FastAPI JWT Auth

0.5.0 verified Fri May 01 auth: no python

FastAPI extension that provides JWT Auth support. Current version is 0.5.0, release cadence is irregular. It supports access/refresh tokens, token freshness, denylist/revocation, WebSocket authorization, and configurable JWT claims.

pip install fastapi-jwt-auth

Common errors

error AttributeError: module 'fastapi_jwt_auth' has no attribute 'AuthJWT' ↓

cause Incorrect import path, likely due to old documentation or wrong module structure.

fix

Use from fastapi_jwt_auth import AuthJWT. The import is directly at package level.

error AttributeError: 'AuthJWT' object has no attribute 'get_jwt_identity' ↓

cause Function renamed to `get_jwt_subject()` in version 0.3.0.

fix

Replace get_jwt_identity() with get_jwt_subject().

error JWTDecodeError: Signature verification failed ↓

cause The `authjwt_secret_key` used to create the token does not match the key used to decode it.

fix

Ensure that the same authjwt_secret_key is set in both the token creation and verification environments.

Warnings

breaking In v0.3.0, `get_jwt_identity()` was renamed to `get_jwt_subject()`. The old name no longer works. ↓

fix Use `get_jwt_subject()` instead of `get_jwt_identity()`.

breaking In v0.3.0, `load_end()` was renamed to `load_config()`. The old name no longer works. ↓

fix Use `@AuthJWT.load_config` decorator instead of `@AuthJWT.load_end`.

breaking In v0.3.0, `blacklist` was renamed to `denylist`. All functions and configuration referring to 'blacklist' are deprecated and removed. ↓

fix Replace any 'blacklist' references with 'denylist' (e.g., `denylist_enabled`, `denylist_token_verifier`).

gotcha The `create_access_token` and `get_jti` functions must be called from inside a FastAPI endpoint with the AuthJWT dependency injected. They cannot be imported and called standalone. ↓

fix Always use `Depends()` to inject AuthJWT into your route handler.

gotcha Environment variable support was deprecated in v0.3.0. Loading settings via environment variables directly is no longer supported; use a Pydantic model with `@AuthJWT.load_config`. ↓

fix Define a Pydantic BaseModel with your settings and decorate it with `@AuthJWT.load_config`.

Imports

AuthJWT

wrong

from fastapi_jwt_auth.auth import AuthJWT

correct

from fastapi_jwt_auth import AuthJWT

AuthJWT is exported at package level, not from submodule

AuthJWTBearer

wrong

from fastapi_jwt_auth.bearer import AuthJWTBearer

correct

from fastapi_jwt_auth import AuthJWTBearer

AuthJWTBearer is exported from package, not from bearer submodule

Quickstart

Minimal FastAPI app with JWT authentication using fastapi-jwt-auth.

from fastapi import FastAPI, Depends
from fastapi_jwt_auth import AuthJWT
from pydantic import BaseModel

app = FastAPI()

class Settings(BaseModel):
    authjwt_secret_key: str = "secret"

@AuthJWT.load_config
def get_config():
    return Settings()

@app.post("/login")
def login(auth: AuthJWT = Depends()):
    access_token = auth.create_access_token(subject="test")
    return {"access_token": access_token}

@app.get("/protected")
def protected(auth: AuthJWT = Depends()):
    auth.jwt_required()
    current_user = auth.get_jwt_subject()
    return {"user": current_user}