Skip to content

2024

#229: OAuth2 and JWT to Protect a FastAPI Application

The HTTP basic authentication from last week has been working, but it feels a bit messy. When we search for a more current style of authentication, we end up with OAuth2 and JWT. There is an example in the FastAPI documentation that I changed a bit to use a different library for JWT, store the secret key in a .env file and use BCrypt to hash the passwords.

#227: Hash a Password With Bcrypt

When it comes to authentication, we often find some form of username and password as the backbone of the solution. Before we dive into those examples, I like to make a detour and first explain how we can securely hash passwords in Python. While it is possible to just store passwords as plaintext for an example application, such hacks tend to get into production and that would be a disaster waiting to happen. Let us do it the right way directly from the start and always hash our passwords.

#220: Manage To-Dos With FastAPI

After covering the basics of FastAPI, it is now time to do something more elaborate. For that purpose, we create a minimalistic to-do task tracker that let us work against an in-memory data store. To save us the time to constantly click in the browser, we will do this exercise by first writing a test and then create the implementation using the test-first approach.