Routes¶
You'll find here the routes exposed by FastAPI Users. Note that you can also review them through the interactive API docs.
Auth router¶
Each authentication backend you generate a router for will produce the following routes. Take care about the prefix you gave it, especially if you have several backends.
POST /login
¶
Login a user against the method named name
. Check the corresponding authentication method to view the success response.
422 Validation Error
POST /logout
¶
Logout the authenticated user against the method named name
. Check the corresponding authentication method to view the success response.
401 Unauthorized
Missing token or inactive user.
204 No content
The logout process was successful.
Register router¶
POST /register
¶
Register a new user. Will call the on_after_register
handler on successful registration.
201 Created
422 Validation Error
400 Bad Request
Password validation failed.
Reset password router¶
POST /forgot-password
¶
Request a reset password procedure. Will generate a temporary token and call the on_after_forgot_password
handler if the user exists.
To prevent malicious users from guessing existing users in your database, the route will always return a 202 Accepted
response, even if the user requested does not exist.
202 Accepted
POST /reset-password
¶
Reset a password. Requires the token generated by the /forgot-password
route.
Payload
200 OK
422 Validation Error
400 Bad Request
Password validation failed.
Verify router¶
POST /request-verify-token
¶
Request a user to verify their e-mail. Will generate a temporary token and call the on_after_request_verify
handler if the user exists, active and not already verified.
To prevent malicious users from guessing existing users in your database, the route will always return a 202 Accepted
response, even if the user requested does not exist, not active or already verified.
202 Accepted
POST /verify
¶
Verify a user. Requires the token generated by the /request-verify-token
route. Will call the call the on_after_verify
handler on success.
Payload
200 OK
422 Validation Error
400 Bad Request
Bad token, not existing user or not the e-mail currently set for the user.
OAuth router¶
Each OAuth router you define will expose the two following routes.
GET /authorize
¶
Return the authorization URL for the OAuth service where you should redirect your user.
Query parameters
scopes
: Optional list of scopes to ask for. Expected format:scopes=a&scopes=b
.
200 OK
GET /callback
¶
Handle the OAuth callback.
Query parameters
code
: OAuth callback code.state
: State token.error
: OAuth error.
Depending on the situation, several things can happen:
- The OAuth account exists in database and is linked to a user:
- OAuth account is updated in database with fresh access token.
- The user is authenticated following the chosen authentication method.
- The OAuth account doesn't exist in database but a user with the same email address exists:
- By default, an HTTP 400 error is raised.
- If the
associate_by_email
flag is set toTrue
on the router declaration, OAuth account is linked to the user. The user is authenticated following the chosen authentication method.
- The OAuth account doesn't exist in database and no user with the email address exists:
- A new user is created and linked to the OAuth account.
- The user is authenticated following the chosen authentication method.
400 Bad Request
Invalid token.
400 Bad Request
The OAuth provider didn't return an e-mail address. Make sure this provider return e-mail address through their API and you have asked for the required scope.
400 Bad Request
Another user with the same e-mail address already exists.
OAuth association router¶
Each OAuth association router you define will expose the two following routes.
GET /authorize
¶
Return the authorization URL for the OAuth service where you should redirect your user.
Query parameters
scopes
: Optional list of scopes to ask for. Expected format:scopes=a&scopes=b
.
401 Unauthorized
Missing token or inactive user.
200 OK
GET /callback
¶
Handle the OAuth callback and add the OAuth account to the current authenticated active user.
Query parameters
code
: OAuth callback code.state
: State token.error
: OAuth error.
401 Unauthorized
Missing token or inactive user.
400 Bad Request
Invalid token.
400 Bad Request
The OAuth provider didn't return an e-mail address. Make sure this provider return e-mail address through their API and you have asked for the required scope.
200 OK
{
"id": "57cbb51a-ab71-4009-8802-3f54b4f2e23",
"email": "king.arthur@tintagel.bt",
"is_active": true,
"is_superuser": false,
"oauth_accounts": [
{
"id": "6c98caf5-9bc5-4c4f-8a45-a0ae0c40cd77",
"oauth_name": "TINTAGEL",
"access_token": "ACCESS_TOKEN",
"expires_at": "1641040620",
"account_id": "king_arthur_tintagel",
"account_email": "king.arthur@tintagel.bt"
}
]
}
Users router¶
GET /me
¶
Return the current authenticated active user.
200 OK
401 Unauthorized
Missing token or inactive user.
PATCH /me
¶
Update the current authenticated active user.
200 OK
401 Unauthorized
Missing token or inactive user.
400 Bad Request
Password validation failed.
400 Bad Request
A user with this email already exists.
422 Validation Error
GET /{user_id}
¶
Return the user with id user_id
.
200 OK
401 Unauthorized
Missing token or inactive user.
403 Forbidden
Not a superuser.
404 Not found
The user does not exist.
PATCH /{user_id}
¶
Update the user with id user_id
.
Payload
200 OK
401 Unauthorized
Missing token or inactive user.
403 Forbidden
Not a superuser.
404 Not found
The user does not exist.
400 Bad Request
Password validation failed.
400 Bad Request
A user with this email already exists.
DELETE /{user_id}
¶
Delete the user with id user_id
.
204 No content
401 Unauthorized
Missing token or inactive user.
403 Forbidden
Not a superuser.
404 Not found
The user does not exist.