FastAPI backend guide

[FlxMgdnz]

We've received this middleware snipped for JWT handling in Python with FastAPI.

Check the code (does it work, can it be minimized?) and add it to docs/guides/backend if you approve.

from typing import Any

import jwt
from fastapi import FastAPI, Request
from fastapi.responses import JSONResponse

HANKO_API_URL = "XXX"


def deny():
    return JSONResponse(content={"error": "Unauthorized"}, status_code=401)


def extract_token_from_header(header: str):
    parts = header.split()

    if len(parts) != 2:
        return None

    scheme = parts[0].lower()
    token = parts[1]

    if scheme != "bearer":
        return None

    return token


app = FastAPI()


@app.middleware("http")
async def auth(request: Request, call_next: Any):
    authorization = request.headers.get("authorization")

    if not authorization:
        return deny()

    token = extract_token_from_header(authorization)

    if not token:
        return deny()

    jwks_client = jwt.PyJWKClient(HANKO_API_URL)
    signing_key = jwks_client.get_signing_key_from_jwt(token)
    data = jwt.decode(
        token,
        signing_key.key,
        algorithms=["RS256"],
        audience="localhost",
        options={"verify_exp": False},
    )

    if not data:
        return deny()

    return await call_next(request)

[FlxMgdnz]

/bounty $30

[algora-pbc]

💎 $30 bounty created by FlxMgdnz
🙋 If you start working on this, comment /attempt #980 to notify everyone
👉 To claim this bounty, submit a pull request that includes the text /claim #980 somewhere in its body
📝 Before proceeding, please make sure you can receive payouts in your country
💵 Payment arrives in your account 2-5 days after the bounty is rewarded
💯 You keep 100% of the bounty award
🙏 Thank you for contributing to teamhanko/hanko!

Attempt	Started (GMT+0)	Solution
🟢 @Chigala	Aug 20, 2023, 9:33:08 AM	#981

[Chigala]

/attempt #980

Options

• Cancel my attempt

[Chigala]

Just had the chance to run it and the code doesn't work. jwt.PyJWKClient isn't a attribute of jwt. I'm fixing it, would test it and update the docs when I'm done.

[b4s36t4]

@FlxMgdnz if we're talking about Python backend and we're only focusing on FastAPI snippet, doesn't that differ the context here?

[FlxMgdnz]

We want to make backend integration as easy as possible and provide middleware code here https://docs.hanko.io/guides/backend. We already have Go, Node, and Deno. I thought the example above should fit nicely (Python backend with FastAPI). Don't you think so?

[b4s36t4]

Yes, I understand but I feel specifing only one framework and linking the total language seems a bit odd. Maybe we can have multiple guides.. even though most of them follows kinda follows same pattern in python.

Like using detail markdown and we do multiple framework documentation? it helps people to lookout for the specific framework they're looking.

I suppose this doesn't cause of problem or confusion for people but having a detailed title/doc would be good I feel.

[algora-pbc]

💡 @Chigala submitted a pull request that claims the bounty. You can visit your org dashboard to reward.

[FlxMgdnz]

Yes, I understand but I feel specifing only one framework and linking the total language seems a bit odd. Maybe we can have multiple guides.. even though most of them follows kinda follows same pattern in python.

Like using detail markdown and we do multiple framework documentation? it helps people to lookout for the specific framework they're looking.

I suppose this doesn't cause of problem or confusion for people but having a detailed title/doc would be good I feel.

Let's keep it simple and leave it at one Python example. I think folks will be able to understand what's going on, which library to use, and apply it to the framework of their choice.

[FlxMgdnz]

One more thing: The verify_exp option should be removed, otherwise we are not validating expiration of the token (thanks @masylum)

[algora-pbc]

🎉🎈 @Chigala has been awarded $30! 🎈🎊