Connecting js frontend to fastapi application - authentication problem

Question

I followed the steps described at https://fastapi.tiangolo.com/tutorial/security/oauth2-jwt/ and have it pretty much copy-pasted.

I have a login page with the following form:

...
<form class="login_form" id="login_form">
  <div class="username_div">
    <input type="text" id="username_id" name="username" placeholder="Username"><br>
  </div>
  <div class="password_div">
    <input type="password" id="password_id" name="password" placeholder="Password">
  </div>
  <div class="btn_div">
    <input type="button" id="btn_id" value="Login" class="login_btn" onclick="token()">
  </div>
</form>
...

I have a js file which can successfully get the token:

function token() {
    fetch('/token', {
        method: 'POST',
        headers: {
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        body: 'username=test&password=test'
    }).then(res => {
        return res.json();
    }).then(json => {
        console.log(json['access_token']);
    });
}

Now when I add

window.location.href = "/users/me/";

after the console.log(json['access_token]); I get a "not authenticated".

As far as I understand I need to somehow pass the token to the fastapi part. How do I do that?

EDIT:

So I got a couple of things confused here. But I am now able to print the user data by using the following code:

function token() {
    fetch('/token', {
        method: 'POST',
        headers: {
            'accept': 'application/json',
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        body: 'grant_type=&username=test&password=test&scope=&client_id=&client_secret='
    }).then(res => {
        return res.json();
    }).then(json => {
        console.log(json['access_token']);
        fetch('/users/me', {
            method: 'GET',
            headers: {
                'accept': 'application/json',
                'Authorization': 'Bearer ' + json['access_token']
            }
        }).then(res => {
            return res.json();
        }).then(json => {
            console.log(json);
        });
    });
}

I still don't know how to get to a new page (that needs authorization) after adding my credentials in my login page. Could you help me out here?

You add window.location.href where? Also, that is used to navigate from one page to another. Last but not least, where are you storing the token? In the function you are only printing the access token on the screen. You need it to send further requests to the server — lsabi, Apr 15 '21 at 06:53
> You add window.location.href where? | In the token function in the end of the last .then() | > that is used to navigate from one page to another | I know, I want to redirect to the next page after the login | > where are you storing the token | For now I only want to store the token in the browser memory, so no cookies, local- or sessionstorage — David Peters, Apr 15 '21 at 07:46
If you don't store it in the cookie or the session, how can the server tell weather you're the same user or not? Basically, you're logging in, getting the token, throwing the token away and navigating to another page without providing the access token — lsabi, Apr 15 '21 at 09:30
As far as I understand this [post](https://mannharleen.github.io/2020-03-19-handling-jwt-securely-part-1/) (Option 4) says I can use in-memory for the token. Also I edited my question. I now know how to authorize myself using `fetch` but how do I do it when I want to access a html page? — David Peters, Apr 15 '21 at 10:16
Depends on what you are using. In the end, the cookie is the simplest way. Otherwise, use fetch to fetch every single page — lsabi, Apr 15 '21 at 11:10
Yes, I can fetch the content of a page and set it to the innerHTML of the current page, but by doing this I still stay on the same page. So there is no way to redirect to another page with the credentials without using cookies? When I log in to stack overflow I am on the page "/login" and then I get redirected to my "/userpage" -> so they are doing this with cookies? There is no other way? — David Peters, Apr 15 '21 at 11:29

score 0 · Accepted Answer · answered Apr 15 '21 at 11:46

0

So adding a custom header to a redirect is not possible according to this post. Looks like I will need to use a cookie.

Many thanks to @Isabi.

answered Apr 15 '21 at 11:46

David Peters

90
1
6

Connecting js frontend to fastapi application - authentication problem

1 Answers1