Replies: 5 comments 27 replies
-
|
@Fidel-C Yes if you write your own endpoints because all non-JWTMiddleware endpoints do not require a JWT token in the header. If you look at the example in the docs, only the endpoints in the |
Beta Was this translation helpful? Give feedback.
-
|
@dantownsend That's great idea. |
Beta Was this translation helpful? Give feedback.
-
|
@dantownsend that would be great. |
Beta Was this translation helpful? Give feedback.
-
|
I've created a PR for it #224 |
Beta Was this translation helpful? Give feedback.
-
|
I've released the |
Beta Was this translation helpful? Give feedback.
-
Wow! good job . |
Beta Was this translation helpful? Give feedback.
-
|
@sinisaos might try that out too. Thanks. |
Beta Was this translation helpful? Give feedback.
-
We don't use Discord much at the moment - GitHub discussions is quite nice because we can easily convert discussions into issues. But we probably should use Discord more as people do like it. |
Beta Was this translation helpful? Give feedback.
-
|
I observed that once I secure a particular app either using Session, Jwt, Token, it disappeares completely from the docs. I suppose that this would be difficult for a front-end developer who needs the docs. Adding allow_unauthenticated flag to the jwt authentication reveals the docs but then it also removes authentication. |
Beta Was this translation helpful? Give feedback.
-
|
@Fidel-C Here is example how to use Piccolo BaseUser with FastAPI built-in OAuth. @dantownsend I changed your example to this and it works. If you want I can do PR to add from fastapi import Depends, FastAPI
from fastapi.security.api_key import APIKeyHeader
public_app = FastAPI(...)
auth_header = APIKeyHeader(name="Authorization")
private_app = FastAPI(dependencies=[Depends(auth_header)]
protected_app = JWTMiddleware(
private_app,
auth_table=BaseUser,
secret="mysecret123",
blacklist=MyBlacklist(),
visible_paths=["/docs", "/openapi.json"],
)
FastAPIWrapper(
"/bands/",
fastapi_app=private_app,
piccolo_crud=PiccoloCRUD(Band, read_only=False),
fastapi_kwargs=FastAPIKwargs(
all_routes={"tags": ["Band"]},
),
)
public_app.mount("/private", protected_app)Result is: visable_paths.mp4 |
Beta Was this translation helpful? Give feedback.
-
@Fidel-C We would have to refactor it to support other hashing algorithms. It's not impossible, but is a bit of work. |
Beta Was this translation helpful? Give feedback.
-
|
@sinisaos and @dantownsend thanks a lot for your assistance. Very grateful. |
Beta Was this translation helpful? Give feedback.
-
|
@Fidel-C I made a PR #226 based on @dantownsend idea, so we'll see what happens. I hope it is good enough because with these changes we will be able to use Swagger docs and authorize the user like in the video I posted. |
Beta Was this translation helpful? Give feedback.
-
|
Great work |
Beta Was this translation helpful? Give feedback.
-
|
@sinisaos I suppose this FadtApi OAuth2 implementation will work after the update or does it work right away? |
Beta Was this translation helpful? Give feedback.
-
|
@Fidel-C I'm sorry, but I don't understand. Which FastAPI OAuth implementation, from this example or from the PR? The code from my example repository will work with or without changes because that code does not use the Piccolo middleware. As for PR, I'm not a maintainer and the code from PR has to pass Daniel's review first and if it's good enough, PR will be merged into master. If you want to try the code from the PR, you must patch your local Piccolo API installation with the code from the PR. |
Beta Was this translation helpful? Give feedback.
-
|
@sinisaos thanks a lot. I understand. |
Beta Was this translation helpful? Give feedback.
-
When using JWT, Is there a way to exempt certain endpoints from requiring token in the headers?
I'd also like to know if there's a discord channel or something to join the community.
Beta Was this translation helpful? Give feedback.
All reactions