📝 Update tutorial/security/oauth2-jwt/ to use pwdlib with Argon2 instead of passlib
#13917
Conversation
|
📝 Docs preview for commit b7ccf4d at: https://5c635b73.fastapitiangolo.pages.dev Modified Pages |
|
Related discussions:
A few notes:
|
pwdlib support with Argon2 instead of passlibtutorial/security/oauth2-jwt/ to use pwdlib with Argon2 instead of passlib
Thank you for your response and your feedback. I’ve taken it into account and removed As for the tutorials in other languages, I think we have two options: either mark them as invalid, as you suggested, or try translating them ourselves using some translation tools and then wait for native speakers to correct them if the translation isn't good. |
This comment was marked as outdated.
This comment was marked as outdated.
|
📝 Docs preview for commit 0ebc05a at: https://9c53e263.fastapitiangolo.pages.dev Modified Pages |
|
This pull request has a merge conflict that needs to be resolved. |
|
📝 Docs preview for commit 4234890 at: https://ee34b83f.fastapitiangolo.pages.dev Modified Pages |
|
📝 Docs preview for commit 9d696f8 a 8000 t: https://aea3b30c.fastapitiangolo.pages.dev Modified Pages |
There was a problem hiding this comment.
Awesome, thank you! 🚀 🎉
I removed the Russian translation so we can do that later in another PR.
We'll do it later on our end (@YuriiMotov will do it as part of a bigger translation system upgrade). 😎
Plus a typo fix in tutorial/security/oauth2-jwt.md line 89.
Reason for Change: Migrating to
pwdlibandArgon2for Modern Password ManagementThis PR aims to modernize project's password hashing approach, transitioning from the aging
passlib/bcryptcombination to a more contemporary and secure solution:pwdlibpaired with theArgon2algorithm.Key Motivations for this Change:
passlib& Python 3.13+ Compatibility Issue:cryptmodule, utilized bypasslibfor certain operations, is officially deprecated and slated for complete removal in Python 3.13 (as per PEP 594).pwdlibdocumentation,passlibhas not been actively maintained recently, raising questions about its long-term support. This impliespasslibwill become incompatible with future Python versions, potentially blocking upgrades or necessitating urgent alternatives.pwdlibwas specifically created to address this gap, offering a modern, actively maintained tool for password hashing designed for the "modern Python era."Industry Standard and
fastapi-usersAdoption:fastapi-userslibrary, commonly used fo user management in FastAPI, has already adoptedpwdlibandArgon2since version 13.0.0. This can be verified in their commit history (see v13.0.0...master comparison).cryptdeprecation warning (Issue #1325), underscoring the broader community's recognition of this critical issue.Argon2's Superiority Overbcrypt:bcrypthas long been a reliable choice,Argon2is now considered the most preferred password hashing algorithm, recommended by the IETF and winner of the Password Hashing Competition.Argon2is designed to be memory-hard, requiring significant amounts of memory, which makes it particularly resistant to GPU-based brute-force attacks that are becoming increasingly common.bcryptis less resilient in this regard as it primarily relies on computational complexity.Argon2offers more flexible parameters (time, memory, parallelism), allowing for better adaptation to specific security requirements and hardware capabilities.Argon2has undergone extensive cryptographic analysis and is widely regarded as a robust choice for password protection.Argon2, please refer to: