504
505
506
507
508
509
510
511
512
def unset_cookies(
    self,
    response: Response,
) -> None:
    """Remove 'Set-Cookie' for tokens from response headers.

    Args:
        response (Response): response to remove token cookies from
    """
    self.unset_access_cookies(response)
    self.unset_refresh_cookies(response)

get_dependency #

get_dependency(request, response)

FastAPI Dependency to return a AuthX sub-object within the route context.

PARAMETER DESCRIPTION
request

TYPE: Request

response

TYPE: Response

PARAMETER DESCRIPTION
request

Request context managed by FastAPI

TYPE: Request

response

Response context managed by FastAPI

TYPE: Response

Note

The AuthXDeps is a utility class, to enable quick token operations within the route logic. It provides methods to avoid additional code in your route that would be outside of the route logic

Such methods includes setting and unsetting cookies without the need to generate a response object beforehand

RETURNS DESCRIPTION
AuthXDeps

The contextful AuthX object

TYPE: AuthXDependency[Any]

Source code in authx/main.py 
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
def get_dependency(self, request: Request, response: Response) -> AuthXDependency[Any]:
    """FastAPI Dependency to return a AuthX sub-object within the route context.

    Args:
        request (Request): Request context managed by FastAPI
        response (Response): Response context managed by FastAPI

    Note:
        The AuthXDeps is a utility class, to enable quick token operations
        within the route logic. It provides methods to avoid additional code
        in your route that would be outside of the route logic

        Such methods includes setting and unsetting cookies without the need
        to generate a response object beforehand

    Returns:
        AuthXDeps: The contextful AuthX object
    """
    return AuthXDependency(self, request=request, response=response)

token_required #

token_required(type='access', verify_type=True, verify_fresh=False, verify_csrf=None, locations=None)

Dependency to enforce valid token availability in request.

PARAMETER DESCRIPTION
type

TYPE: str DEFAULT: 'access'

verify_type

TYPE: bool DEFAULT: True

verify_fresh

TYPE: bool DEFAULT: False

verify_csrf

TYPE: Optional[bool] DEFAULT: None

locations

TYPE: Optional[TokenLocations] DEFAULT: None

PARAMETER DESCRIPTION
type

Require a given token type. Defaults to "access".

TYPE: str DEFAULT: 'access'

verify_type

Apply type verification. Defaults to True.

TYPE: bool DEFAULT: True

verify_fresh

Require token freshness. Defaults to False.

TYPE: bool DEFAULT: False

verify_csrf

Enable CSRF verification. Defaults to None.

TYPE: Optional[bool] DEFAULT: None

locations

Locations to retrieve token from. Defaults to None.

TYPE: Optional[TokenLocations] DEFAULT: None

RETURNS DESCRIPTION
Callable[[Request], Awaitable[TokenPayload]]

Callable[[Request], TokenPayload]: Dependency for Valid token Payload retrieval
Source code in authx/main.py 
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
def token_required(
    self,
    type: str = "access",
    verify_type: bool = True,
    verify_fresh: bool = False,
    verify_csrf: Optional[bool] = None,
    locations: Optional[TokenLocations] = None,
) -> Callable[[Request], Awaitable[TokenPayload]]:
    """Dependency to enforce valid token availability in request.

    Args:
        type (str, optional): Require a given token type. Defaults to "access".
        verify_type (bool, optional): Apply type verification. Defaults to True.
        verify_fresh (bool, optional): Require token freshness. Defaults to False.
        verify_csrf (Optional[bool], optional): Enable CSRF verification. Defaults to None.
        locations (Optional[TokenLocations], optional): Locations to retrieve token from. Defaults to None.

    Returns:
        Callable[[Request], TokenPayload]: Dependency for Valid token Payload retrieval
    """

    async def _auth_required(request: Request) -> Any:
        return await self._auth_required(
            request=request,
            type=type,
            verify_csrf=verify_csrf,
            verify_type=verify_type,
            verify_fresh=verify_fresh,
            locations=locations,
        )

    return _auth_required

get_current_subject async #

get_current_subject(request)

Retrieve the currently authenticated subject from the request.

Validates the request token and fetches the corresponding subject based on the user identifier.

PARAMETER DESCRIPTION
request

TYPE: Request

PARAMETER DESCRIPTION
request

The HTTP request containing authentication credentials.

TYPE: Request

RETURNS DESCRIPTION
Optional[T]

The authenticated subject if present, otherwise None.
Source code in authx/main.py 
645
646
647
648
649
650
651
652
653
654
655
656
657
658
async def get_current_subject(self, request: Request) -> Optional[T]:
    """Retrieve the currently authenticated subject from the request.

    Validates the request token and fetches the corresponding subject based on the user identifier.

    Args:
        request: The HTTP request containing authentication credentials.

    Returns:
        The authenticated subject if present, otherwise None.
    """
    token: TokenPayload = await self._auth_required(request=request)
    uid = token.sub
    return self._get_current_subject(uid=uid)

get_token_from_request #

get_token_from_request(type='access', optional=True)

Return token from response if available.

PARAMETER DESCRIPTION
type

TYPE: TokenType DEFAULT: 'access'

optional

TYPE: bool DEFAULT: True

PARAMETER DESCRIPTION
type

The type of token to retrieve from request. Defaults to "access".

TYPE: TokenType DEFAULT: 'access'

optional

Whether or not to enforce token presence in request. Defaults to True.

TYPE: bool DEFAULT: True

Note

When optional=True, the return value might be None if no token is available in request

When optional=False, raises a MissingTokenError

RETURNS DESCRIPTION
Callable[[Request], Awaitable[Optional[RequestToken]]]

Optional[RequestToken]: The RequestToken if available
Source code in authx/main.py 
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
def get_token_from_request(
    self, type: TokenType = "access", optional: bool = True
) -> Callable[[Request], Awaitable[Optional[RequestToken]]]:
    """Return token from response if available.

    Args:
        type (TokenType, optional): The type of token to retrieve from request.
            Defaults to "access".
        optional (bool, optional): Whether or not to enforce token presence in request.
            Defaults to True.

    Note:
        When `optional=True`, the return value might be `None`
        if no token is available in request

        When `optional=False`, raises a MissingTokenError

    Returns:
        Optional[RequestToken]: The RequestToken if available
    """

    async def _token_getter(request: Request) -> Optional[RequestToken]:
        # Specify locations as None since it's not provided in this context
        # Convert `optional` to a literal True or False based on its value
        optional_literal: Literal[True, False] = optional
        return await self._get_token_from_request(
            request,
            None,  # Explicitly passing None for locations
            refresh=(type == "refresh"),
            optional=optional_literal,
        )

    return _token_getter

implicit_refresh_middleware async #

implicit_refresh_middleware(request, call_next)

FastAPI Middleware to enable token refresh for an APIRouter.

PARAMETER DESCRIPTION
request

TYPE: Request

call_next

TYPE: Callable[[Request], Coroutine[Any, Any, Response]]

PARAMETER DESCRIPTION
request

Incoming request

TYPE: Request

call_next

Endpoint logic to be called

TYPE: Coroutine

Note

This middleware is only based on access tokens. Using implicit refresh mechanism makes use of refresh tokens unnecessary.

Note

The refreshed access token will not be considered as fresh

Note

The implicit refresh mechanism is only enabled for authorization through cookies.

RETURNS DESCRIPTION
Response

Response with update access token cookie if relevant

TYPE: Response

Source code in authx/main.py 
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
async def implicit_refresh_middleware(
    self,
    request: Request,
    call_next: Callable[[Request], Coroutine[Any, Any, Response]],
) -> Response:
    """FastAPI Middleware to enable token refresh for an APIRouter.

    Args:
        request (Request): Incoming request
        call_next (Coroutine): Endpoint logic to be called

    Note:
        This middleware is only based on `access` tokens.
        Using implicit refresh mechanism makes use of `refresh`
        tokens unnecessary.

    Note:
        The refreshed `access` token will not be considered as
        `fresh`

    Note:
        The implicit refresh mechanism is only enabled
        for authorization through cookies.

    Returns:
        Response: Response with update access token cookie if relevant
    """
    response = await call_next(request)

    if self.config.has_location("cookies") and self._implicit_refresh_enabled_for_request(request):
        with contextlib.suppress(AuthXException):
            # Refresh mechanism
            token = await self._get_token_from_request(
                request=request,
                locations=["cookies"],
                refresh=False,
                optional=False,
            )
            payload = self.verify_token(token, verify_fresh=False)
            if (
                datetime.timedelta(payload.time_until_expiry)  # type: ignore
                < self.config.JWT_IMPLICIT_REFRESH_DELTATIME
            ):
                new_token = self.create_access_token(uid=payload.sub, fresh=False, data=payload.extra_dict)
                self.set_access_cookies(new_token, response=response)
    return response