Comments (5)
Not sure if it's a bug. Could you provide the requests you are doing to /logout
? I'm especially interested in the Authorization
and Cookie
headers.
from fastapi-users.
Here are the headers from the logout request:
{'accept': 'application/json',
'accept-encoding': 'gzip, deflate, br',
'cache-control': 'no-cache',
'connection': 'keep-alive',
'content-length': '0',
'cookie': 'access_token=cTp7fEr8aimRK1-rvTr3PDtFXuNX4I-ZrjNbeD2AqU8',
'host': 'localhost:8000',
'postman-token': '129ed49e-0f6f-464d-be12-67ce7da6459f',
'user-agent': 'PostmanRuntime/7.33.0'}
INFO: 127.0.0.1:56298 - "POST /api/v1/auth/jwt/dashboard/logout HTTP/1.1" 401 Unauthorized
from fastapi-users.
I'm wondering if it could come from a route priority collision (i.e. the auth_backend_mobile
router may take precedence here). Could you try to disable the auth_backend_mobile
router (only the router, the rest can stay) and try again?
# Comment this
#api_router.include_router(
# fastapi_users.get_auth_router(auth_backend_mobile), prefix=jwt_url, tags=["auth"]
#)
api_router.include_router(
fastapi_users.get_auth_router(auth_backend_dashboard), prefix=f"{jwt_url}/dashboard", tags=["auth"]
)
from fastapi-users.
That was the first thing I've done, but I just retried doing it again, and got the same results unfortunately.
The only two routes available:
{'accept': 'application/json',
'accept-encoding': 'gzip, deflate, br',
'cache-control': 'no-cache',
'connection': 'keep-alive',
'content-length': '0',
'cookie': 'access_token=-DCzaUhIqZVdtidmrjZtoLDx8q2mcqkd1znDd2_VjqM',
'host': 'localhost:8000',
'postman-token': '9d1af03d-44b6-41b3-af3e-49dbbfc3f201',
'user-agent': 'PostmanRuntime/7.33.0'}
INFO: 127.0.0.1:62858 - "POST /api/v1/auth/jwt/dashboard/logout HTTP/1.1" 401 Unauthorized
I am also extending the AuthenticationBackend class:
class DashBoardAuthenticationBackend(AuthenticationBackend):
async def login(
self, strategy: Strategy[models.UP, models.ID], user: models.UP
) -> Response:
if not user.is_researcher and not user.is_superuser:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
token = await strategy.write_token(user)
return await self.transport.get_login_response(token)
But I think it should not affect any of this behavior, login works as intended.
Even though I am not using the database_bearer strategy on any route now, the print that I have added on the Authenticator, still gives the database_bearer when I try to logout.
What I don't understand is that the login works as expected and the logout does not.
from fastapi-users.
@frankie567 I finally figured it out, the problem is on my end:
api_router.include_router(
fastapi_users.get_auth_router(auth_backend_mobile), prefix=jwt_url, tags=["auth"]
)
api_router.include_router(
fastapi_users.get_auth_router(auth_backend_dashboard), prefix=f"{jwt_url}/dashboard", tags=["auth"]
)
It should be:
api_router.include_router(
fastapi_users.get_auth_router(auth_backend_mobile), prefix=jwt_url, tags=["auth"]
)
api_router.include_router(
fastapi_users_dashboard.get_auth_router(auth_backend_dashboard), prefix=f"{jwt_url}/dashboard", tags=["auth"]
)
Because:
fastapi_users = FastAPIUsers[User, PydanticObjectId](get_user_manager, [auth_backend_mobile])
fastapi_users_dashboard = FastAPIUsers[User, PydanticObjectId](get_user_manager, [auth_backend_dashboard])
Sorry about the confusion. The current user dependency was being used from the auth_backend_mobile instead of the dashboard.
from fastapi-users.
Related Issues (20)
- TypeError: <class 'fastapi_users_db_beanie.BeanieBaseUser'> cannot be parametrized
- No docs for API user parameter
- Problem in getting current_user HOT 1
- Two different strategies generate the same tokens
- OAuthAccount.expires_at should be BigInteger HOT 1
- Support for Python 3.12 HOT 11
- How can i response many others user fields in jwt login ?
- fastapi depreciation in "full example" HOT 4
- Redis backends can't use 'reset-password' 'verify' HOT 4
- Inconsistency on responses HOT 2
- Crypt deprecation warning from passlib HOT 12
- user profile 401 Unauthorized HOT 3
- SQLAlchemyUserDatabase.create() got an unexpected keyword argument 'safe'
- forget password return null in responce body instead of token ?
- AttributeError: 'ValidatedEmail' object has no attribute 'normalized' HOT 2
- cannot import name 'BeanieUserDatabase' from 'fastapi_users.db'
- Exposing unused fields in FastAPI docs HOT 1
- alembic won't run imgration fastapi_users_db_sqlalchemy is not defined HOT 1
- Theoretically several users with the same email can be created HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastapi-users.