Skip to content

App

jwtlib.models.app

Authentication request and response models.

This module defines all typed data models used by the authentication library for user registration, login, logout, and token introspection.

Model categories: - Request payloads used by authentication workflows - Public response models exposed to consumers - Introspection responses used for service-to-service authentication

These models are: - Fully typed (Pydantic v2) - Serialization-safe - Framework-agnostic - Suitable for both internal logic and external adapters

Persistence-layer models are intentionally excluded, except where explicitly adapted into public representations.

IntrospectRequest

Bases: BaseModel

Payload for requesting token introspection.

Used by internal services to verify the validity of a JWT and retrieve the associated public user information.

Fields

token: JWT access token to introspect.

Notes
  • Intended for service-to-service communication.
  • Not meant for direct end-user consumption.

IntrospectResponse

Bases: BaseModel

Result of a token introspection operation.

This model communicates whether a JWT is valid and, if so, provides the associated public user information.

Fields

active: Indicates whether the token is valid and active. user: Public user details if the token is valid; otherwise null.

Notes
  • This model is designed to avoid raising exceptions.
  • All introspection outcomes are represented as data.

LoginRequest

Bases: IdentityMixin, PasswordMixin

Payload for authenticating a user and issuing a JWT.

This model is used to verify user credentials and request an access token.

Fields

username: Username identifier. password: Plain-text password to be verified.

Notes
  • Successful authentication results in a LoginResponse.
  • Failed authentication raises an AuthError.

LoginResponse

Bases: BaseModel

Response returned after successful authentication.

Contains the issued JWT access token and the authenticated user's public profile.

Fields

access_token: JWT access token for authenticated requests. user: Public profile of the authenticated user.

Notes
  • The token is stateless and must be stored client-side.
  • Token expiration and validation are handled elsewhere.

LogoutResponse

Bases: BaseModel

Response returned after a logout operation.

Since logout is stateless, this response serves only as a confirmation message instructing the client to discard its token.

Fields

message: Human-readable logout confirmation.

PublicUser

Bases: IdentityMixin, ActiveStateMixin

Public-facing user representation returned by authentication APIs.

This model represents a user profile that is safe to expose outside the authentication system.

Fields

username: Unique username identifier. email: User's email address. is_active: Whether the user account is active.

Notes
  • Contains no sensitive data.
  • Can be constructed from persistence models via from_attributes.

RegisterRequest

Bases: IdentityMixin, PasswordMixin

Payload for registering a new user account.

This model contains the minimum required identity and credential information to create a new user.

Fields

username: Unique username identifier. email: User's email address. password: Plain-text password (to be hashed by the repository layer).

Notes
  • Validation and normalization handled by mixins.
  • This model is never returned in responses.