Description
Add a login endpoint that returns a JWT token. Protect task mutation endpoints so only authenticated users can create, update, or delete tasks.
What to do
Acceptance Criteria
POST /auth/login with valid credentials returns a JWT token
POST /tasks/ without a token returns 401 Unauthorized
POST /tasks/ with a valid token creates a task owned by the logged-in user
- A user trying to delete another user's task gets
403 Forbidden
Difficulty
🔴 Advanced
Description
Add a login endpoint that returns a JWT token. Protect task mutation endpoints so only authenticated users can create, update, or delete tasks.
What to do
pip install python-jose[cryptography] passlib[bcrypt]auth.pywith:create_access_token(data: dict) -> strget_current_user(token: str = Depends(oauth2_scheme)) -> UserPOST /auth/loginendpoint — acceptsusername(email) +password, returns{ "access_token": "...", "token_type": "bearer" }current_user: User = Depends(get_current_user):POST /tasks/PUT /tasks/{id}DELETE /tasks/{id}task.owner_id == current_user.id)Acceptance Criteria
POST /auth/loginwith valid credentials returns a JWT tokenPOST /tasks/without a token returns401 UnauthorizedPOST /tasks/with a valid token creates a task owned by the logged-in user403 ForbiddenDifficulty
🔴 Advanced