apifrom.security.auth

Authentication decorators for APIFromAnything.

This module provides decorators for securing API endpoints with various authentication methods, including JWT, API key, basic auth, and OAuth2.

Overview

Classes

• ErrorResponse

Functions

• _get_api_key()

• _get_auth_header()

• _get_basic_auth()

• _get_bearer_token()

• api_key_required()

• basic_auth_required()

• jwt_required()

• oauth2_required()

Classes

ErrorResponse(message, status_code = 400, error_code = None, details = None, headers = None):bases: JSONResponse

Error response for APIFromAnything.

This class represents an HTTP error response with JSON content.

Initialize a new ErrorResponse instance.

param message:

The error message.

param status_code:

The HTTP status code.

param error_code:

An optional error code.

param details:

Additional error details.

param headers:

HTTP headers.

Functions

apifrom.security.auth._get_api_key(request)

Parameters:

request (starlette.requests.Request)

Return type:

Optional[str]

Get the API key from a request.

The API key can be provided in the X-API-Key header or as a query parameter.

param request:

The request to get the API key from.

returns:

The API key, or None if not present.

apifrom.security.auth._get_auth_header(request)

Parameters:

request (starlette.requests.Request)

Return type:

Optional[str]

Get the Authorization header from a request.

param request:

The request to get the header from.

returns:

The Authorization header value, or None if not present.

apifrom.security.auth._get_basic_auth(request)

Parameters:

request (starlette.requests.Request)

Return type:

Optional[Tuple[str, str]]

Get the Basic auth credentials from a request.

param request:

The request to get the credentials from.

returns:

A tuple of (username, password), or None if not present.

apifrom.security.auth._get_bearer_token(request)

Parameters:

request (starlette.requests.Request)

Return type:

Optional[str]

Get the Bearer token from a request.

param request:

The request to get the token from.

returns:

The Bearer token, or None if not present.

apifrom.security.auth.api_key_required(func=None, *, api_keys=None, scopes=None, error_message='Invalid or missing API key')

Parameters:

• api_keys (Optional[Dict[str, Union[str, List[str], Dict[str, Any]]]])

• scopes (Optional[List[str]])

• error_message (str)

Decorator to require a valid API key for an API endpoint.

param func:

The function to decorate.

param api_keys:

A dictionary of API keys and their scopes. If None, uses the API instance’s API keys. The values can be strings, lists of strings, or dictionaries with a ‘scopes’ key.

param scopes:

A list of scopes that the API key must have.

param error_message:

The error message to return if the API key is invalid.

returns:

The decorated function.

apifrom.security.auth.basic_auth_required(func=None, *, credentials=None, error_message='Invalid or missing credentials')

Parameters:

• credentials (Optional[Dict[str, str]])

• error_message (str)

Decorator to require valid Basic auth credentials for an API endpoint.

param func:

The function to decorate.

param credentials:

A dictionary of username-password pairs. If None, uses the API instance’s Basic auth credentials.

param error_message:

The error message to return if the credentials are invalid.

returns:

The decorated function.

apifrom.security.auth.jwt_required(func=None, *, secret=None, algorithm=None, verify_exp=True, verify_aud=False, audience=None, verify_iss=False, issuer=None, verify_sub=False, subject=None, required_claims=None, optional_claims=None, error_message='Invalid or missing JWT token')

Parameters:

• secret (Optional[str])

• algorithm (Optional[str])

• verify_exp (bool)

• verify_aud (bool)

• audience (Optional[str])

• verify_iss (bool)

• issuer (Optional[str])

• verify_sub (bool)

• subject (Optional[str])

• required_claims (Optional[List[str]])

• optional_claims (Optional[List[str]])

• error_message (str)

Decorator that requires a valid JWT token for accessing the endpoint.

param secret:

The secret key used to decode the JWT token

param algorithm:

The algorithm used to decode the JWT token

param verify_exp:

Whether to verify the expiration time

param verify_aud:

Whether to verify the audience

param audience:

The expected audience

param verify_iss:

Whether to verify the issuer

param issuer:

The expected issuer

param verify_sub:

Whether to verify the subject

param subject:

The expected subject

param required_claims:

List of claims that must be present in the token

param optional_claims:

List of claims that may be present in the token

param error_message:

The error message to return if the token is invalid

returns:

The decorated function

apifrom.security.auth.oauth2_required(func=None, *, scopes=None, token_url=None, error_message='Invalid or missing OAuth2 token')

Parameters:

• scopes (Optional[List[str]])

• token_url (Optional[str])

• error_message (str)

Decorator to require a valid OAuth2 token for an API endpoint.

This is a placeholder implementation. In a real application, you would integrate with an OAuth2 provider like Auth0, Okta, or your own OAuth2 server.

param func:

The function to decorate.

param scopes:

A list of scopes that the token must have.

param token_url:

The URL for obtaining tokens.

param error_message:

The error message to return if the token is invalid.

returns:

The decorated function.