Authentication
Secure JWT-based authentication with refresh token rotation.
Overview
ForgeAPI implements a secure authentication system using JSON Web Tokens (JWT) with refresh token rotation for enhanced security.
Security First
All passwords are hashed using bcrypt. Tokens are signed with a secret key and have configurable expiration times.
Auth Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /api/v1/auth/register | Register a new user |
POST | /api/v1/auth/login | Login and get tokens |
POST | /api/v1/auth/refresh | Refresh access token |
POST | /api/v1/auth/logout | Invalidate refresh token |
JWT Flow
app/core/security.py
from datetime import datetime, timedelta
from jose import jwt
from passlib.context import CryptContext
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
def create_access_token(data: dict, expires_delta: timedelta = None):
to_encode = data.copy()
expire = datetime.utcnow() + (expires_delta or timedelta(minutes=15))
to_encode.update({"exp": expire})
return jwt.encode(to_encode, SECRET_KEY, algorithm="HS256")
def verify_password(plain: str, hashed: str) -> bool:
return pwd_context.verify(plain, hashed)OAuth Support
ForgeAPI supports OAuth 2.0 providers out of the box:
- Google OAuth
- GitHub OAuth
- Custom OAuth providers (extensible)
Configure OAuth credentials in your
.env file using the provided template.