FastAPI – How to use Depends #14

FastAPI is a modern web framework for building APIs with Python. One of its key features is the ability to easily define and use dependencies using the Depends class. Dependencies are reusable blocks of logic that can be injected into route functions to provide additional functionality, such as authentication, database connections, or data validation.

In this tutorial, we will explore how to use Depends in FastAPI to create a simple API with authentication using JWT tokens. We will create a dependency to extract and verify JWT tokens from incoming requests, and then use it in a route to authenticate users.

First, make sure you have FastAPI and PyJWT installed. You can install them using pip:

pip install fastapi
pip install pyjwt

Let’s start by creating a new FastAPI app in a file called main.py:

from fastapi import FastAPI, Depends, HTTPException
from fastapi.security import OAuth2PasswordBearer
import jwt

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

def get_current_user(token: str = Depends(oauth2_scheme)):
    try:
        payload = jwt.decode(token, "secret_key", algorithms=["HS256"])
        return payload.get('sub')
    except jwt.ExpiredSignatureError:
        raise HTTPException(status_code=401, detail="Token has expired")
    except jwt.JWTError:
        raise HTTPException(status_code=401, detail="Invalid token")

@app.get("/users/me")
def read_users_me(current_user: str = Depends(get_current_user)):
    return {"username": current_user}

In the code above, we import the necessary components from FastAPI and PyJWT, and define a new FastAPI app. We also create an OAuth2PasswordBearer instance to handle token extraction from incoming requests.

Next, we define a dependency called get_current_user that takes a token as input. Inside the dependency, we use PyJWT to decode and verify the token. If the token is valid, we return the subject (sub) from the token payload. If the token has expired or is invalid, we raise an HTTPException.

Finally, we create a route /users/me that depends on get_current_user. This route will return the username of the authenticated user.

To test our API, we can run the FastAPI app using uvicorn:

uvicorn main:app --reload

Now, we can make a GET request to http://localhost:8000/users/me with a valid JWT token in the Authorization header:

curl -X GET http://localhost:8000/users/me -H "Authorization: Bearer your_jwt_token"

If the token is valid, the API will return a JSON response with the username of the authenticated user. If the token is invalid or has expired, an error response will be returned.

In this tutorial, we have learned how to use Depends in FastAPI to create dependencies for handling authentication logic. Dependencies are a powerful feature of FastAPI that make it easy to add reusable and modular functionality to your API routes.