{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"jwtlib/","title":"Jwtlib","text":""},{"location":"jwtlib/#jwtlib","title":"jwtlib","text":""},{"location":"jwtlib/#jwtlib--jwtlib-a-framework-agnostic-jwt-authentication-library","title":"jwtlib: A framework-agnostic JWT authentication library","text":"

jwtlib provides a set of pure logic components for handling JWT discovery, user registration, login, and token introspection. It is designed to be decoupled from any specific web framework (like FastAPI or Flask).

"},{"location":"jwtlib/#jwtlib--features","title":"Features","text":""},{"location":"jwtlib/#jwtlib--installation","title":"Installation","text":"
pip install py-jwt\n
"},{"location":"jwtlib/#jwtlib--quick-start","title":"Quick Start","text":"
import asyncio\nfrom jwtlib import login_user, LoginRequest\n\nasync def main():\n    request = LoginRequest(username=\"admin\", password=\"password\")\n    response = await login_user(request)\n    print(f\"Access Token: {response.access_token}\")\n\nif __name__ == \"__main__\":\n    asyncio.run(main())\n
"},{"location":"jwtlib/#jwtlib.AuthError","title":"AuthError","text":"

Bases: Exception

Base authentication and authorization error.

All authentication-related exceptions raised by this library inherit from this class.

Consumers may catch this exception to handle all auth failures uniformly, or catch more specific subclasses for finer control.

"},{"location":"jwtlib/#jwtlib.IntrospectRequest","title":"IntrospectRequest","text":"

Bases: BaseModel

Payload for requesting token introspection.

Used by internal services to verify the validity of a JWT and retrieve the associated public user information.

Fields

token: JWT access token to introspect.

Notes "},{"location":"jwtlib/#jwtlib.IntrospectResponse","title":"IntrospectResponse","text":"

Bases: BaseModel

Result of a token introspection operation.

This model communicates whether a JWT is valid and, if so, provides the associated public user information.

Fields

active: Indicates whether the token is valid and active. user: Public user details if the token is valid; otherwise null.

Notes "},{"location":"jwtlib/#jwtlib.InvalidToken","title":"InvalidToken","text":"

Bases: AuthError

Raised when a JWT is missing, malformed, expired, or invalid.

This error indicates that the provided token cannot be used to authenticate a request.

"},{"location":"jwtlib/#jwtlib.LoginRequest","title":"LoginRequest","text":"

Bases: IdentityMixin, PasswordMixin

Payload for authenticating a user and issuing a JWT.

This model is used to verify user credentials and request an access token.

Fields

username: Username identifier. password: Plain-text password to be verified.

Notes "},{"location":"jwtlib/#jwtlib.LoginResponse","title":"LoginResponse","text":"

Bases: BaseModel

Response returned after successful authentication.

Contains the issued JWT access token and the authenticated user's public profile.

Fields

access_token: JWT access token for authenticated requests. user: Public profile of the authenticated user.

Notes "},{"location":"jwtlib/#jwtlib.LogoutResponse","title":"LogoutResponse","text":"

Bases: BaseModel

Response returned after a logout operation.

Since logout is stateless, this response serves only as a confirmation message instructing the client to discard its token.

Fields

message: Human-readable logout confirmation.

"},{"location":"jwtlib/#jwtlib.PublicUser","title":"PublicUser","text":"

Bases: IdentityMixin, ActiveStateMixin

Public-facing user representation returned by authentication APIs.

This model represents a user profile that is safe to expose outside the authentication system.

Fields

username: Unique username identifier. email: User's email address. is_active: Whether the user account is active.

Notes "},{"location":"jwtlib/#jwtlib.RegisterRequest","title":"RegisterRequest","text":"

Bases: IdentityMixin, PasswordMixin

Payload for registering a new user account.

This model contains the minimum required identity and credential information to create a new user.

Fields

username: Unique username identifier. email: User's email address. password: Plain-text password (to be hashed by the repository layer).

Notes "},{"location":"jwtlib/#jwtlib.TokenPayload","title":"TokenPayload","text":"

Bases: BaseModel

Decoded JWT payload.

Represents the validated claims extracted from a JWT after signature verification. This model is used internally to enforce required claims and provide a typed interface to token data.

Fields

sub: Subject claim identifying the user (typically a username or user ID). exp: Expiration time as a Unix timestamp (seconds since epoch).

Notes "},{"location":"jwtlib/#jwtlib.User","title":"User","text":"

Bases: BaseDocument, IdentityMixin, ActiveStateMixin

Internal user persistence model.

Represents a user record as stored in the database. This model includes sensitive fields and is strictly confined to the persistence layer.

Fields

hashed_password: Secure hash of the user's password.

Notes "},{"location":"jwtlib/#jwtlib.UserNotFound","title":"UserNotFound","text":"

Bases: AuthError

Raised when a valid token does not map to an existing user.

Indicates that authentication succeeded at the token level, but the associated user record could not be resolved.

"},{"location":"jwtlib/#jwtlib.authenticate_request","title":"authenticate_request async","text":"
authenticate_request(should_skip_authentication: Callable[[str, str], bool], *, method: str, path: str, authorization_token: Optional[str]) -> Optional[PublicUser]\n

Authenticate an incoming request using token introspection.

Determines whether authentication should be skipped for the given request context and, if not, resolves the authenticated user via token introspection.

Parameters:

Name Type Description Default should_skip_authentication Callable[[str, str], bool]

Callable that decides whether authentication is required for a given HTTP method and path.

required method str

HTTP method of the incoming request.

required path str

Request path.

required authorization_token Optional[str]

JWT access token provided by the caller.

required

Returns:

Type Description Optional[PublicUser]

PublicUser if authentication succeeds.

Optional[PublicUser]

None if authentication is skipped.

Raises:

Type Description InvalidToken

If authentication is required but the token is missing, invalid, or revoked.

AuthServiceUnavailable

If the auth service cannot be reached.

Notes "},{"location":"jwtlib/#jwtlib.get_logged_in_user","title":"get_logged_in_user async","text":"
get_logged_in_user(token: str, repo: Optional[UserRepository] = None) -> PublicUser\n

Resolve the currently authenticated user from a JWT.

Validates the provided JWT, extracts its subject, and resolves the corresponding user from persistence.

Parameters:

Name Type Description Default token str

JWT access token.

required repo Optional[UserRepository]

Optional user repository instance. If not provided, a default repository is obtained via dependency utilities.

None

Returns:

Type Description PublicUser

The authenticated user as a PublicUser.

Raises:

Type Description InvalidToken

If the token is missing, malformed, or invalid.

AuthError

If the token is valid, but the user cannot be resolved.

"},{"location":"jwtlib/#jwtlib.introspect_token","title":"introspect_token async","text":"
introspect_token(token: str, repo: Optional[UserRepository] = None) -> IntrospectResponse\n

Introspect a JWT for service-to-service authentication.

Validates the provided token and resolves the associated user, returning a structured introspection response suitable for internal service use.

This function never raises authentication exceptions. Instead, it returns a typed response indicating token validity and user presence.

Parameters:

Name Type Description Default token str

JWT access token to introspect.

required repo Optional[UserRepository]

Optional user repository instance. If not provided, a default repository is obtained via dependency utilities.

None

Returns:

Type Description IntrospectResponse

IntrospectResponse indicating one of:

IntrospectResponse IntrospectResponse IntrospectResponse "},{"location":"jwtlib/#jwtlib.login_user","title":"login_user async","text":"
login_user(user: LoginRequest, repo: Optional[UserRepository] = None) -> LoginResponse\n

Authenticate a user and issue an access token.

Verifies the provided credentials and returns a JWT access token on success.

Parameters:

Name Type Description Default user LoginRequest

Login payload containing username and password.

required repo Optional[UserRepository]

Optional user repository instance. If not provided, a default repository is obtained via dependency utilities.

None

Returns:

Type Description LoginResponse

LoginResponse containing the issued access token and related metadata.

Raises:

Type Description AuthError

If the credentials are invalid.

"},{"location":"jwtlib/#jwtlib.logout_user","title":"logout_user async","text":"
logout_user() -> LogoutResponse\n

Perform a stateless logout.

This function does not invalidate tokens server-side. Instead, it provides a standardized response indicating that the client must discard its token.

Returns:

Type Description LogoutResponse

LogoutResponse containing a logout confirmation message.

"},{"location":"jwtlib/#jwtlib.register_user","title":"register_user async","text":"
register_user(user: RegisterRequest, repo: Optional[UserRepository] = None) -> PublicUser\n

Register a new user.

Creates a new user record using the provided registration data.

Parameters:

Name Type Description Default user RegisterRequest

Registration payload containing username, email, and password.

required repo Optional[UserRepository]

Optional user repository instance. If not provided, a default repository is obtained via dependency utilities.

None

Returns:

Type Description PublicUser

The newly created user as a public user representation.

"},{"location":"jwtlib/app/","title":"App","text":""},{"location":"jwtlib/app/#jwtlib.app","title":"jwtlib.app","text":"

Application-level authentication logic.

This module contains pure authentication and introspection logic with no framework or transport coupling. It is intended to be used by HTTP adapters, CLIs, background workers, and other services that require JWT-based authentication and user resolution.

Responsibilities: - User registration and login - Stateless logout semantics - Current-user resolution from JWTs - Service-to-service token introspection

This module does NOT: - Define HTTP routes - Manage sessions - Perform request parsing or response formatting - Handle transport-level concerns

All functions are async-safe and fully typed.

"},{"location":"jwtlib/app/#jwtlib.app.get_logged_in_user","title":"get_logged_in_user async","text":"
get_logged_in_user(token: str, repo: Optional[UserRepository] = None) -> PublicUser\n

Resolve the currently authenticated user from a JWT.

Validates the provided JWT, extracts its subject, and resolves the corresponding user from persistence.

Parameters:

Name Type Description Default token str

JWT access token.

required repo Optional[UserRepository]

Optional user repository instance. If not provided, a default repository is obtained via dependency utilities.

None

Returns:

Type Description PublicUser

The authenticated user as a PublicUser.

Raises:

Type Description InvalidToken

If the token is missing, malformed, or invalid.

AuthError

If the token is valid, but the user cannot be resolved.

"},{"location":"jwtlib/app/#jwtlib.app.introspect_token","title":"introspect_token async","text":"
introspect_token(token: str, repo: Optional[UserRepository] = None) -> IntrospectResponse\n

Introspect a JWT for service-to-service authentication.

Validates the provided token and resolves the associated user, returning a structured introspection response suitable for internal service use.

This function never raises authentication exceptions. Instead, it returns a typed response indicating token validity and user presence.

Parameters:

Name Type Description Default token str

JWT access token to introspect.

required repo Optional[UserRepository]

Optional user repository instance. If not provided, a default repository is obtained via dependency utilities.

None

Returns:

Type Description IntrospectResponse

IntrospectResponse indicating one of:

IntrospectResponse IntrospectResponse IntrospectResponse "},{"location":"jwtlib/app/#jwtlib.app.login_user","title":"login_user async","text":"
login_user(user: LoginRequest, repo: Optional[UserRepository] = None) -> LoginResponse\n

Authenticate a user and issue an access token.

Verifies the provided credentials and returns a JWT access token on success.

Parameters:

Name Type Description Default user LoginRequest

Login payload containing username and password.

required repo Optional[UserRepository]

Optional user repository instance. If not provided, a default repository is obtained via dependency utilities.

None

Returns:

Type Description LoginResponse

LoginResponse containing the issued access token and related metadata.

Raises:

Type Description AuthError

If the credentials are invalid.

"},{"location":"jwtlib/app/#jwtlib.app.logout_user","title":"logout_user async","text":"
logout_user() -> LogoutResponse\n

Perform a stateless logout.

This function does not invalidate tokens server-side. Instead, it provides a standardized response indicating that the client must discard its token.

Returns:

Type Description LogoutResponse

LogoutResponse containing a logout confirmation message.

"},{"location":"jwtlib/app/#jwtlib.app.register_user","title":"register_user async","text":"
register_user(user: RegisterRequest, repo: Optional[UserRepository] = None) -> PublicUser\n

Register a new user.

Creates a new user record using the provided registration data.

Parameters:

Name Type Description Default user RegisterRequest

Registration payload containing username, email, and password.

required repo Optional[UserRepository]

Optional user repository instance. If not provided, a default repository is obtained via dependency utilities.

None

Returns:

Type Description PublicUser

The newly created user as a public user representation.

"},{"location":"jwtlib/exceptions/","title":"Exceptions","text":""},{"location":"jwtlib/exceptions/#jwtlib.exceptions","title":"jwtlib.exceptions","text":"

Authentication and authorization exceptions.

This module defines the exception hierarchy used throughout the authentication library to represent authentication, authorization, and service-level failures.

All exceptions inherit from AuthError, allowing consumers to catch authentication-related failures broadly or handle specific cases selectively.

"},{"location":"jwtlib/exceptions/#jwtlib.exceptions.AuthError","title":"AuthError","text":"

Bases: Exception

Base authentication and authorization error.

All authentication-related exceptions raised by this library inherit from this class.

Consumers may catch this exception to handle all auth failures uniformly, or catch more specific subclasses for finer control.

"},{"location":"jwtlib/exceptions/#jwtlib.exceptions.AuthServiceUnavailable","title":"AuthServiceUnavailable","text":"

Bases: AuthError

Raised when the authentication service cannot be reached.

Indicates a network failure, timeout, or unexpected error while communicating with the auth service.

"},{"location":"jwtlib/exceptions/#jwtlib.exceptions.InvalidAuthorizationHeader","title":"InvalidAuthorizationHeader","text":"

Bases: AuthError

Raised when the Authorization header is missing or incorrectly formatted.

Typically, indicates that the header is not present or does not follow the expected Bearer <token> format.

"},{"location":"jwtlib/exceptions/#jwtlib.exceptions.InvalidToken","title":"InvalidToken","text":"

Bases: AuthError

Raised when a JWT is missing, malformed, expired, or invalid.

This error indicates that the provided token cannot be used to authenticate a request.

"},{"location":"jwtlib/exceptions/#jwtlib.exceptions.NotAuthenticated","title":"NotAuthenticated","text":"

Bases: AuthError

Raised when authentication is required but no user context is present.

Typically used when attempting to access a protected operation without an authenticated user.

"},{"location":"jwtlib/exceptions/#jwtlib.exceptions.UserNotFound","title":"UserNotFound","text":"

Bases: AuthError

Raised when a valid token does not map to an existing user.

Indicates that authentication succeeded at the token level, but the associated user record could not be resolved.

"},{"location":"jwtlib/introspection/","title":"Introspection","text":""},{"location":"jwtlib/introspection/#jwtlib.introspection","title":"jwtlib.introspection","text":"

Auth client and access-control utilities.

This module provides pure authentication and authorization logic for validating JWTs via service-to-service introspection and resolving authenticated users.

Key characteristics: - No framework or HTTP routing dependencies - Async-first and fully typed - Designed for use by adapters (HTTP, CLI, background workers) - Delegates token validity decisions to an external auth service

Responsibilities: - Calling the auth service introspection endpoint - Translating introspection responses into typed user models - Enforcing access control decisions at the logic layer

This module does NOT: - Parse HTTP requests or headers - Implement authentication policies - Perform JWT signature verification locally

"},{"location":"jwtlib/introspection/#jwtlib.introspection.authenticate_request","title":"authenticate_request async","text":"
authenticate_request(should_skip_authentication: Callable[[str, str], bool], *, method: str, path: str, authorization_token: Optional[str]) -> Optional[PublicUser]\n

Authenticate an incoming request using token introspection.

Determines whether authentication should be skipped for the given request context and, if not, resolves the authenticated user via token introspection.

Parameters:

Name Type Description Default should_skip_authentication Callable[[str, str], bool]

Callable that decides whether authentication is required for a given HTTP method and path.

required method str

HTTP method of the incoming request.

required path str

Request path.

required authorization_token Optional[str]

JWT access token provided by the caller.

required

Returns:

Type Description Optional[PublicUser]

PublicUser if authentication succeeds.

Optional[PublicUser]

None if authentication is skipped.

Raises:

Type Description InvalidToken

If authentication is required but the token is missing, invalid, or revoked.

AuthServiceUnavailable

If the auth service cannot be reached.

Notes "},{"location":"jwtlib/introspection/#jwtlib.introspection.introspect_token","title":"introspect_token async","text":"
introspect_token(token: str) -> dict[str, Any]\n

Introspect a JWT using the external authentication service.

Sends the provided JWT to the configured auth service introspection endpoint and validates the response.

Parameters:

Name Type Description Default token str

JWT access token to introspect.

required

Returns:

Type Description dict[str, Any]

A dictionary containing the authenticated user's public payload.

Raises:

Type Description InvalidToken

If the token is missing, invalid, inactive, or revoked.

AuthServiceUnavailable

If the auth service cannot be reached or fails unexpectedly.

Notes "},{"location":"jwtlib/repository/","title":"Repository","text":""},{"location":"jwtlib/repository/#jwtlib.repository","title":"jwtlib.repository","text":""},{"location":"jwtlib/repository/#jwtlib.repository--userrepository-persistence-layer-for-authentication","title":"UserRepository: Persistence layer for authentication","text":"

This module defines the MongoDB-backed repository for managing user records, including creation, lookup, and credential verification.

"},{"location":"jwtlib/repository/#jwtlib.repository.UserRepository","title":"UserRepository","text":"
UserRepository()\n

Bases: BaseRepository[User]

"},{"location":"jwtlib/repository/#jwtlib.repository.UserRepository.authenticate_user","title":"authenticate_user async","text":"
authenticate_user(user_auth: LoginRequest) -> Optional[dict]\n

Verify user credentials and prepare a login response.

Parameters:

Name Type Description Default user_auth LoginRequest

Login credentials.

required

Returns:

Type Description Optional[dict]

A dictionary containing the access token and public user if successful,

Optional[dict]

otherwise None.

"},{"location":"jwtlib/repository/#jwtlib.repository.UserRepository.create","title":"create async","text":"
create(user_create: RegisterRequest) -> PublicUser\n

Create a new user record.

Parameters:

Name Type Description Default user_create RegisterRequest

Registration data including prospective password.

required

Returns:

Type Description PublicUser

A PublicUser representation of the created user.

"},{"location":"jwtlib/repository/#jwtlib.repository.UserRepository.get_active_users","title":"get_active_users async","text":"
get_active_users(skip: int = 0, limit: int = 100) -> List[User]\n

List all active users with pagination.

Parameters:

Name Type Description Default skip int

Number of records to skip.

0 limit int

Maximum number of records to return.

100

Returns:

Type Description List[User]

A list of active User documents.

"},{"location":"jwtlib/repository/#jwtlib.repository.UserRepository.get_by_email","title":"get_by_email async","text":"
get_by_email(email: str) -> Optional[User]\n

Retrieve a user by their unique email address.

Parameters:

Name Type Description Default email str

The email address to search for.

required

Returns:

Type Description Optional[User]

The User document if found, otherwise None.

"},{"location":"jwtlib/repository/#jwtlib.repository.UserRepository.get_by_username","title":"get_by_username async","text":"
get_by_username(username: str) -> Optional[User]\n

Retrieve a user by their unique username.

Parameters:

Name Type Description Default username str

The username to search for.

required

Returns:

Type Description Optional[User]

The User document if found, otherwise None.

"},{"location":"jwtlib/security/","title":"Security","text":""},{"location":"jwtlib/security/#jwtlib.security","title":"jwtlib.security","text":""},{"location":"jwtlib/security/#jwtlib.security.create_access_token","title":"create_access_token","text":"
create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str\n

Generate a new JWT access token.

Parameters:

Name Type Description Default data dict

Subject data to include in the token payload.

required expires_delta Optional[timedelta]

Optional expiration override.

None

Returns:

Type Description str

An encoded JWT string.

"},{"location":"jwtlib/security/#jwtlib.security.get_jwt_payload","title":"get_jwt_payload","text":"
get_jwt_payload(token: str) -> TokenPayload\n

Decode and validate a JWT, returning a strongly-typed payload.

Raises:

Type Description JWTError

if the token is invalid, expired, or malformed

"},{"location":"jwtlib/security/#jwtlib.security.hash_password","title":"hash_password","text":"
hash_password(password: str) -> str\n

Hash a plain-text password using the configured crypt context.

Parameters:

Name Type Description Default password str

The plain-text password to hash.

required

Returns:

Type Description str

The secure hash string.

"},{"location":"jwtlib/security/#jwtlib.security.verify_password","title":"verify_password","text":"
verify_password(plain_password: str, hashed_password: str) -> bool\n

Verify a plain-text password against a stored hash.

Parameters:

Name Type Description Default plain_password str

The unhashed password provided by the user.

required hashed_password str

The secure hash to verify against.

required

Returns:

Type Description bool

True if the password is valid, False otherwise.

"},{"location":"jwtlib/utils/","title":"Utils","text":""},{"location":"jwtlib/utils/#jwtlib.utils","title":"jwtlib.utils","text":""},{"location":"jwtlib/utils/#jwtlib.utils--auth-utilities-token-validation-and-user-resolution","title":"Auth Utilities: Token validation and user resolution","text":"

This module provides high-level helpers for validating JWT payloads and resolving users, intended for use in dependency injection or middleware.

"},{"location":"jwtlib/utils/#jwtlib.utils.get_current_user","title":"get_current_user async","text":"
get_current_user(token: str, repo: Optional[UserRepository] = None) -> PublicUser\n

Validate token and return authenticated public user.

Raises:

Type Description InvalidToken

If the token is missing, malformed, or invalid.

UserNotFound

If the token is valid, but the user does not exist in the repository.

"},{"location":"jwtlib/utils/#jwtlib.utils.get_validated_token_payload","title":"get_validated_token_payload","text":"
get_validated_token_payload(token: str) -> TokenPayload\n

Validate a JWT and return a typed payload.

Raises:

Type Description JWTError

if the token is invalid or malformed

"},{"location":"jwtlib/models/","title":"Models","text":""},{"location":"jwtlib/models/#jwtlib.models","title":"jwtlib.models","text":""},{"location":"jwtlib/models/#jwtlib.models--jwtlib-models-structured-data-for-authentication","title":"jwtlib Models: Structured Data for Authentication","text":"

This package defines the core data models used by jwtlib. These models are categorized into request payloads, response objects, persistence documents, and security context.

"},{"location":"jwtlib/models/#jwtlib.models--model-categories","title":"Model Categories","text":""},{"location":"jwtlib/models/#jwtlib.models--1-api-requests","title":"1. API Requests","text":""},{"location":"jwtlib/models/#jwtlib.models--2-api-responses","title":"2. API Responses","text":""},{"location":"jwtlib/models/#jwtlib.models--3-internal-security","title":"3. Internal & Security","text":""},{"location":"jwtlib/models/#jwtlib.models--usage-patterns","title":"Usage Patterns","text":""},{"location":"jwtlib/models/#jwtlib.models--validating-an-auth-request","title":"Validating an Auth Request","text":"
from jwtlib.models import LoginRequest\nfrom pydantic import ValidationError\n\ntry:\n    auth_data = LoginRequest(username=\"tester\", password=\"secure_password\")\nexcept ValidationError as e:\n    print(f\"Invalid request data: {e.json()}\")\n
"},{"location":"jwtlib/models/#jwtlib.models--projecting-a-user-to-public-view","title":"Projecting a User to Public View","text":"
from jwtlib.models import User, PublicUser\n\n# Assuming 'db_user' is an instance of User fetched from MongoDB\nuser_profile = PublicUser.model_validate(db_user, from_attributes=True)\nprint(f\"Safe to return: {user_profile.username} ({user_profile.email})\")\n

All models are built on Pydantic v2 and provide full type safety for both static analysis (Mypy/Pyright) and runtime validation.

"},{"location":"jwtlib/models/#jwtlib.models.IntrospectRequest","title":"IntrospectRequest","text":"

Bases: BaseModel

Payload for requesting token introspection.

Used by internal services to verify the validity of a JWT and retrieve the associated public user information.

Fields

token: JWT access token to introspect.

Notes "},{"location":"jwtlib/models/#jwtlib.models.IntrospectResponse","title":"IntrospectResponse","text":"

Bases: BaseModel

Result of a token introspection operation.

This model communicates whether a JWT is valid and, if so, provides the associated public user information.

Fields

active: Indicates whether the token is valid and active. user: Public user details if the token is valid; otherwise null.

Notes "},{"location":"jwtlib/models/#jwtlib.models.LoginRequest","title":"LoginRequest","text":"

Bases: IdentityMixin, PasswordMixin

Payload for authenticating a user and issuing a JWT.

This model is used to verify user credentials and request an access token.

Fields

username: Username identifier. password: Plain-text password to be verified.

Notes "},{"location":"jwtlib/models/#jwtlib.models.LoginResponse","title":"LoginResponse","text":"

Bases: BaseModel

Response returned after successful authentication.

Contains the issued JWT access token and the authenticated user's public profile.

Fields

access_token: JWT access token for authenticated requests. user: Public profile of the authenticated user.

Notes "},{"location":"jwtlib/models/#jwtlib.models.LogoutResponse","title":"LogoutResponse","text":"

Bases: BaseModel

Response returned after a logout operation.

Since logout is stateless, this response serves only as a confirmation message instructing the client to discard its token.

Fields

message: Human-readable logout confirmation.

"},{"location":"jwtlib/models/#jwtlib.models.PublicUser","title":"PublicUser","text":"

Bases: IdentityMixin, ActiveStateMixin

Public-facing user representation returned by authentication APIs.

This model represents a user profile that is safe to expose outside the authentication system.

Fields

username: Unique username identifier. email: User's email address. is_active: Whether the user account is active.

Notes "},{"location":"jwtlib/models/#jwtlib.models.RegisterRequest","title":"RegisterRequest","text":"

Bases: IdentityMixin, PasswordMixin

Payload for registering a new user account.

This model contains the minimum required identity and credential information to create a new user.

Fields

username: Unique username identifier. email: User's email address. password: Plain-text password (to be hashed by the repository layer).

Notes "},{"location":"jwtlib/models/#jwtlib.models.TokenPayload","title":"TokenPayload","text":"

Bases: BaseModel

Decoded JWT payload.

Represents the validated claims extracted from a JWT after signature verification. This model is used internally to enforce required claims and provide a typed interface to token data.

Fields

sub: Subject claim identifying the user (typically a username or user ID). exp: Expiration time as a Unix timestamp (seconds since epoch).

Notes "},{"location":"jwtlib/models/#jwtlib.models.User","title":"User","text":"

Bases: BaseDocument, IdentityMixin, ActiveStateMixin

Internal user persistence model.

Represents a user record as stored in the database. This model includes sensitive fields and is strictly confined to the persistence layer.

Fields

hashed_password: Secure hash of the user's password.

Notes "},{"location":"jwtlib/models/app/","title":"App","text":""},{"location":"jwtlib/models/app/#jwtlib.models.app","title":"jwtlib.models.app","text":"

Authentication request and response models.

This module defines all typed data models used by the authentication library for user registration, login, logout, and token introspection.

Model categories: - Request payloads used by authentication workflows - Public response models exposed to consumers - Introspection responses used for service-to-service authentication

These models are: - Fully typed (Pydantic v2) - Serialization-safe - Framework-agnostic - Suitable for both internal logic and external adapters

Persistence-layer models are intentionally excluded, except where explicitly adapted into public representations.

"},{"location":"jwtlib/models/app/#jwtlib.models.app.IntrospectRequest","title":"IntrospectRequest","text":"

Bases: BaseModel

Payload for requesting token introspection.

Used by internal services to verify the validity of a JWT and retrieve the associated public user information.

Fields

token: JWT access token to introspect.

Notes "},{"location":"jwtlib/models/app/#jwtlib.models.app.IntrospectResponse","title":"IntrospectResponse","text":"

Bases: BaseModel

Result of a token introspection operation.

This model communicates whether a JWT is valid and, if so, provides the associated public user information.

Fields

active: Indicates whether the token is valid and active. user: Public user details if the token is valid; otherwise null.

Notes "},{"location":"jwtlib/models/app/#jwtlib.models.app.LoginRequest","title":"LoginRequest","text":"

Bases: IdentityMixin, PasswordMixin

Payload for authenticating a user and issuing a JWT.

This model is used to verify user credentials and request an access token.

Fields

username: Username identifier. password: Plain-text password to be verified.

Notes "},{"location":"jwtlib/models/app/#jwtlib.models.app.LoginResponse","title":"LoginResponse","text":"

Bases: BaseModel

Response returned after successful authentication.

Contains the issued JWT access token and the authenticated user's public profile.

Fields

access_token: JWT access token for authenticated requests. user: Public profile of the authenticated user.

Notes "},{"location":"jwtlib/models/app/#jwtlib.models.app.LogoutResponse","title":"LogoutResponse","text":"

Bases: BaseModel

Response returned after a logout operation.

Since logout is stateless, this response serves only as a confirmation message instructing the client to discard its token.

Fields

message: Human-readable logout confirmation.

"},{"location":"jwtlib/models/app/#jwtlib.models.app.PublicUser","title":"PublicUser","text":"

Bases: IdentityMixin, ActiveStateMixin

Public-facing user representation returned by authentication APIs.

This model represents a user profile that is safe to expose outside the authentication system.

Fields

username: Unique username identifier. email: User's email address. is_active: Whether the user account is active.

Notes "},{"location":"jwtlib/models/app/#jwtlib.models.app.RegisterRequest","title":"RegisterRequest","text":"

Bases: IdentityMixin, PasswordMixin

Payload for registering a new user account.

This model contains the minimum required identity and credential information to create a new user.

Fields

username: Unique username identifier. email: User's email address. password: Plain-text password (to be hashed by the repository layer).

Notes "},{"location":"jwtlib/models/common/","title":"Common","text":""},{"location":"jwtlib/models/common/#jwtlib.models.common","title":"jwtlib.models.common","text":""},{"location":"jwtlib/models/mongo/","title":"Mongo","text":""},{"location":"jwtlib/models/mongo/#jwtlib.models.mongo","title":"jwtlib.models.mongo","text":"

Persistence-layer user model.

This module defines the internal database representation of a user. It is used exclusively by the repository and persistence layers and must never be exposed directly to consumers.

Public-facing user data is provided via dedicated projection models.

"},{"location":"jwtlib/models/mongo/#jwtlib.models.mongo.User","title":"User","text":"

Bases: BaseDocument, IdentityMixin, ActiveStateMixin

Internal user persistence model.

Represents a user record as stored in the database. This model includes sensitive fields and is strictly confined to the persistence layer.

Fields

hashed_password: Secure hash of the user's password.

Notes "},{"location":"jwtlib/models/security/","title":"Security","text":""},{"location":"jwtlib/models/security/#jwtlib.models.security","title":"jwtlib.models.security","text":"

JWT token payload models.

This module defines typed representations of decoded JWT payloads used internally for token validation and user resolution.

"},{"location":"jwtlib/models/security/#jwtlib.models.security.TokenPayload","title":"TokenPayload","text":"

Bases: BaseModel

Decoded JWT payload.

Represents the validated claims extracted from a JWT after signature verification. This model is used internally to enforce required claims and provide a typed interface to token data.

Fields

sub: Subject claim identifying the user (typically a username or user ID). exp: Expiration time as a Unix timestamp (seconds since epoch).

Notes "}]}