https://supertokens.com/ logo
Join Discord
Powered by
Hello, I'm using FastAPI and my goal is to impleme...
# support-questions-legacy
a
Hello, I'm using FastAPI and my goal is to implements by myself the route /auth/signup because I want it to be visible on the open-api swagger. Currently I don't have a front-end, so I'm only using the swagger. I'm struggling with get_session and create_new_session. After I log-in, get_session always returns None.
Copy code
py
class UserRegisterModel(BaseModel):
    email: str
    password: str


@router.post('/register')
async def register_user(
    request: Request,
    user: UserRegisterModel,
):
    email_password_quertier = Querier.get_instance('emailpassword')
    path = NormalisedURLPath('/recipe/signup')
    response = await email_password_quertier.send_post_request(path, user.dict())
    if response.get('status') == 'OK':
        user_id = response['user']['id']
        session = await create_new_session(
            request,
            user_id
        )
        return True
    raise Exception('user exists')

@router.post('/like_comment') 
async def like_comment(request: Request):
    session = await get_session(request, session_required=False)

    if session is None:
        raise Exception("Should never come here")
    user_id = session.get_user_id()

    print(user_id)
r
hey @Arti
so you do not need to call the core directly, we have functions like 
await sign_up(..)
which you can use instead. See this: https://supertokens.com/docs/python/recipe/emailpassword/asyncio/index.html
That being said, about the session issue: - Can i see the request and response headers of the 
register_user
API call as seen on chrome's network tab? - Can i see the supertokens.init on the backend? - Are you using our frontend SDK? And whats the supertokens.init on the frontend look like?
a
Thanks for the help and the quick answer. I will update my code to use 
sign_up
method and so. - request and response data I will send right now. - I don't use frontend SDK at the moment - this is my init:
Copy code
py
init(
    app_info=InputAppInfo(
        app_name=config.supertokens.app_name,
        api_domain=config.supertokens.api_domain,
        website_domain=config.supertokens.website_domain,
        api_base_path=config.supertokens.api_base_path,
        website_base_path=config.supertokens.website_base_path,
    ),
    supertokens_config=SupertokensConfig(
        connection_uri=config.supertokens.connection_uri,
        api_key=config.supertokens.api_key.get_secret_value(),
    ),
    framework='fastapi',
    recipe_list=[
        session.init(),
        emailpassword.init(),
        usermetadata.init(),
        dashboard.init(api_key=config.supertokens.api_key.get_secret_value())
    ],
    mode='asgi',
)
I managed to use 'get_session' successfully now, but I'm not sure it's the correct way.. added:
Copy code
py
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials

auth_scheme = HTTPBearer()


@router.post('/like_comment') 
async def like_comment(request: Request, token: HTTPAuthorizationCredentials = Depends(auth_scheme)):
    session = await get_session(request, session_required=False)

    if session is None:
        raise Exception("Should never come here")
    user_id = session.get_user_id()

    print(user_id)
and used 'st-access-token' from the previous response header
r
Right. So you sent the st-access-token from the login response as an authorizarion bearer token to the like comment api? That works
I would recommend that you use our frontend SDK as that will take care of refreshing for you
And you should add a refresh api as well to your backend which calls the refresh function from our SDK
a
I'm creating a server with some subdomains. And you can access server resource via API and not only from the frontend (not started working on the frontend yet) domains: frontend - mydomain.com backend - service.mydomain.com api - api.mydomain.com the user may use python to access api.mydomain.com, but he will need authorization
r
Right. So m2m auth is different it session auth. The create_new_session and get_session function is specifically tailored to be used with frontend to backend communication
You can always call get_session with required auth false, and if that returns None, then you can check for m2m auth
Either way, the frontend should use our frontend SDK, and you should create a refresh api for the frontend to call
a
thanks, for the frontend I will use the SDK for sure. Currently I'm focused on the backend and the API. My API is ready and I just need auth method. my design is that the user creates an account at the backend. the backend generates a permanent API-KEY for each user. then the user browse to '/token' route to get a JWT token for 7 days. And with the API-KEY and JWT Token, the user can query the API. I'm just confused a bit about how to manage this user supertokens
r
Well, in this case, don’t use our session recipe at all, and instead, use our JWT recipe which allows you to create jwts with any lifetime you want.
And using that, you can get your desired flow. In this case, you don’t even need to use our frontend SDK
But the part of a permanent api key, you will have to manage on your own.
a
thanks a lot! cool
another question please, where should I call refresh_token? when creating a new session or on endpoints that require authorization?
9 Views
PreviousNext
Powered by