• Add significant improvements to authentication and authorization features.
• Add built-in support for API Key Authentication.
• Add built-in support for Basic Authentication.
• Add built-in support for JWT Bearer authentication validating JWTs signed using symmetric encryption (previously the built-in classes only supported using asymmetric encryption to validate JWTs).
• Improve the JWTBearerAuthentication class to support validating JWTs with both asymmetric and symmetric encryption.
• Improve the code that generates OpenAPI Documentation to automatically include security securitySchemes and security sections by Authentication handlers configured in the application. The feature can be extended with user-defined authentication handlers.
• Improve the @auth decorator to support specifying sufficient roles to authorize requests (@auth(roles=["admin"])).
• Upgrade GuardPost to 1.0.3, as it includes improved features to handle roles and JWT validation using symmetric encryption.
• Upgrade essentials to 1.1.8 as it includes a Secret class to handle secrets in code. This class is used for safe handling of secrets in API Keys, Basic Credentials, and symmetric encryption for JWT Bearer authentication. It will be used in the future in all circumstances where BlackSheep code needs user-defined secrets.
• Remove the code that required four env variables to be configured for the OTLP exporter (in the use_open_telemetry_otlp function), because it didn't cover legitimate use cases supported by the OpenTelemetry SDK. It is responsibility of the developers to configure env variables according to their preference for OTLP.

• The framework has been tested for cryptography>=46.0.0 and therefore update the dependency to cryptography>=45.0.2,<47.0.0.

  :::python """ This example shows a basic example of API Key and Basic Authentication in BlackSheep.

  uvicorn apitest:app --port 44777

  curl http://127.0.0.1:44777 -H "X-API-Key: Foo" """

  from dataclasses import dataclass

  from essentials.secrets import Secret from openapidocs.v3 import Info

  from blacksheep import Application, get from blacksheep.server.authentication.apikey import APIKey, APIKeyAuthentication from blacksheep.server.authentication.basic import BasicAuthentication, BasicCredentials from blacksheep.server.authorization import auth, allow_anonymous from blacksheep.server.openapi.v3 import OpenAPIHandler

  app = Application()

  app.use_authentication().add( APIKeyAuthentication( APIKey( secret=Secret("$API_SECRET"), # Obtained from API_SECRET env var roles=["user"], ), param_name="X-API-Key", ) ).add( BasicAuthentication( BasicCredentials( username="admin", password=Secret("$ADMIN_PASSWORD"), # Obtained from ADMIN_PASSWORD env var roles=["admin"], ) ) )

  app.use_authorization()

  See the generated docs and how they include security sections

  docs = OpenAPIHandler(info=Info(title="Example API", version="0.0.1")) docs.bind_app(app)

  @dataclass class Foo: foo: str

  @allow_anonymous() @get("/") async def get_foo() -> Foo: return Foo("Hello!")

  @auth() @get("/claims") async def get_claims(request): return request.user.claims

  @auth(roles=["admin"], authentication_schemes=["Basic"]) @get("/for-admins") async def for_admins_only(request): return request.user.claims

  if name == "main": import uvicorn

  uvicorn.run(app, port=44777)
  

[!TIP]

For a tutorial on OTLP and how it can be used with BlackSheep and an OpenTelemetry Collector self-hosted in Kubernetes, see: https://robertoprevato.github.io/K8sStudies/k3s/monitoring/ This tutorial explains how to self-host a monitoring stack in a single node in Kubernetes, but the BlackSheep OTLP example is applicable to Grafana Cloud, too.