8.x.x ➡️ 9.x.x¶
Version 9 revamps the authentication backends: we splitted the logic of a backend into two: the transport, which is how the token will be carried over the request and the strategy, which is how the token is generated and secured.
The benefit of this is that we'll soon be able to propose new strategies, like database session tokens, without having to repeat the transport logic which remains the same.
Convert the authentication backend¶
You now have to generate an authentication backend with a transport and a strategy.
I used JWTAuthentication¶
from fastapi_users.authentication import AuthenticationBackend, BearerTransport, JWTStrategy
SECRET = "SECRET"
bearer_transport = BearerTransport(tokenUrl="auth/jwt/login")
def get_jwt_strategy() -> JWTStrategy:
return JWTStrategy(secret=SECRET, lifetime_seconds=3600)
auth_backend = AuthenticationBackend(
name="jwt",
transport=bearer_transport,
get_strategy=get_jwt_strategy,
)
Warning
There is no default name
anymore: you need to provide it yourself for each of your backends.
I used CookieAuthentication¶
from fastapi_users.authentication import AuthenticationBackend, CookieTransport, JWTStrategy
SECRET = "SECRET"
cookie_transport = CookieTransport(cookie_max_age=3600)
def get_jwt_strategy() -> JWTStrategy:
return JWTStrategy(secret=SECRET, lifetime_seconds=3600)
auth_backend = AuthenticationBackend(
name="cookie",
transport=cookie_transport,
get_strategy=get_jwt_strategy,
)
Warning
There is no default name
anymore: you need to provide it yourself for each of your backends.
Tip
Notice that the strategy is the same for both authentication backends. That's the beauty of this approach: the token generation is decoupled from its transport.
OAuth: one router for each backend¶
Before, a single OAuth router was enough to login with any of your authentication backend. Now, you need to generate a router for each of your backends.
authentication_backend
is not needed on /authorize
¶
The consequence of this is that you don't need to specify the authentication backend when making a request to /authorize
.
Lost?¶
If you're unsure or a bit lost, make sure to check the full working examples.