Batteries-included authentication toolkit for FastAPI — a friendly fork of reauth

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pmpmpm from gravatar.com pmpmpm

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License Copyright (c) 2026, François Voron Permission is hereby granted, free of charge, to an...
  • Author: aegistry
  • Requires: Python >=3.12
  • Provides-Extra: all , fastapi , password , sqlalchemy
Classifiers
Report project as malware

Project description

Aegistry

Batteries-included authentication for FastAPI

Aegistry is an authentication toolkit for Python with first-class FastAPI integration: Email/Password, Email OTP, Google Sign-In, LINE Login, MFA (TOTP, backup codes), and session management — on Python 3.12+.

[!NOTE] Aegistry's core is a friendly fork of reauth 0.1.8 (MIT, © 2026 François Voron), backported to Python 3.12. Aegistry adds the integration layers reauth doesn't ship yet: password & LINE factors, post-login session management, SQLAlchemy stores, and ready-made FastAPI routers. We aim to stay architecturally compatible with reauth and upstream what makes sense.

Architecture

aegistry/
├── crypto.py                  # opaque tokens + HMAC-SHA256 hash pairs
├── amr.py                     # RFC 8176 Authentication Method References
├── authentication_session.py  # pre-login MFA state machine (steps, AMR)
├── session.py                 # post-login sessions (sliding expiration)
├── factors/
│   ├── password.py            # argon2id via pwdlib          [aegistry]
│   ├── email_otp.py           # one-time codes by email
│   ├── totp.py / hotp.py / backup_codes.py
│   └── oauth2/
│       ├── base.py            # OAuth2 authorization code + PKCE
│       ├── oidc.py            # discovery, JWKS, id_token validation
│       ├── google.py / github.py / apple.py
│       └── line.py            # LINE Login v2.1               [aegistry]
└── contrib/
    ├── sqlalchemy/            # ready-made async stores        [aegistry]
    └── fastapi/               # routers, dependencies, cookies [aegistry]

clients/                       # TypeScript SDK (pnpm workspace) [aegistry]
├── packages/client            # @aegistry/client — core, getServerSession
└── packages/react             # @aegistry/react — useSession()

For the Next.js/React side, see clients/README.md.

Design principles (inherited from reauth, shared with Better Auth):

  • Framework-agnostic core. Factors and services are plain async Python with abstract persistence methods. contrib/ packages depend on the core — never the reverse.
  • Tokens are opaque, prefixed, and stored hashed. Only HMAC-SHA256 hashes hit the database.
  • MFA by construction. Login is an authentication session that factors advance step by step; it completes only when no required factor remains.
  • PKCE + state + nonce on every OAuth2/OIDC flow.

Installation

pip install "aegistry[all]"            # everything
pip install "aegistry[fastapi,sqlalchemy,password]"

Quickstart (FastAPI + SQLAlchemy)

from aegistry.contrib.fastapi import AuthConfig, get_password_router, get_oauth2_login_router
from aegistry.contrib.sqlalchemy import create_tables

config = AuthConfig(success_redirect_url="/app")
tables = create_tables(metadata)  # or define your own tables/stores

app.include_router(
    get_password_router(
        factor_dependency=get_password_factor,
        authentication_session_service_dependency=get_authentication_session_service,
        session_service_dependency=get_session_service,
        identity_resolver_dependency=get_identity_resolver,
        config=config,
    ),
    prefix="/auth",
)
app.include_router(
    get_oauth2_login_router(
        identifier="google",
        factor_dependency=get_google_factor,
        authentication_session_service_dependency=get_authentication_session_service,
        session_service_dependency=get_session_service,
        identity_resolver_dependency=get_identity_resolver,
        scope=["openid", "email", "profile"],
        config=config,
    ),
    prefix="/auth",
)

Your app provides the dependencies (wired to your database session) and an IdentityResolver mapping verified emails to your user rows; aegistry provides the flows. See tests/contrib/test_fastapi_routers.py for a complete, runnable wiring.

Provider notes

  • Google — pure OIDC; GoogleOAuth2Factor validates id_tokens against Google's JWKS. Email arrives with email_verified.
  • LINELineOAuth2Factor validates id_tokens through LINE's verify endpoint (web-login tokens are HS256-signed with the channel secret, so JWKS validation can't be used). The email scope requires applying for permission in the LINE Developers console, and LINE never returns email_verified — don't auto-link LINE accounts to existing users by email without an extra verification step.

Status

Early scaffold — APIs unstable. See upstream reauth for the core roadmap.

License

MIT. Contains code from reauth, © 2026 François Voron, MIT licensed.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pmpmpm from gravatar.com pmpmpm

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License Copyright (c) 2026, François Voron Permission is hereby granted, free of charge, to an...
  • Author: aegistry
  • Requires: Python >=3.12
  • Provides-Extra: all , fastapi , password , sqlalchemy
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aegistry-0.1.0.tar.gz (64.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aegistry-0.1.0-py3-none-any.whl (64.3 kB view details)

Uploaded Python 3

File details

Details for the file aegistry-0.1.0.tar.gz.

File metadata

  • Download URL: aegistry-0.1.0.tar.gz
  • Upload date:
  • Size: 64.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.21 {"installer":{"name":"uv","version":"0.9.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for aegistry-0.1.0.tar.gz
Algorithm Hash digest
SHA256 25359113399262e7cb0b0ad6861dcbcb12c463ce71ca686716b46061e59f204c
MD5 67681bb6af564aabfe095961d72a08a8
BLAKE2b-256 0b2d72f6ad5daaed567ef455a67bb7041bf1308f4821296e5c0258b334bc0d94

See more details on using hashes here.

File details

Details for the file aegistry-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: aegistry-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 64.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.21 {"installer":{"name":"uv","version":"0.9.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for aegistry-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e93af5bd66617cc821c8e018b9d11c9623ddff3d58798a9b504805dac9f9b656
MD5 2b70545b55bba0c93d534fb316b694a8
BLAKE2b-256 cfdbecaad652c2f4e9ff5ad95781c07145d3724a2c426893f7a09bd9feaa39de

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page