OAuth2 PasswordRequestForm

We should update or appication so that it uses the OAuth2PasswordRequestForm

First we need to import it

from fastapi.security.oauth2 import OAuth2PasswordRequestForm

Then we need to update our login route

# Before:
@router.post('/login')
def login(user_credentials: schemas.UserLogin, db: Session = Depends(database.get_db)):

    user = db.query(models.User).filter(models.User.email == user_credentials.email).first()

    if not user:
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials")

    if not utils.verify(user_credentials.password, user.password):
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials")


# After:
@router.post('/login')

# We're setting up a dependency with OAuth2PasswordRequestForm
def login(user_credentials: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(database.get_db)):

    # We need to make a small change as this form that we are using to get user crenetials stores the email in a varialbe called username
    # {
    #   "username": "something"
    #   "password": "somepass"
    # }
    user = db.query(models.User).filter(models.User.email == user_credentials.username).first()

    if not user:
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials")

    if not utils.verify(user_credentials.password, user.password):
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials")

Now that we have updated this with the OAuth2PasswordRequestForm, we no longer send the details in the body of the HTTP Request
If we do we will get the following error:

{
    "detail": [
        {
            "loc": [
                "body",
                "username"
            ],
            "msg": "field required",
            "type": "value_error.missing"
        },
        {
            "loc": [
                "body",
                "password"
            ],
            "msg": "field required",
            "type": "value_error.missing"
        }
    ]
}

The values now are expected in the form-data section

This will return the following data:

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2NjIxMTgyMTJ9.KOlnBfmWsu938veeymniWgRiDNdHhXt7xzRirQLw_VQ",
    "token_type": "bearer"
}

PreviousCreating Token with OAuth2 NextVerify user is Logged In

Last updated 2 years ago

# Before: @router.post('/login') def login(user_credentials: schemas.UserLogin, db: Session = Depends(database.get_db)): user = db.query(models.User).filter(models.User.email == user_credentials.email).first() if not user: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials") if not utils.verify(user_credentials.password, user.password): raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials") # After: @router.post('/login') # We're setting up a dependency with OAuth2PasswordRequestForm def login(user_credentials: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(database.get_db)): # We need to make a small change as this form that we are using to get user crenetials stores the email in a varialbe called username # { # "username": "something" # "password": "somepass" # } user = db.query(models.User).filter(models.User.email == user_credentials.username).first() if not user: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials") if not utils.verify(user_credentials.password, user.password): raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials")

{ "detail": [ { "loc": [ "body", "username" ], "msg": "field required", "type": "value_error.missing" }, { "loc": [ "body", "password" ], "msg": "field required", "type": "value_error.missing" } ] }