FastAPI 官方安全教程到 2026-03-28 仍然主推:
OAuth2PasswordBearer- JWT
- 密码哈希推荐
pwdlib + Argon2
from datetime import datetime, timedelta, timezone
from typing import Annotated
import jwt
from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from jwt.exceptions import InvalidTokenError
from pwdlib import PasswordHash
from pydantic import BaseModel
app = FastAPI()
SECRET_KEY = "replace-this-with-a-real-secret"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
password_hash = PasswordHash.recommended()认证流程可以类比成:
登录窗口
├── 用户提交账号密码
├── 系统核验密码哈希
├── 发一张 JWT 通行令牌
└── 后续请求带着 Bearer Token 进门