Authentication and Security on DATATWEETS

Authentication and Security on DATATWEETShttps://datatweets.com/courses/fastapi/authentication-and-security/Recent content in Authentication and Security on DATATWEETSHugoenCopyright (c) 2025 DatatweetsSun, 28 Jun 2026 09:00:00 +0200Lesson 1 - Security First Stepshttps://datatweets.com/courses/fastapi/authentication-and-security/lesson-1-security-first-steps/Fri, 14 Nov 2025 09:00:00 +0200https://datatweets.com/courses/fastapi/authentication-and-security/lesson-1-security-first-steps/Add authentication the standard way. Learn the OAuth2 password flow, build a /token login endpoint with OAuth2PasswordRequestForm, and require a token on a protected endpoint with OAuth2PasswordBearer.Lesson 2 - Password Hashing and the Current Userhttps://datatweets.com/courses/fastapi/authentication-and-security/lesson-2-password-hashing-and-current-user/Fri, 14 Nov 2025 09:00:00 +0200https://datatweets.com/courses/fastapi/authentication-and-security/lesson-2-password-hashing-and-current-user/Make login real and safe. Hash passwords with pwdlib and bcrypt, verify them at the token endpoint, and add a get_current_user dependency that resolves a token to a user and rejects invalid ones with 401.Lesson 3 - JWT Access Tokenshttps://datatweets.com/courses/fastapi/authentication-and-security/lesson-3-jwt-access-tokens/Fri, 14 Nov 2025 09:00:00 +0200https://datatweets.com/courses/fastapi/authentication-and-security/lesson-3-jwt-access-tokens/Replace the placeholder token with a real JSON Web Token. Encode a signed JWT with a subject and expiry using PyJWT, verify it on each request, and reject invalid or expired tokens with a 401.Lesson 4 - Protecting Routes and Scopeshttps://datatweets.com/courses/fastapi/authentication-and-security/lesson-4-protecting-routes-and-scopes/Fri, 14 Nov 2025 09:00:00 +0200https://datatweets.com/courses/fastapi/authentication-and-security/lesson-4-protecting-routes-and-scopes/Authorization, not just authentication. Protect routes by depending on the current user, add role or permission checks as a layered dependency that returns 403, and understand 401 versus 403 — plus where OAuth2 scopes fit.Lesson 5 - Guided Project: Auth-Protected APIhttps://datatweets.com/courses/fastapi/authentication-and-security/lesson-5-guided-project-auth-protected-api/Fri, 14 Nov 2025 09:00:00 +0200https://datatweets.com/courses/fastapi/authentication-and-security/lesson-5-guided-project-auth-protected-api/The sixth version of the course project: a fully auth-protected Tasks API. Users register with a hashed password, log in for a JWT, and reach protected task endpoints; an admin-only delete shows role-based authorization.