Skip to content

Add JWT authentication — login and protected endpoints #11

Description

@Navashub

Description

Add a login endpoint that returns a JWT token. Protect task mutation endpoints so only authenticated users can create, update, or delete tasks.

What to do

  • Add dependencies: pip install python-jose[cryptography] passlib[bcrypt]
  • Create auth.py with:
    • create_access_token(data: dict) -> str
    • get_current_user(token: str = Depends(oauth2_scheme)) -> User
  • Add POST /auth/login endpoint — accepts username (email) + password, returns { "access_token": "...", "token_type": "bearer" }
  • Protect these endpoints with current_user: User = Depends(get_current_user):
    • POST /tasks/
    • PUT /tasks/{id}
    • DELETE /tasks/{id}
  • Users may only update or delete their own tasks (check task.owner_id == current_user.id)

Acceptance Criteria

  • POST /auth/login with valid credentials returns a JWT token
  • POST /tasks/ without a token returns 401 Unauthorized
  • POST /tasks/ with a valid token creates a task owned by the logged-in user
  • A user trying to delete another user's task gets 403 Forbidden

Difficulty

🔴 Advanced

Metadata

Metadata

Assignees

No one assigned

    Labels

    advancedAuth, testing, DevOpsbackendPython / FastAPI worksecurityAuth, hashing, JWT

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions