session_auth

class litestar.security.session_auth.SessionAuth

Bases: Generic[UserType, BaseSessionBackendT], AbstractSecurityConfig[UserType, dict[str, Any]]

Session Based Security Backend.

session_backend_config: BaseBackendConfig[BaseSessionBackendT]

A session backend config.

retrieve_user_handler: Callable[[Any, ASGIConnection], SyncOrAsyncUnion[Any | None]]

Callable that receives the auth value from the authentication middleware and returns a user value.

Notes

• User and Auth can be any arbitrary values specified by the security backend.

• The User and Auth values will be set by the middleware as scope["user"] and scope["auth"] respectively. Once provided, they can access via the connection.user and connection.auth properties.

• The callable can be sync or async. If it is sync, it will be wrapped to support async.

authentication_middleware_class

alias of SessionAuthMiddleware

guards: Iterable[Guard] | None = None

An iterable of guards to call for requests, providing authorization functionalities.

exclude: str | tuple[str, ...] | None = None

A pattern or list of patterns to skip in the authentication middleware.

exclude_opt_key: str = 'exclude_from_auth'

An identifier to use on routes to disable authentication and authorization checks for a particular route.

__init__(session_backend_config: BaseBackendConfig[BaseSessionBackendT], retrieve_user_handler: Callable[[Any, ASGIConnection], SyncOrAsyncUnion[Any | None]], authentication_middleware_class: type[SessionAuthMiddleware] = <class 'litestar.security.session_auth.middleware.SessionAuthMiddleware'>, guards: Iterable[Guard] | None = None, exclude: str | tuple[str, ...] | None = None, exclude_opt_key: str = 'exclude_from_auth', exclude_http_methods: Sequence[Method] | None = <factory>, scopes: Scopes | None = None, route_handlers: Iterable[ControllerRouterHandler] | None = None, dependencies: dict[str, Provide] | None = None, type_encoders: TypeEncodersMap | None = None) → None

scopes: Scopes | None = None

ASGI scopes processed by the authentication middleware, if None, both http and websocket will be processed.

route_handlers: Iterable[ControllerRouterHandler] | None = None

An optional iterable of route handlers to register.

dependencies: dict[str, Provide] | None = None

An optional dictionary of dependency providers.

type_encoders: TypeEncodersMap | None = None

A mapping of types to callables that transform them into types supported for serialization.

property session_backend: BaseSessionBackendT

Create a session backend.

Returns:

A subclass of BaseSessionBackend

property openapi_components: Components

Create OpenAPI documentation for the Session Authentication schema used.

Returns:

An Components instance.

property security_requirement: dict[str, list[str]]

Return OpenAPI 3.1.

SecurityRequirement for the auth backend.

Returns:

An OpenAPI 3.1 SecurityRequirement dictionary.

class litestar.security.session_auth.middleware.SessionAuthMiddleware

Bases: BaseAuthenticationMiddleware

Session Authentication Middleware.

__init__(session_auth: SessionAuth) → None

Session based authentication middleware.

Parameters:

session_auth – SessionAuth instance.

async authenticate_request(connection: ASGIConnection[Any, Any, Any, Any]) → AuthenticationResult

Authenticate an incoming connection.

Parameters:

connection – An ASGIConnection instance.

Raises:

NotAuthorizedException – if session data is empty or user is not found.

Returns:

AuthenticationResult