Endpoints¶

An endpoint is provided for JWT login, and is designed to integrate with an ASGI app, such as Starlette or FastAPI.

jwt_login¶

This creates an endpoint for logging in, and getting a JSON Web Token (JWT).

from piccolo_api.jwt_auth.endpoints import jwt_login
from starlette import Starlette
from starlette.routing import Route, Router


app = Starlette(
    routes=[
        Route(
            path="/login/",
            endpoint=jwt_login(
                secret='mysecret123'
            )
        ),
    ]
)

secret¶

This is used for signing the JWT.

expiry¶

An optional argument, which allows you to control when a token expires. By default it’s set to 1 day.

from datetime import timedelta

jwt_login(
    secret='mysecret123',
    expiry=timedelta(minutes=10)
)

Hint

You generally want short expiry tokens for web applications, and longer expiry times for mobile applications.

Hint

See JWTMiddleware for how to protect your endpoints.

Usage¶

You can use any HTTP client to get the JWT token. In our example we use curl.

To get a JWT token:

curl -X POST \
    -H "Content-Type: application/json" \
    -d '{"username": "piccolo", "password": "piccolo123"}' \
    http://localhost:8000/login/

To get data from a protected endpoint:

curl -H "Authorization: Bearer your-JWT-token" \
    http://localhost:8000/private/movies/

Hint

You can use all HTTP methods by passing a valid JWT token in the Authorization header.

Source¶

piccolo_api.jwt_auth.endpoints.jwt_login(secret: str, auth_table: Type[BaseUser] = BaseUser, expiry: timedelta = timedelta(days=1)) → Type[JWTLoginBase][source]¶

Create an endpoint for generating JWT tokens.

Parameters:

secret – Used to sign the the JWT tokens.
auth_table – Which Piccolo table to use to authenticate the user.
expiry – How long before the JWT token expires.