Token undefined?

[dglubokov]

First check

• I used the GitHub search to find a similar issue and didn't find it.
• I searched the FastAPI documentation, with the integrated search.
• I already searched in Google "How to X in FastAPI" and didn't find any information.

Description

When I try to run read_user_me on "/me" endpoint, an undefined (empty?) Token enters the function get_current_user (I saw it in debuger 'token='undefined') and after this I get "Authorization: Bearer undefined"

I definitely can’t understand if this is a bug, or an error in my code. Maybe I should use cookies...

python 3.8
last versions of libs

....
oauth2_scheme = OAuth2PasswordBearer(
    tokenUrl="/token",
    scopes={"me": "Read information about the current user."},
)


async def get_current_user(
    security_scopes: SecurityScopes,
    token: str = Depends(oauth2_scheme)
):
    pb_key = usecases.users.GetPublicKey().execute()
    if security_scopes.scopes:
        authenticate_value = f'Bearer scope="{security_scopes.scope_str}"'
    else:
        authenticate_value = f"Bearer"
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Doesn't work :'(",
        headers={"WWW-Authenticate": authenticate_value},
    )
    try:
        payload = jwt.decode(token, pb_key, algorithms=['RS256'])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_scopes = payload.get("scopes", [])
        token_data = entities.TokenData(scopes=token_scopes, username=username)
    except (PyJWTError, ValidationError):
        raise credentials_exception
    user = usecases.users.ReadByUsername().execute(user_name=username)
    for scope in security_scopes.scopes:
        if scope not in token_data.scopes:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail="Not enough permissions",
                headers={"WWW-Authenticate": authenticate_value},
            )
    return user


app = FastAPI(default_response_class=JSONAPIResponse)


@app.post(
    "/token",
    response_model=entities.Token,
    tags=["auth"]
)
async def login_for_access_token(
    from_data: OAuth2PasswordRequestForm = Depends()
):
    token = users_usecases.AuthUser().execute(
        user_name=from_data.username,
        password=from_data.password
    )
    return token.value.dict()


@app.get(
    "/me",
    response_model=users_presenter.UserJSONObject
)
async def read_user_me(
    current_user: users_presenter.UserJSONObject = Security(
        get_current_user,
        scopes=["me"]
    )
):
    return JSONAPIConverter().serialize(current_user)
....

Additional context

I have JSON-API entities and classes of user cases for manipulating data from the database

[phy25]

This undefined does not look like Python generated. Did you test this with a browser (since you did not mention how you test this)?

[dglubokov]

I test this with a browser, of course. I changed my code and now I have:

async def login_for_access_token(
    from_data: OAuth2PasswordRequestForm = Depends()
):
    token = users_usecases.AuthUser().execute(
        user_name=from_data.username,
        password=from_data.password
    )
    return {"access_token": token.value, "token_type": "bearer"}

This code looks like the code from the offical tutorial. Perhaps the problem is parsing entities. At the output, I got JSON: API entity, and now just what was in the tutorial and it worked.

[dglubokov]

I think I should create new bug issue. I took the code from the official tutorial and replaced the output values for the endpoint:

@app.post("/token")
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
    user = authenticate_user(fake_users_db, form_data.username, form_data.password)
    if not user:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username, "scopes": form_data.scopes},
        expires_delta=access_token_expires,
    )
    return {
        "data": {
            "id": "1",
            "types": "tokens",
            "attributes": {
                "value": access_token
            }
        }
    } 

Perhaps there is no mistake and I just do not fully understand how the dependencies work.
I call @tiangolo to help me understand this strange code behavior.

[tiangolo]

Thanks for the help here @phy25 ! 🙇

@idmitryz please provide a simple, self-contained example that shows your error, otherwise, it's very difficult to guess what might be wrong.

[github-actions[bot]]

Assuming the original issue was solved, it will be automatically closed now. But feel free to add more comments or create new issues.

[phretor]

Actually, I'm noticing the same issue. Can anybody post how they solved it?

[coryvirok]

If it helps, I just ran into this and it was because the Swagger-UI was not adding the token to the Authorization header. It was doing this because I had the Token() model from the example in the docs but I was also using an alias generator that was camelCasing the response.

class Token(BaseModel):
    access_token: str
    token_type: str

    class Config:
        alias_generator = camel.case

https://stackoverflow.com/questions/59808854/swagger-authorization-bearer-not-send#:~:text=In%20the%20cURL%20request%20you,header%2C%20it%20cannot%20be%20found.

[einsone]

{
    "access_token": "token",
    "token_type": "bearer"
}

above works well.

the following results in : -H 'Authorization: Bearer undefined'

{
    "errcode": 10000,
    "errmsg": "",
    "data": {
        "access_token": "token",
        "token_type": "bearer"
    }
}

[abhinand-balachandran]

@einsone did you find a way to solve this problem?

[usiqwerty]

Token endpoint should return token with "access_token" key.
Swagger doesn't show any message if it can't parse token and just fills it with undefined (a regular JS thing)