Prev Next

Python / FastAPI Interview Questions

How do you implement OAuth2 password flow with JWT tokens in FastAPI?

FastAPI provides OAuth2PasswordBearer and OAuth2PasswordRequestForm helpers for the standard username/password token flow. The pattern: client POSTs credentials → server returns a JWT → client sends JWT in Authorization: Bearer <token> header on subsequent requests.

from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from typing import Annotated
from datetime import datetime, timedelta
import jwt  # pip install PyJWT

app = FastAPI()
SECRET_KEY = "your-secret-key"  # use a strong random key in production!
ALGORITHM = "HS256"

# Tells FastAPI where clients obtain tokens — used in OpenAPI docs
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token")

# 1. Login endpoint — returns a JWT
@app.post("/token")
def login(form: Annotated[OAuth2PasswordRequestForm, Depends()]):
    if form.username != "alice" or form.password != "secret":
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
            headers={"WWW-Authenticate": "Bearer"},
        )
    # Create JWT token
    payload = {
        "sub": form.username,
        "exp": datetime.utcnow() + timedelta(minutes=30),
    }
    token = jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM)
    return {"access_token": token, "token_type": "bearer"}

# 2. Dependency that decodes and validates the token
def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username = payload.get("sub")
        if not username:
            raise ValueError
    except Exception:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Could not validate credentials",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return username

# 3. Protected endpoint
@app.get("/me")
def read_me(current_user: Annotated[str, Depends(get_current_user)]):
    return {"username": current_user}
What does OAuth2PasswordBearer(tokenUrl='/token') do in FastAPI?
In the OAuth2 password flow, what header does the client send on protected API requests?

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is FastAPI and what are its key advantages over Flask or Django REST Framework? How do you create and run a minimal FastAPI application? What is the difference between path parameters and query parameters in FastAPI? How do you receive and validate a JSON request body in FastAPI? How do you use Pydantic models for data validation and what validation features does FastAPI support? What is the response_model parameter in FastAPI and why should you use it? How do you add validation constraints to path and query parameters using Path() and Query()? How do you control HTTP status codes and return custom responses in FastAPI? What is FastAPI's dependency injection system and how do you use it? How do you organise a FastAPI application with multiple routers (APIRouter)? What is middleware in FastAPI and how do you add custom middleware? When should you use async def vs def for route handlers in FastAPI? What are BackgroundTasks in FastAPI and when should you use them? How do you implement OAuth2 password flow with JWT tokens in FastAPI? How do you implement role-based access control (RBAC) using FastAPI dependencies? How do you integrate an async SQLAlchemy database with FastAPI? How do you manage database schema migrations in a FastAPI project with Alembic? How do you write tests for a FastAPI application using pytest and TestClient? How do you create custom exception handlers in FastAPI? How do you handle form data and file uploads in FastAPI? How do you manage environment variables and settings in FastAPI with Pydantic Settings? How do you run startup and shutdown logic in FastAPI using lifespan? How do you implement WebSocket endpoints in FastAPI? How do you containerise and deploy a FastAPI application with Docker? What are the key production deployment considerations for a FastAPI application? What are the key differences between Pydantic v1 and v2, and how does FastAPI use Pydantic v2? How do you add caching to FastAPI endpoints to improve performance? How do you customise the OpenAPI documentation in FastAPI? How do you integrate FastAPI with Celery for reliable background task processing? How do you measure and improve the performance of a FastAPI application? How do you use class-based dependencies and sub-dependencies in FastAPI? How do you test async FastAPI endpoints and async dependencies? How do you stream large responses in FastAPI using StreamingResponse? How do you add GraphQL support to a FastAPI application with Strawberry? How does FastAPI handle validation errors and how can you customise the error response format? What is the scope of a FastAPI dependency, and how do you share state across requests? How do you read HTTP headers and cookies in FastAPI? What are the most important FastAPI best practices for a production-ready API?
Show more question and Answers...

Tools

Comments & Discussions

Interviews Questions

About Javapedia.net

Javapedia.net is for Java and J2EE developers, technologist and college students who prepare of interview. Also this site includes many practical examples.

This site is developed using J2EE technologies by Steve Antony, a senior Developer/lead at one of the logistics based company.

contact: javatutorials2016[at]gmail[dot]com

Kindly consider donating for maintaining this website. Thanks.

Copyright © 2026, javapedia.net, all rights reserved. privacy policy.

DMCA.com Protection Status