mirror
/
tiangolo.fastapi
mirror of https://github.com/tiangolo/fastapi
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
403 Commits
20 Branches
208 Tags
163 MiB
 
Tree: c705685394
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c705685394'
${ noResults }
tiangolo.fastapi/docs/tutorial/security/http-basic-auth.md

1.5 KiB
Raw Blame History

For the simplest cases, you can use HTTP Basic Auth.

In HTTP Basic Auth, the application expects a header that contains a username and a password.

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header WWW-Authenticate with a value of Basic, and an optional realm parameter.

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.

Simple HTTP Basic Auth

  • Import HTTPBAsic and HTTPBasicCredentials.
  • Create a "security scheme" using HTTPBAsic.
  • Use that security with a dependency in your path operation.
  • It returns an object of type HTTPBasicCredentials:
    • It contains the username and password sent.
{!./src/security/tutorial006.py!}

When you try to open the URL for the first time (or click the "Execute" button in the docs) the browser will ask you for your username and password:

Check the username

Here's a more complete example.

Use a dependency to check if the username and password are correct.

If the credentials are incorrect, return an HTTPException with a status code 401 (the same returned when no credentials are provided) and add the header WWW-Authenticate to make the browser show the login prompt again:

{!./src/security/tutorial007.py!}