session_auth#

class starlite.security.session_auth.SessionAuth#

Bases: Generic[UserType], AbstractSecurityConfig[UserType, Dict[str, Any]]

Session Based Security Backend.

session_backend_config: BaseBackendConfig#

A session backend config.

authentication_middleware_class: Type[SessionAuthMiddleware]#

The authentication middleware class to use.

Must inherit from SessionAuthMiddleware

property middleware: DefineMiddleware#

Use this property to insert the config into a middleware list on one of the application layers.

Examples

Returns:

An instance of DefineMiddleware including self as the config kwarg value.

property session_backend: BaseSessionBackend#

Create a session backend.

Returns:

A subclass of BaseSessionBackend

property openapi_components: Components#

Create OpenAPI documentation for the Session Authentication schema used.

Returns:

An Components instance.

property security_requirement: Dict[str, List[str]]#

Return OpenAPI 3.1.

SecurityRequirement for the auth backend.

Returns:

An OpenAPI 3.1 SecurityRequirement dictionary.

class starlite.security.session_auth.middleware.SessionAuthMiddleware#

Bases: AbstractAuthenticationMiddleware

Session Authentication Middleware.

__init__(app: ASGIApp, exclude: ~typing.Optional[~typing.Union[str, ~typing.List[str]]], exclude_opt_key: str, scopes: ~typing.Optional[~typing.Set[~typing.Literal[<ScopeType.HTTP: 'http'>, <ScopeType.WEBSOCKET: 'websocket'>]]], retrieve_user_handler: AsyncCallable[[Dict[str, Any], ASGIConnection[Any, Any, Any]], Awaitable[Any]])#

Session based authentication middleware.

Parameters:

  • app – An ASGIApp, this value is the next ASGI handler to call in the middleware stack.

  • exclude – A pattern or list of patterns to skip in the authentication middleware.

  • exclude_opt_key – An identifier to use on routes to disable authentication and authorization checks for a particular route.

  • scopes – ASGI scopes processed by the authentication middleware.

  • retrieve_user_handler – Callable that receives the session value from the authentication middleware and returns a user value.

async authenticate_request(connection: ASGIConnection[Any, Any, Any]) AuthenticationResult#

Authenticate an incoming connection.

Parameters:

connection – A Starlette HTTPConnection instance.

Raises:

NotAuthorizedException <starlite.exceptions.NotAuthorizedException> – if session data is empty or user is not found.

Returns:

AuthenticationResult