Routes¶
You'll find here the routes exposed by FastAPI Users. Note that you can also review them through the interactive API docs.
Auth router¶
Each authentication backend you generate a router for will produce the following routes. Take care about the prefix you gave it, especially if you have several backends.
POST /login¶
Login a user against the method named name. Check the corresponding authentication method to view the success response.
422 Validation Error
POST /logout¶
Logout the authenticated user against the method named name. Check the corresponding authentication method to view the success response.
401 Unauthorized
Missing token or inactive user.
204 No content
The logout process was successful.
Register router¶
POST /register¶
Register a new user. Will call the on_after_register handler on successful registration.
201 Created
422 Validation Error
400 Bad Request
Password validation failed.
Reset password router¶
POST /forgot-password¶
Request a reset password procedure. Will generate a temporary token and call the on_after_forgot_password handler if the user exists.
To prevent malicious users from guessing existing users in your database, the route will always return a 202 Accepted response, even if the user requested does not exist.
202 Accepted
POST /reset-password¶
Reset a password. Requires the token generated by the /forgot-password route.
Payload
200 OK
422 Validation Error
400 Bad Request
Password validation failed.
Verify router¶
POST /request-verify-token¶
Request a user to verify their e-mail. Will generate a temporary token and call the on_after_request_verify handler if the user exists, active and not already verified.
To prevent malicious users from guessing existing users in your database, the route will always return a 202 Accepted response, even if the user requested does not exist, not active or already verified.
202 Accepted
POST /verify¶
Verify a user. Requires the token generated by the /request-verify-token route. Will call the call the on_after_verify handler on success.
Payload
200 OK
422 Validation Error
400 Bad Request
Bad token, not existing user or not the e-mail currently set for the user.
OAuth router¶
Each OAuth router you define will expose the two following routes.
GET /authorize¶
Return the authorization URL for the OAuth service where you should redirect your user.
Query parameters
scopes: Optional list of scopes to ask for. Expected format:scopes=a&scopes=b.
200 OK
GET /callback¶
Handle the OAuth callback.
Query parameters
code: OAuth callback code.state: State token.error: OAuth error.
Depending on the situation, several things can happen:
- The OAuth account exists in database and is linked to a user:
- OAuth account is updated in database with fresh access token.
- The user is authenticated following the chosen authentication method.
- The OAuth account doesn't exist in database but a user with the same email address exists:
- By default, an HTTP 400 error is raised.
- If the
associate_by_emailflag is set toTrueon the router declaration, OAuth account is linked to the user. The user is authenticated following the chosen authentication method.
- The OAuth account doesn't exist in database and no user with the email address exists:
- A new user is created and linked to the OAuth account.
- The user is authenticated following the chosen authentication method.
400 Bad Request
Invalid token.
400 Bad Request
The OAuth provider didn't return an e-mail address. Make sure this provider return e-mail address through their API and you have asked for the required scope.
400 Bad Request
Another user with the same e-mail address already exists.
OAuth association router¶
Each OAuth association router you define will expose the two following routes.
GET /authorize¶
Return the authorization URL for the OAuth service where you should redirect your user.
Query parameters
scopes: Optional list of scopes to ask for. Expected format:scopes=a&scopes=b.
401 Unauthorized
Missing token or inactive user.
200 OK
GET /callback¶
Handle the OAuth callback and add the OAuth account to the current authenticated active user.
Query parameters
code: OAuth callback code.state: State token.error: OAuth error.
401 Unauthorized
Missing token or inactive user.
400 Bad Request
Invalid token.
400 Bad Request
The OAuth provider didn't return an e-mail address. Make sure this provider return e-mail address through their API and you have asked for the required scope.
200 OK
{
"id": "57cbb51a-ab71-4009-8802-3f54b4f2e23",
"email": "king.arthur@tintagel.bt",
"is_active": true,
"is_superuser": false,
"oauth_accounts": [
{
"id": "6c98caf5-9bc5-4c4f-8a45-a0ae0c40cd77",
"oauth_name": "TINTAGEL",
"access_token": "ACCESS_TOKEN",
"expires_at": "1641040620",
"account_id": "king_arthur_tintagel",
"account_email": "king.arthur@tintagel.bt"
}
]
}
Users router¶
GET /me¶
Return the current authenticated active user.
200 OK
401 Unauthorized
Missing token or inactive user.
PATCH /me¶
Update the current authenticated active user.
200 OK
401 Unauthorized
Missing token or inactive user.
400 Bad Request
Password validation failed.
400 Bad Request
A user with this email already exists.
422 Validation Error
GET /{user_id}¶
Return the user with id user_id.
200 OK
401 Unauthorized
Missing token or inactive user.
403 Forbidden
Not a superuser.
404 Not found
The user does not exist.
PATCH /{user_id}¶
Update the user with id user_id.
Payload
200 OK
401 Unauthorized
Missing token or inactive user.
403 Forbidden
Not a superuser.
404 Not found
The user does not exist.
400 Bad Request
Password validation failed.
400 Bad Request
A user with this email already exists.
DELETE /{user_id}¶
Delete the user with id user_id.
204 No content
401 Unauthorized
Missing token or inactive user.
403 Forbidden
Not a superuser.
404 Not found
The user does not exist.