FastAPI Interactive Tutorials
FastAPI Basics • Lesson 28

Security - Get Current User

Learn how to create user models and dependencies to get the current authenticated user in FastAPI endpoints

Get Current User

🎯 What You'll Learn

  • Create Pydantic user models for security
  • Build dependencies to extract current user from tokens
  • Use sub-dependencies for complex authentication workflows
  • Implement secure endpoints that receive user data

📚 Theory

In the previous chapter the security system (which is based on the dependency injection system) was giving the path operation function a token as a str. But that is still not that useful.

Let's make it give us the current user.

Create a User Model

First, let's create a Pydantic user model. The same way we use Pydantic to declare bodies, we can use it anywhere else:

class User(BaseModel):
    username: str
    email: Union[str, None] = None
    full_name: Union[str, None] = None
    disabled: Union[bool, None] = None

Create a get_current_user Dependency

Let's create a dependency get_current_user. Remember that dependencies can have sub-dependencies?

get_current_user will have a dependency with the same oauth2_scheme we created before. The same as we were doing before in the path operation directly, our new dependency get_current_user will receive a token as a str from the sub-dependency oauth2_scheme:

async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
    user = fake_decode_token(token)
    return user

Get the User

get_current_user will use a (fake) utility function we created, that takes a token as a str and returns our Pydantic User model:

def fake_decode_token(token):
    return User(
        username=token + "fakedecoded", email="john@example.com", full_name="John Doe"
    )

Inject the Current User

So now we can use the same Depends with our get_current_user in the path operation:

@app.get("/users/me")
async def read_users_me(current_user: Annotated[User, Depends(get_current_user)]):
    return current_user

Notice that we declare the type of current_user as the Pydantic model User. This will help us inside of the function with all the completion and type checks.

🔧 Key Concepts

  • User Models: Pydantic models that represent user data in your application
  • Dependency Chains: Dependencies that have sub-dependencies for complex workflows
  • Current User Pattern: A common security pattern where endpoints receive the authenticated user
  • Type Safety: Using proper type annotations helps with code completion and validation

💡 Best Practices

  • Create separate user models for different contexts (UserInDB vs User response)
  • Use meaningful function names like get_current_user
  • Leverage FastAPI's dependency injection for security concerns
  • Keep security logic separate from business logic
  • Use type annotations for better development experience

🔗 Additional Resources

💡 Hint

Remember that dependencies can have sub-dependencies - your get_current_user function will depend on the oauth2_scheme

Ready to Practice?

Now that you understand the theory, let's put it into practice with hands-on coding!

Start Interactive Lesson