anzar 0.5.7

Anzar is a lightweight authentication and authorization framework that runs as a separate microservice

Anzar SDK Documentation

Server Middleware

The server SDK provides two middleware functions for protecting your routes using JWT tokens issued by your Anzar Auth container.

📝 Note: JWT vs. Session

Depending on what Authentication strategy you choose, use these middleware functions accordingly

---

Jwt

require_auth

Verifies the JWT token and attaches the authenticated user's ID to the request object. Use this to protect any route that requires a logged-in user.

import os

from flask import g
from flask import Flask, jsonify
from anzar.server.flask import require_auth, JwtAuth

app = Flask(__name__)

jwt_auth = JwtAuth(
    audience = os.getenv("AUDIENCE"),
    issuerBaseURL = os.getenv("ISSUER"),
)

@app.route("/protected")
@require_jwt(jwt_auth)
def me():
    return jsonify(g.user_id)

---

require_role

Verifies the JWT token and checks that the token includes a specific role. Use this to restrict routes to users with a particular permission level.

import os

from flask import g
from flask import Flask, jsonify
from anzar.server.flask import require_role, JwtAuth

app = Flask(__name__)

jwt_auth = JwtAuth(
    audience = os.getenv("AUDIENCE"),
    issuerBaseURL = os.getenv("ISSUER"),
)

@app.route("/admin")
@require_role(jwt_auth, roles="admin", permissions=["users:delete"])
def admin():
    return jsonify(f"admin panel, {g.user_id}")

---

Session

require_auth

Verifies the session and attaches the authenticated user's ID to the request object. Use this to protect routes when using session-based authentication instead of JWT tokens.

import os

from flask import g
from flask import Flask, jsonify
from anzar.server.flask import require_auth, SessionAuth

app = Flask(__name__)

session_auth = SessionAuth(url = "localhost:3000")

@app.route("/protected")
@require_session(session_auth)
def me():
    return jsonify(g.user_id)

---

require_role

Verifies the session and checks that the session includes a specific role. Use this to restrict routes to users with a particular permission level when using session-based authentication instead of JWT tokens.

import os

from flask import g
from flask import Flask, jsonify
from anzar.server import require_role, SessionAuth

app = Flask(__name__)

session_auth = SessionAuth(url = "localhost:3000")

@app.route("/admin")
@require_session_role(session_auth, roles="admin", permissions=["users:delete"])
def admin():
    return jsonify(f"admin panel, {g.user_id}")

---

Client

Install The Python SDK

In a python project run the following command to install the anzar package.

uv

$ uv add anzar

pip

# in a virtual env run
$ pip install anzar

Create Anzar Auth Instance

in your main entry file (main.py for example), import Anzar and create your auth instance

# Initialize once at application startup
# The SDK will communicate with your Anzar container at the configured api_url

from anzar import Anzar
from anzar.adapters import RedisStorage
from anzar.types import SdkOptions 

options = SdkOptions(storage=RedisStorage(), url="localhost:3000", auth="jwt")
anzar = Anzar(options)

if RedisStorage was chosen as an Adapter, make sure to install anzar as optional dependencie with redis extra === "uv" bash $ uv add anzar[redis] === "pip" bash $ pip install anzar[redis]

---

Basic Usage

Anzar provides authentication support for email and password.

📝 Note: Other methods of authentication will be implemented later

Sign Up

To sign up a user you need to call the method register with the user's information.

from anzar.types import AuthResponse, ErrorCode

(data, error) = await anzar.Auth.register({
  "username": "username",
  "email": "user@example.com",
  "password": "password"
})

if data:
    print(data)

if error:
    if error.code == ErrorCode.InvalidCredentials:
        show_error("Invalid email or password.")
    elif error.code == ErrorCode.AccountNotVerified:
        show_error("Please verify your email before logging in.")

📝 Note: By default, the users are automatically signed in after they successfully sign up. Disabling this behavior will be implemented later

Sign In

To sign in a user you need to call the method login.

from anzar.types import ApiException, AuthResponse, ErrorCode

(response, error) = await anzar.Auth.login(
    LoginRequest(email="user@example.com", password="password")
)
if error:
    print("code:", error.code)
    print("message:", error.message)
print(response)