FastAPI authentication backend for Auth Kit
Project description
Auth Kit FastAPI
FastAPI authentication backend for Auth Kit. Provides a complete authentication solution with JWT tokens, passkeys, 2FA, and more.
Installation
pip install auth-kit-fastapi
Quick Start
from fastapi import FastAPI
from auth_kit_fastapi import create_auth_app, AuthConfig
app = FastAPI()
# Configure authentication
auth_config = AuthConfig(
database_url="postgresql://localhost/myapp",
jwt_secret="your-secret-key",
features={
"passkeys": True,
"two_factor": True,
"email_verification": True
}
)
# Create auth app
auth_app = create_auth_app(auth_config)
# Mount auth routes
app.mount("/api/auth", auth_app)
Features
- 🔐 JWT-based authentication with refresh tokens
- 🔑 WebAuthn/Passkey support
- 🔒 Two-factor authentication (TOTP)
- 📧 Email verification
- 🔄 Password reset flow
- 👤 User management
- 🗄️ SQLAlchemy ORM support
- 🔍 Extensible user model
- 🛡️ Security best practices
Configuration
from auth_kit_fastapi import AuthConfig
config = AuthConfig(
# Database
database_url="postgresql://user:pass@localhost/db",
# JWT Settings
jwt_secret="your-secret-key",
jwt_algorithm="HS256",
access_token_expire_minutes=30,
refresh_token_expire_days=7,
# Passkey Settings
passkey_rp_id="localhost",
passkey_rp_name="My App",
passkey_origin="http://localhost:3000",
# Email Settings
email_from="noreply@example.com",
email_from_name="My App",
# Features
features={
"passkeys": True,
"two_factor": True,
"email_verification": True,
"social_login": ["google", "github"]
}
)
Custom User Model
Extend the base User model with your own fields:
from auth_kit_fastapi import BaseUser
from sqlalchemy import Column, String
class User(BaseUser):
__tablename__ = "users"
# Add custom fields
company_name = Column(String, nullable=True)
department = Column(String, nullable=True)
API Endpoints
All endpoints are mounted under your chosen prefix (e.g., /api/auth):
Authentication
POST /register- Register new userPOST /login- Login with email/passwordPOST /logout- Logout userPOST /refresh- Refresh access tokenGET /me- Get current user
Password Management
POST /password/change- Change passwordPOST /password/reset- Request password resetPOST /password/reset/confirm- Confirm password reset
Email Verification
GET /verify-email/{token}- Verify emailPOST /resend-verification- Resend verification email
Passkeys
GET /passkeys- List user's passkeysPOST /passkeys/register/begin- Begin passkey registrationPOST /passkeys/register/complete- Complete passkey registrationPOST /passkeys/authenticate/begin- Begin passkey authenticationPOST /passkeys/authenticate/complete- Complete passkey authenticationDELETE /passkeys/{id}- Delete passkey
Two-Factor Authentication
POST /2fa/setup/begin- Begin 2FA setupPOST /2fa/setup/verify- Verify and enable 2FAPOST /2fa/disable- Disable 2FAPOST /2fa/verify/login- Verify 2FA during loginPOST /2fa/recovery-codes- Regenerate recovery codes
Middleware & Dependencies
Use the provided dependencies to protect your routes:
from fastapi import Depends
from auth_kit_fastapi import get_current_user, require_verified_user
@app.get("/protected")
async def protected_route(user = Depends(get_current_user)):
return {"message": f"Hello {user.email}"}
@app.get("/verified-only")
async def verified_only(user = Depends(require_verified_user)):
return {"message": "Only verified users can see this"}
Events & Hooks
Subscribe to authentication events:
from auth_kit_fastapi import auth_events
@auth_events.on("user_registered")
async def on_user_registered(user):
# Send welcome email
print(f"New user registered: {user.email}")
@auth_events.on("user_logged_in")
async def on_user_logged_in(user):
# Log login event
print(f"User logged in: {user.email}")
Changelog
Version 0.3.3 (2025-01-07)
- Fixed: Base64url decoding for passkey challenges
- Properly handles base64url encoded challenges (with
-and_characters) - Fixes 400 errors when challenges are sent in base64url format from frontend
- Properly handles base64url encoded challenges (with
Version 0.3.2 (2025-01-07)
- Fixed: Passkey challenge handling for proxy/CORS scenarios
- Challenges can now be provided in the request body as a fallback when session cookies aren't maintained
- Fixes "Registration session expired" errors in environments with proxy setups (e.g., Next.js, Vercel)
- Maintains backward compatibility with session-based challenge storage
Version 0.3.1
- Initial public release with full authentication features
License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
auth-kit-fastapi-0.3.3.tar.gz
(39.3 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file auth-kit-fastapi-0.3.3.tar.gz.
File metadata
- Download URL: auth-kit-fastapi-0.3.3.tar.gz
- Upload date:
- Size: 39.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0a8b1febd44deb31dc516a8b7c703045635cafed08440d0ba01a2ca33cd5c467
|
|
| MD5 |
6cc5fa43dc8c04f88300d8dbc0fd09e1
|
|
| BLAKE2b-256 |
f134857358b158e3aa806786bf7b0f80e41711359cd888ea7ac4bfdd00ee30e9
|
File details
Details for the file auth_kit_fastapi-0.3.3-py3-none-any.whl.
File metadata
- Download URL: auth_kit_fastapi-0.3.3-py3-none-any.whl
- Upload date:
- Size: 50.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3d0b91e523ac14c40161023fa603d9fb7d83727c56bab5b9579726611f83cbd9
|
|
| MD5 |
f3db60b631ea1c0e35dff362343f0983
|
|
| BLAKE2b-256 |
cbe64afa36b92ecb5d549eb2e9210c26f3ff1a108266948a9fde28b79de7bfd7
|
