Implement a reference JWT based authentication for FastAPI

[devraj]

Initially we went down the path of using FastAPI JWT Auth a well implemented authentication layer for FastAPI, which also handles CSRF. Dependabot raised concerns around the version of PyJWT that's referenced by this project.

The project looks abandoned, with several pull requests that have been ignored for a while. To follow up I attempted to contact the maintainer of the project and did not hear back from him.

We had aspirations of standardising on this library with tickets to document the patterns in #34 #33 and #25

Given these facts it would be unwise to standardise on the library and revert back to implementing our own solution.

The team at Anomaly had used fastapi-csrf-protect in the past, it would also be recommended to study the relevance of this implementation before deciding to use it.

FastAPI docs have many guides around the security measures. As such at the moment we are closing the above tickets and continuing with our own implementation.

Resources:

• FastAPI JWT tutorial
• Reference implementation from above video
• How to Add JWT Authentication in FastAPI – A Practical Guide

[devraj]

Upon review I found FastAPI Auth middleware with documentation. Basic evaluation:

• Depends on the latest version of python-jose which was updated in June 2021 (other libraries were using pyjwt, haven't looked into the differences)
• Project seems active with last release in April 2022
• Has a consulting company that focuses on Python projects
• Has multiple contributors
• API looks nice and easy to work with

It's worth considering if we can depend on this project before we jump into writing our implementation.

Some other references documentation found:

• CSRF Protection and Sessions
• Create a middleware
• Securing FastAPI with JWT Token-based Authentication
• How to Add JWT Authentication in FastAPI – A Practical Guide

[devraj]

Merging with #52