How to get the user object when the user is logged in and None otherwise?
Question:
How to get the user object if the user is logged in and None otherwise?
Following the FastAPI documentation for getting the user the /api_limits
endpoint below returns a 401 when the user is not logged in (in an application with proper jwt signatures).
from typing import Optional
from fastapi import Depends, FastAPI
from fastapi.security import OAuth2PasswordBearer
from pydantic import BaseModel
app = FastAPI()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
class User(BaseModel):
username: str
email: Optional[str] = None
full_name: Optional[str] = None
disabled: Optional[bool] = None
def fake_decode_token(token):
return User(
username=token + "fakedecoded", email="[email protected]", full_name="John Doe"
)
async def get_current_user(token: str = Depends(oauth2_scheme)):
user = fake_decode_token(token)
return user
@app.get("/api_limits")
async def read_users_me(current_user: User = Depends(get_current_user)):
if current_user is None:
return 2
return 5
How to get the current_user
user object inside the /api_limits
endpoint in the sample code above to be None
when the user is not logged in?
Answers:
The OAuth2PasswordBearer
automagically generates a 401 error if no Authorization
header is present at all (i.e. there is no valid token being submitted).
If you don’t want this to happen, you can set auto_error=False
– in which case it will return None
instead if no header is found. You can then change your get_current_user
method to return None
instead of a user if no token is present:
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token", auto_error=False)
...
async def get_current_user(token: str = Depends(oauth2_scheme)):
if not token:
return None
user = fake_decode_token(token)
return user
How to get the user object if the user is logged in and None otherwise?
Following the FastAPI documentation for getting the user the /api_limits
endpoint below returns a 401 when the user is not logged in (in an application with proper jwt signatures).
from typing import Optional
from fastapi import Depends, FastAPI
from fastapi.security import OAuth2PasswordBearer
from pydantic import BaseModel
app = FastAPI()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
class User(BaseModel):
username: str
email: Optional[str] = None
full_name: Optional[str] = None
disabled: Optional[bool] = None
def fake_decode_token(token):
return User(
username=token + "fakedecoded", email="[email protected]", full_name="John Doe"
)
async def get_current_user(token: str = Depends(oauth2_scheme)):
user = fake_decode_token(token)
return user
@app.get("/api_limits")
async def read_users_me(current_user: User = Depends(get_current_user)):
if current_user is None:
return 2
return 5
How to get the current_user
user object inside the /api_limits
endpoint in the sample code above to be None
when the user is not logged in?
The OAuth2PasswordBearer
automagically generates a 401 error if no Authorization
header is present at all (i.e. there is no valid token being submitted).
If you don’t want this to happen, you can set auto_error=False
– in which case it will return None
instead if no header is found. You can then change your get_current_user
method to return None
instead of a user if no token is present:
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token", auto_error=False)
...
async def get_current_user(token: str = Depends(oauth2_scheme)):
if not token:
return None
user = fake_decode_token(token)
return user