This is a simple RESTful API built with Flask that provides user registration, login, and token-based authentication. It allows users to register, log in, and access protected endpoints by providing a valid access token.
-
Clone the repository:
git clone https://github.com/PralinKhaira/Authentication-and-Authorization-API.git
-
Navigate to the project directory:
cd Authentication-and-Authorization-API
-
Install the required dependencies:
pip install -r requirements.txt
-
Start the server:
python app.py
-
The API is now running locally at
http://localhost:5000
.
Endpoint: POST /register
Register a new user by sending a JSON payload with the following fields:
{
"username": "your-username",
"email": "[email protected]",
"password": "your-password"
}
Endpoint: POST /login
Log in with an existing user by sending a JSON payload with the following fields:
{
"username": "your-username",
"password": "your-password"
}
The response will contain an access token that can be used for authentication.
Endpoint: GET /protected
Access a protected endpoint by including the access token in the Authorization
header of the request:
curl -X GET http://localhost:5000/protected -H "Authorization: Bearer your-access-token"
Contributions are welcome! If you find a bug or want to enhance the functionality of this API, feel free to open an issue or submit a pull request.
Version 1.0 -
User registration
: Allows users to register by providing username, email, and password.User login
: Authenticates users by verifying their username/email and password.Token-based authentication
: Generates and returns a token for authenticated users.User storage
: Stores registered users in a list (database integration can be added).JSON response
: Returns JSON responses for registration, login, and other API endpoints.Flask framework
: Utilizes the Flask framework for building the API.Basic implementation
: Provides a starting point for implementing authentication and authorization features.
Version 1.1 -
- In this updated code, I've added the following changes:
- Imported the necessary libraries:
JWTManager
from flask_jwt_extended for token management andgenerate_password_hash
andcheck_password_hash
from werkzeug.security for password hashing. - Configured the
JWT secret key
using app.config['JWT_SECRET_KEY']. Make sure to replace 'your_secret_key_here' with a secure secret key in your actual implementation. - Modified the
/register
route to hash the password usinggenerate_password_hash
before storing it in the database. - Modified the
/login
route to check the hashed password usingcheck_password_hash
and generate an access token using create_access_token. - Added the
@jwt_required decorator
to the/protected route
to ensure authentication is required to access this endpoint. Theget_jwt_identity()
function is used to retrieve the current user's identity from the token.
This project is licensed under the MIT License.