How can you combine FastAPI's protected routes with role-based access control (RBAC) to restrict access to admin users only?

hard🧠 Conceptual Q9 of 15

FastAPI - Authentication and Security

AExtract token with OAuth2PasswordBearer, decode user roles, and raise HTTPException if role is not 'admin'

BUse OAuth2PasswordBearer and allow all roles without checks

CSkip token extraction and check roles from query parameters

DUse OAuth2PasswordBearer and return all users regardless of role

Step-by-Step Solution

Solution:

Step 1: Use OAuth2PasswordBearer to get the token securely
This extracts the token from the request headers.
Step 2: Decode the token to get user roles and check if 'admin' is present
If the user is not an admin, raise HTTPException to deny access.
Final Answer:
Extract token with OAuth2PasswordBearer, decode user roles, and raise HTTPException if role is not 'admin' -> Option A
Quick Check:
RBAC requires role check after token extraction [OK]

Quick Trick: Decode token roles and restrict access by role inside route [OK]

Common Mistakes:

MISTAKES

Master "Authentication and Security" in FastAPI

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More FastAPI Quizzes