-
-
Notifications
You must be signed in to change notification settings - Fork 6k
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make OAuth2PasswordBearer compatible with WebSocket objects #2587
Comments
We don't have the from fastapi.websockets import WebSocket
from fastapi import FastAPI
app = FastAPI()
@app.websocket("/ws")
async def websocket_endpoint(websocket: WebSocket):
print(websocket.headers)
await websocket.accept()
while True:
data = await websocket.receive_text()
await websocket.send_text(f"Message text was: {data}") For those who want to verify, run wtih: And establish a connection: |
I know, that's what I'm saying. |
It's not possible to implement it for What is possible to do is:
A "clean way" could be just returning P.S.: As soon as I saw your last message I tried to implement it, then I faced the mentioned issue. |
Your efforts are highly appreciated! I'm not very familiar with the internals of FastAPI, so I'm not sure which option is best for this use case. Should we keep this issue open for others to think along? |
Sure! 🤓 👍 |
Haven't used this myself, but you might have a look at: https://indominusbyte.github.io/fastapi-jwt-auth/advanced-usage/websocket/ |
Hi, just encountered this issue too. I am not familiar with FastAPI internals, but maybe it's worth adding websocket support when |
Also interested in this 👀 I maintain an authentication library which rely internally on I get questions from some users who don't understand why it's not working for websockets. It would be nice indeed if those security schemes could support websockets in some way. I get that there is a gotcha with the
I've not thought about it very much, so maybe it's totally wrong and it probably needs lot of changes in the codebase. Would be happy to help if needed though 😄 |
Just found out this PR on Starlette: encode/starlette#527 |
Clearly, that would definitely help! But it seems there are some blockers there. Not sure, how we could help though 😅 |
Any news about this? it would be great to be able to easily secure websocket routes |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
I'm trying to implement WebSockets.
Just like with HTTP, I use a header called 'X-Authorization' for my JWT token:
websocket.WebSocketApp("ws://localhost:5000/api/v1/subscriptions/", header={"X-Authorization": f"Bearer {token}"})
I inject a dependency called
get_current_user
. This dependency usesOAuth2PasswordBearer
(in line with documentation).This results in the following error:
... because
OAuth2PasswordBearer
always looks at theRequest
object, which we don't have when using WebSockets:fastapi/fastapi/security/oauth2.py
Line 153 in 5614b94
According to the documentation,
WebSocket
objects haveHeader
as well, so shouldn't we allow for looking at theWebSocket
object?The text was updated successfully, but these errors were encountered: