Validate JSON Web Tokens (JWTs) issued by Auth0 in FastAPI
To follow along with this tutorial, you need an account on https://auth0.com. Also make sure you follow all the steps in the previous videos:
- "Setting up Auth0 for API Authentication and Authorization" (https://youtu.be/PbUcQUQ7K2o) to set up your Auth0 account
- "Login and issue API access tokens with Auth0 and FastAPI" (https://youtu.be/ato2S5b27o8) to implement the login and authorization flow. In this video, we issue the access tokens that you'll learn to validate in this video.
The code repository for this tutorial is available on GitHub: https://github.com/abunuwas/short-tutorials/tree/main/fastapi-auth0-authz.
In this tutorial, you'll learn to validate JSON Web Tokens (JWTs) issued by Auth0 in FastAPI applications. You'll also learn to add authorization controls on your FastAPI endpoints using dependency injection.
As you'll see, it's really simple to accomplish all this, and it's a very secure and reliable way to get user management and authorization out of the box for your applications.
For a deep dive into JSON Web Tokens, check out "Working with JWTs in Python" (https://youtu.be/VRn8cPc7B_w).
Let's go!
00:00 Introduction
00:52 Setting up the virtual environment and installing dependencies
01:04 Understanding JSON Web Tokens
04:16 Understanding JWT signatures
05:14 Fetch the OIDC configuration and the JWS keys from the well-known endpoint
07:50 Implementing a lookup function to find the JWT's signing key (find_public_key())
10:06 Implementing the token validation function (validate_token())
13:53 Using validate_token() in an endpoint
17:12 Adding a model for user claims (UserClaims class)
18:17 Adding authorization to an endpoint with dependency injection
22:31 Making the validate_token() function reusable across all authenticated endpoints
25:16 Handling invalid tokens
27:44 Additional considerations for API authentication and authorization
31:57 Wrapup
#python #fastapi #auth0 #apisecurity #jwts #jsonwebtokens