FastAPI Integration
authfort-service provides FastAPI dependencies that work the same as the ones on the main auth server.
current_user
Section titled “current_user”Extracts and verifies the JWT from the request:
from authfort_service import ServiceAuth
from fastapi import FastAPI, Depends
service = ServiceAuth(
jwks_url="https://auth.example.com/.well-known/jwks.json",
issuer="authfort",
)
app = FastAPI()
@app.get("/api/orders")
async def my_orders(user=Depends(service.current_user)):
return {
"user_id": user.sub,
"email": user.email,
"roles": user.roles,
}from authfort_service import ServiceAuth
from fastapi import FastAPI, Depends
service = ServiceAuth(
jwks_url="https://auth.example.com/.well-known/jwks.json",
issuer="authfort",
)
app = FastAPI()
@app.get("/api/orders")
async def my_orders(user=Depends(service.current_user)):
return {
"user_id": user.sub,
"email": user.email,
"roles": user.roles,
}The dependency reads the token from:
Authorization: Bearer <token>header (checked first)- Cookie named by
cookie_name(if configured, checked second)
If no valid token is found, returns 401 Unauthorized.
require_role
Section titled “require_role”Verifies the user has a specific role:
@app.get("/api/admin/stats")
async def admin_stats(user=Depends(service.require_role("admin"))):
return {"total_orders": 1234}@app.get("/api/admin/stats")
async def admin_stats(user=Depends(service.require_role("admin"))):
return {"total_orders": 1234}Returns 403 Forbidden if the user doesn’t have the required role.
Multiple Roles
Section titled “Multiple Roles”@app.get("/api/manage")
async def manage(
user=Depends(service.require_role(["admin", "editor"])),
):
return {"roles": user.roles}@app.get("/api/manage")
async def manage(
user=Depends(service.require_role(["admin", "editor"])),
):
return {"roles": user.roles}Token from Cookies
Section titled “Token from Cookies”If your frontend uses cookie mode, configure the service to read cookies:
service = ServiceAuth(
jwks_url="https://auth.example.com/.well-known/jwks.json",
issuer="authfort",
cookie_name="access_token", # Same as CookieConfig.access_cookie_name
)service = ServiceAuth(
jwks_url="https://auth.example.com/.well-known/jwks.json",
issuer="authfort",
cookie_name="access_token", # Same as CookieConfig.access_cookie_name
)The dependency checks the Authorization header first, then falls back to the cookie.
Example: Full Microservice
Section titled “Example: Full Microservice” orders_service/main.py
from authfort_service import ServiceAuth
from fastapi import FastAPI, Depends
service = ServiceAuth(
jwks_url="https://auth.example.com/.well-known/jwks.json",
issuer="authfort",
cookie_name="access_token",
)
app = FastAPI()
@app.get("/api/orders")
async def list_orders(user=Depends(service.current_user)):
orders = await get_orders_for_user(user.sub)
return {"orders": orders}
@app.post("/api/orders")
async def create_order(data: OrderCreate, user=Depends(service.current_user)):
order = await create_order_for_user(user.sub, data)
return {"order": order}
@app.delete("/api/orders/{order_id}")
async def delete_order(order_id: str, user=Depends(service.require_role("admin"))):
await delete_order_by_id(order_id)
return {"deleted": True}from authfort_service import ServiceAuth
from fastapi import FastAPI, Depends
service = ServiceAuth(
jwks_url="https://auth.example.com/.well-known/jwks.json",
issuer="authfort",
cookie_name="access_token",
)
app = FastAPI()
@app.get("/api/orders")
async def list_orders(user=Depends(service.current_user)):
orders = await get_orders_for_user(user.sub)
return {"orders": orders}
@app.post("/api/orders")
async def create_order(data: OrderCreate, user=Depends(service.current_user)):
order = await create_order_for_user(user.sub, data)
return {"order": order}
@app.delete("/api/orders/{order_id}")
async def delete_order(order_id: str, user=Depends(service.require_role("admin"))):
await delete_order_by_id(order_id)
return {"deleted": True}