Skip to content

Simple User Authentication with FastAPI

Basic Auth

flowchart TD
    subgraph "Frontend"
        A1[Login Form]
        A2[Protected Pages]
    end

    subgraph "Backend - FastAPI Endpoints"
        B1["/api/users/me"]
        B2["/api/protected-resource"]
    end

    subgraph "Basic Auth Middleware"
        C1[HTTPBasic Security]
        C2[Credential Verification]
    end

    subgraph "Database Layer"
        D1[(Users Table)]
    end

    %% Frontend to Backend Flows
    A1 -->|HTTP Request with Authorization Header| B1
    A2 -->|HTTP Request with Authorization Header| B2

    %% Authentication Flow
    B1 -->|Extract Credentials| C1
    B2 -->|Extract Credentials| C1
    C1 -->|Validate Username/Password| C2
    C2 -->|Query User| D1
    D1 -->|Return User Data| C2

    %% Response Flow
    C2 -->|Authentication Success| B1
    C2 -->|Authentication Success| B2
    C2 -->|Authentication Failure| E[401 Unauthorized]

    B1 -->|Return User Data| A1
    B2 -->|Return Protected Data| A2

fastapi basic auth

from fastapi.security import HTTPBasic, HTTPBasicCredentials

...

security = HTTPBasic()

@app.get("/auth/signin")
def signin(credentials: Annotated[HTTPBasicCredentials, Depends(security)]):
    return {"username": credentials.username, "password": credentials.password}

@app.get("/auth/me"):
def read_current_user()

OAuth2 with FastAPI

flowchart LR
    subgraph "Frontend"
        A1[Login Page]
        A2[Registration Page]
        A3[Protected Pages]
        A4[Profile Page]
    end

    subgraph "Backend - FastAPI Endpoints"
        B1["/api/auth/register"]
        B2["/api/auth/login"]
        B3["/api/auth/refresh-token"]
        B4["/api/auth/logout"]
        B5["/api/users/me"]
        B6["/api/protected-resource"]
    end

    subgraph "OAuth2 Middleware"
        C1[OAuth2PasswordBearer]
        C2[JWT Token Verification]
        C3[Scopes Validation]
    end

    subgraph "Database Layer"
        D1[(Users Table)]
        D2[(Tokens Table)]
    end

    %% Registration Flow
    A2 -->|POST User Details| B1
    B1 -->|Hash Password & Store| D1
    B1 -->|Return 201 Created| A2

    %% Login Flow
    A1 -->|POST Username/Password| B2
    B2 -->|Verify Credentials| D1
    B2 -->|Generate JWT Tokens| C4[Token Generator]
    C4 -->|Store Tokens| D2
    B2 -->|Return Access & Refresh Tokens| A1

    %% Protected Resource Flow
    A3 -->|GET with Bearer Token| B6
    A4 -->|GET with Bearer Token| B5
    B5 -->|Extract Token| C1
    B6 -->|Extract Token| C1
    C1 -->|Validate JWT| C2
    C2 -->|Check Token in DB| D2
    C2 -->|Check User Permissions| C3
    C3 -->|Get User Data| D1

    %% Refresh Token Flow
    A3 -->|POST Refresh Token| B3
    B3 -->|Verify Refresh Token| D2
    B3 -->|Generate New Tokens| C4
    B3 -->|Return New Access Token| A3

    %% Logout Flow
    A3 -->|POST to Logout| B4
    B4 -->|Invalidate Token| D2
    B4 -->|Return 204 No Content| A3

    %% Response Flow
    C3 -->|Authentication Success| B5
    C3 -->|Authentication Success| B6
    C3 -->|Authentication Failure| E[401 Unauthorized]

    B5 -->|Return User Data| A4
    B6 -->|Return Protected Data| A3