base#

class starlite.security.base.AbstractSecurityConfig#

Bases: ABC, Generic[UserType, AuthType], GenericModel

A base class for Security Configs - this class can be used on the application level or be manually configured on the router / controller level to provide auth.

authentication_middleware_class: Type[AbstractAuthenticationMiddleware]#

The authentication middleware class to use.

Must inherit from AbstractAuthenticationMiddleware

guards: Optional[Iterable[Callable[[Any, Any], Union[None, Awaitable[None]]]]]#

An iterable of guards to call for requests, providing authorization functionalities.

exclude: Optional[Union[str, List[str]]]#

A pattern or list of patterns to skip in the authentication middleware.

exclude_opt_key: str#

An identifier to use on routes to disable authentication and authorization checks for a particular route.

scopes: WEBSOCKET: 'websocket'>]]]#

ASGI scopes processed by the authentication middleware, if None, both http and websocket will be processed.

route_handlers: Optional[Iterable[Union[Type[Any], Any, Callable[[...], Any]]]]#

An optional iterable of route handlers to register.

dependencies: Optional[Dict[str, Provide]]#

An optional dictionary of dependency providers.

retrieve_user_handler: Callable[[Any, ASGIConnection], Union[Any, None, Awaitable[Optional[Any]]]]#

Callable that receives the auth value from the authentication middleware and returns a user value.

Notes

  • User and Auth can be any arbitrary values specified by the security backend.

  • The User and Auth values will be set by the middleware as scope["user"] and scope["auth"] respectively. Once provided, they can access via the connection.user and connection.auth properties.

  • The callable can be sync or async. If it is sync, it will be wrapped to support async.

type_encoders: Optional[Dict[Any, Callable[[Any], Any]]]#

A mapping of types to callables that transform them into types supported for serialization.

on_app_init(app_config: AppConfig) AppConfig#

Handle app init by injecting middleware, guards etc. into the app. This method can be used only on the app level.

Parameters:

app_config – An instance of AppConfig

Returns:

The AppConfig.

create_response(content: Optional[Any], status_code: int, media_type: Union[MediaType, OpenAPIMediaType, str], headers: Optional[Dict[str, Any]] = None, cookies: Optional[ResponseCookies] = None) Response[Any]#

Create a response object.

Handles setting the type encoders mapping on the response.

Parameters:
  • content – A value for the response body that will be rendered into bytes string.

  • status_code – An HTTP status code.

  • media_type – A value for the response ‘Content-Type’ header.

  • headers – A string keyed dictionary of response headers. Header keys are insensitive.

  • cookies – A list of Cookie instances to be set under the response ‘Set-Cookie’ header.

Returns:

A response object.

classmethod validate_retrieve_user_handler(value: Callable[[AuthType], Union[UserType, Awaitable[UserType]]]) Any#

Ensure that the passed in value does not get bound.

Parameters:

value – A callable fulfilling the RetrieveUserHandler type.

Returns:

An instance of AsyncCallable wrapping the callable.

abstract property openapi_components: Components#

Create OpenAPI documentation for the JWT auth schema used.

Returns:

An Components instance.

abstract property security_requirement: SecurityRequirement#

Return OpenAPI 3.1.

SecurityRequirement for the auth backend.

Returns:

An OpenAPI 3.1 SecurityRequirement dictionary.

abstract property middleware: DefineMiddleware#

Create an instance of the config’s authentication_middleware_class attribute and any required kwargs, wrapping it in Starlite’s DefineMiddleware.

Returns:

An instance of DefineMiddleware.