Bird
Raised Fist0
FastAPIframework~10 mins

JWT token creation in FastAPI - Interactive Code Practice

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to import the JWT encode function from the correct library.

FastAPI
from jose import [1]
Drag options to blanks, or click blank then click option'
Adecode
Bencode
Cjwt
Dtoken
Attempts:
3 left
💡 Hint
Common Mistakes
Importing encode directly instead of jwt module
Using decode instead of jwt
Importing from wrong library
2fill in blank
medium

Complete the code to define the secret key used for signing the JWT token.

FastAPI
SECRET_KEY = '[1]'
Drag options to blanks, or click blank then click option'
Ajwtsecret
Bmysecretkey123
C123456
Dtokenkey
Attempts:
3 left
💡 Hint
Common Mistakes
Using an integer instead of a string
Leaving the secret key empty
Using a too simple or insecure key
3fill in blank
hard

Fix the error in the code to correctly encode the JWT token with payload and secret key.

FastAPI
token = jwt.[1](payload, SECRET_KEY, algorithm='HS256')
Drag options to blanks, or click blank then click option'
Aencode
Bdecode
Csign
Dcreate
Attempts:
3 left
💡 Hint
Common Mistakes
Using decode instead of encode
Using a non-existent function like sign or create
Misspelling the function name
4fill in blank
hard

Fill both blanks to create a payload dictionary with username and expiration time.

FastAPI
payload = {'sub': [1], 'exp': [2]
Drag options to blanks, or click blank then click option'
A'user123'
Bdatetime.utcnow() + timedelta(minutes=30)
C'admin'
Dtime.time() + 1800
Attempts:
3 left
💡 Hint
Common Mistakes
Using time.time() instead of datetime for expiration
Putting username without quotes
Using wrong keys in the payload
5fill in blank
hard

Fill all three blanks to import needed modules and create a JWT token with expiration.

FastAPI
from datetime import [1], [2]

payload = {'sub': 'admin', 'exp': datetime.utcnow() + [3](minutes=15)}
token = jwt.encode(payload, SECRET_KEY, algorithm='HS256')
Drag options to blanks, or click blank then click option'
Adatetime
Btimedelta
Dtime
Attempts:
3 left
💡 Hint
Common Mistakes
Importing time instead of timedelta
Using timedelta without import
Confusing datetime and timedelta order

Practice

(1/5)
1. What is the main purpose of creating a JWT token in FastAPI?
easy
A. To style the user interface
B. To send emails automatically
C. To connect to a database
D. To securely store user information for authentication

Solution

  1. Step 1: Understand JWT token purpose

    JWT tokens are used to safely carry user data for authentication.

  2. Step 2: Identify correct use in FastAPI

    FastAPI uses JWT tokens to verify user identity securely.

  3. Final Answer:

    To securely store user information for authentication -> Option D

  4. Quick Check:

    JWT purpose = secure user info [OK]
Hint: JWT tokens are for secure user identity, not UI or DB [OK]
Common Mistakes:
  • Confusing JWT with UI styling or database connection
  • Thinking JWT sends emails
  • Assuming JWT stores passwords directly
2. Which of the following is the correct way to import the function to create JWT tokens in FastAPI using PyJWT?
easy
A. import jwt.encode
B. from fastapi import jwt_encode
C. from jwt import encode
D. from fastapi.security import create_jwt

Solution

  1. Step 1: Identify the JWT library used

    PyJWT is commonly used and provides an encode function imported as 'from jwt import encode'.

  2. Step 2: Check FastAPI imports

    FastAPI itself does not provide jwt_encode or create_jwt functions directly.

  3. Final Answer:

    from jwt import encode -> Option C

  4. Quick Check:

    PyJWT encode import = from jwt import encode [OK]
Hint: PyJWT encode is imported from jwt, not fastapi [OK]
Common Mistakes:
  • Trying to import JWT functions directly from FastAPI
  • Using incorrect import syntax
  • Confusing module names
3. Given this code snippet, what will be the output of the print(token) statement? 
from jwt import encode

payload = {"user_id": 123}
secret = "mysecret"
algorithm = "HS256"
token = encode(payload, secret, algorithm=algorithm)
print(token)
medium
A. A JWT token string encoded with user_id 123
B. An error because algorithm parameter is missing
C. The original payload dictionary printed
D. None, because encode returns nothing

Solution

  1. Step 1: Understand encode function behavior

    The encode function creates a JWT token string from the payload using the secret and algorithm.

  2. Step 2: Analyze the code snippet

    Payload and secret are provided correctly, algorithm is set to HS256, so encode returns a JWT token string.

  3. Final Answer:

    A JWT token string encoded with user_id 123 -> Option A

  4. Quick Check:

    encode returns JWT string [OK]
Hint: encode returns a token string, not the original data [OK]
Common Mistakes:
  • Expecting encode to print the payload
  • Missing algorithm causes error (not true here)
  • Thinking encode returns None
4. Identify the error in this JWT token creation code snippet: 
from jwt import encode

payload = {"user_id": 42}
secret = "secretkey"
token = encode(payload, secret)
print(token)
medium
A. Missing algorithm parameter causes an error
B. No error; code runs correctly
C. Secret key should be bytes, not string
D. Payload must be a string, not a dictionary

Solution

  1. Step 1: Check encode function requirements

    PyJWT's encode has a default algorithm='HS256', so it is not strictly required.

  2. Step 2: Analyze the code snippet

    The code calls encode with payload and secret; algorithm defaults to HS256, so it runs correctly and produces a token.

  3. Final Answer:

    No error; code runs correctly -> Option B

  4. Quick Check:

    Algorithm defaults to HS256 = no error [OK]
Hint: PyJWT encode defaults to HS256 algorithm [OK]
Common Mistakes:
  • Assuming algorithm defaults to HS256
  • Thinking payload must be string
  • Believing secret must be bytes
5. You want to create a JWT token in FastAPI that expires in 30 minutes. Which code snippet correctly adds the expiration time to the payload before encoding?
hard
A. payload = {"user_id": 1, "exp": datetime.utcnow() + timedelta(minutes=30)}
B. payload = {"user_id": 1, "exp": str(datetime.utcnow() + timedelta(minutes=30))}
C. payload = {"user_id": 1, "exp": time.time() + 1800}
D. payload = {"user_id": 1, "exp": datetime.now() + timedelta(minutes=30)}

Solution

  1. Step 1: Understand JWT expiration format

    The 'exp' claim must be a UTC datetime or a timestamp representing expiration time.

  2. Step 2: Evaluate each option

    payload = {"user_id": 1, "exp": datetime.utcnow() + timedelta(minutes=30)} uses datetime.utcnow() + timedelta for 30 minutes, which is correct. payload = {"user_id": 1, "exp": str(datetime.utcnow() + timedelta(minutes=30))} converts datetime to string, which is invalid. payload = {"user_id": 1, "exp": time.time() + 1800} uses time.time() but JWT expects datetime or timestamp as int, so this may cause issues. payload = {"user_id": 1, "exp": datetime.now() + timedelta(minutes=30)} uses datetime.now() which is local time, not UTC, causing potential errors.

  3. Final Answer:

    payload = {"user_id": 1, "exp": datetime.utcnow() + timedelta(minutes=30)} -> Option A

  4. Quick Check:

    Use UTC datetime for 'exp' claim [OK]
Hint: Use datetime.utcnow() + timedelta for expiration [OK]
Common Mistakes:
  • Using local time instead of UTC
  • Converting datetime to string for 'exp'
  • Using wrong time functions like time.time() without conversion