FastAPI JWT Authentication

A simple, beginner-friendly JWT authentication system built with FastAPI. This backend-only project demonstrates user registration, login, and protected routes using JSON Web Tokens.

Layered Architecture for JWT Authentication

Features

• User Registration: Create new user accounts with secure password hashing
• User Login: Authenticate users and receive JWT access tokens
• Protected Routes: Access endpoints that require valid JWT tokens
• In-Memory Storage: Simple user database (for learning/demo purposes)
• Automatic API Docs: Interactive Swagger UI for testing endpoints

Flow of JWT Authentication Endpoints

Tech Stack

• FastAPI: Modern, fast web framework for building APIs
• PassLib: Secure password hashing
• Python-JOSE: JWT token creation and verification
• Uvicorn: ASGI server for running the app

Installation

1. Clone the repository:

   git clone https://github.com/alakasingh/Fastapi-JWT-auth
   cd fastapi-jwt-auth

2. Create a virtual environment (recommended):

   python -m venv venv
   # On Windows:
   venv\Scripts\activate
   # On macOS/Linux:
   source venv/bin/activate

3. Install dependencies:

   pip install -r requirements.txt

Usage

Start the Server

Run the FastAPI server with auto-reload:

python -m uvicorn main:app --reload

The server will start at http://127.0.0.1:8000

API Endpoints

• POST /register: Register a new user

  • Parameters: username (string), password (string)
  • Example: POST /register?username=john&password=mypass123

• POST /login: Login and get JWT token

  • Body: Form data with username and password
  • Returns: {"access_token": "jwt_token_here", "token_type": "bearer"}

• GET /protected: Access protected content (requires JWT token)

  • Header: Authorization: Bearer <your_jwt_token>
  • Returns: Personalized message for authenticated user

API Documentation (Swagger UI)

FastAPI automatically generates interactive API documentation. Visit:

• Swagger UI: http://127.0.0.1:8000/docs

• ReDoc: http://127.0.0.1:8000/redoc

In Swagger UI, you can:

• See all available endpoints
• Test endpoints directly in the browser
• View request/response examples
• No need for external tools like Postman

How JWT Authentication Works

1. Registration: User provides username/password → Password is hashed and stored
2. Login: User provides credentials → System verifies password → Returns JWT token
3. Protected Access: User sends JWT token in Authorization header → System validates token → Grants access

JWT Token Structure

• Header: Algorithm and token type
• Payload: User info (username) and expiration time
• Signature: Ensures token integrity

Connecting to Frontend

This is a backend API only. Use your own frontend application or web page to call the API endpoints.

For authentication, your frontend should:

• send login credentials to POST /login
• receive the JWT access_token
• attach the token to protected requests using the Authorization: Bearer <token> header

You can implement this in any frontend technology you prefer, such as React, Vue, plain JavaScript, or a mobile app.

Security Notes

• Change SECRET_KEY in production
• Use HTTPS in production
• Consider using a real database instead of in-memory storage
• Implement password strength requirements
• Add rate limiting for login attempts

Learning Resources

• FastAPI Documentation
• JWT.io - Learn about JSON Web Tokens
• PassLib Documentation

License

This project is licensed under the MIT License - see the LICENSE file for details.