FastAPI authentication backend for Auth Kit
Project description
Auth Kit FastAPI
FastAPI authentication backend for Auth Kit. Provides a complete authentication solution with JWT tokens, passkeys, 2FA, and more.
Installation
pip install auth-kit-fastapi
Quick Start
from fastapi import FastAPI
from auth_kit_fastapi import create_auth_app, AuthConfig
app = FastAPI()
# Configure authentication
auth_config = AuthConfig(
database_url="postgresql://localhost/myapp",
jwt_secret="your-secret-key",
features={
"passkeys": True,
"two_factor": True,
"email_verification": True
}
)
# Create auth app
auth_app = create_auth_app(auth_config)
# Mount auth routes
app.mount("/api/auth", auth_app)
Features
- 🔐 JWT-based authentication with refresh tokens
- 🔑 WebAuthn/Passkey support
- 🔒 Two-factor authentication (TOTP)
- 📧 Email verification
- 🔄 Password reset flow
- 👤 User management
- 🗄️ SQLAlchemy ORM support
- 🔍 Extensible user model
- 🛡️ Security best practices
Configuration
from auth_kit_fastapi import AuthConfig
config = AuthConfig(
# Database
database_url="postgresql://user:pass@localhost/db",
# JWT Settings
jwt_secret="your-secret-key",
jwt_algorithm="HS256",
access_token_expire_minutes=30,
refresh_token_expire_days=7,
# Passkey Settings
passkey_rp_id="localhost",
passkey_rp_name="My App",
passkey_origin="http://localhost:3000",
# Email Settings
email_from="noreply@example.com",
email_from_name="My App",
# Features
features={
"passkeys": True,
"two_factor": True,
"email_verification": True,
"social_login": ["google", "github"]
}
)
Custom User Model
Extend the base User model with your own fields:
from auth_kit_fastapi import BaseUser
from sqlalchemy import Column, String
class User(BaseUser):
__tablename__ = "users"
# Add custom fields
company_name = Column(String, nullable=True)
department = Column(String, nullable=True)
API Endpoints
All endpoints are mounted under your chosen prefix (e.g., /api/auth):
Authentication
POST /register- Register new userPOST /login- Login with email/passwordPOST /logout- Logout userPOST /refresh- Refresh access tokenGET /me- Get current user
Password Management
POST /password/change- Change passwordPOST /password/reset- Request password resetPOST /password/reset/confirm- Confirm password reset
Email Verification
GET /verify-email/{token}- Verify emailPOST /resend-verification- Resend verification email
Passkeys
GET /passkeys- List user's passkeysPOST /passkeys/register/begin- Begin passkey registrationPOST /passkeys/register/complete- Complete passkey registrationPOST /passkeys/authenticate/begin- Begin passkey authenticationPOST /passkeys/authenticate/complete- Complete passkey authenticationDELETE /passkeys/{id}- Delete passkey
Two-Factor Authentication
POST /2fa/setup/begin- Begin 2FA setupPOST /2fa/setup/verify- Verify and enable 2FAPOST /2fa/disable- Disable 2FAPOST /2fa/verify/login- Verify 2FA during loginPOST /2fa/recovery-codes- Regenerate recovery codes
Middleware & Dependencies
Use the provided dependencies to protect your routes:
from fastapi import Depends
from auth_kit_fastapi import get_current_user, require_verified_user
@app.get("/protected")
async def protected_route(user = Depends(get_current_user)):
return {"message": f"Hello {user.email}"}
@app.get("/verified-only")
async def verified_only(user = Depends(require_verified_user)):
return {"message": "Only verified users can see this"}
Events & Hooks
Subscribe to authentication events:
from auth_kit_fastapi import auth_events
@auth_events.on("user_registered")
async def on_user_registered(user):
# Send welcome email
print(f"New user registered: {user.email}")
@auth_events.on("user_logged_in")
async def on_user_logged_in(user):
# Log login event
print(f"User logged in: {user.email}")
Changelog
Version 0.3.3 (2025-01-07)
- Fixed: Base64url decoding for passkey challenges
- Properly handles base64url encoded challenges (with
-and_characters) - Fixes 400 errors when challenges are sent in base64url format from frontend
- Properly handles base64url encoded challenges (with
Version 0.3.2 (2025-01-07)
- Fixed: Passkey challenge handling for proxy/CORS scenarios
- Challenges can now be provided in the request body as a fallback when session cookies aren't maintained
- Fixes "Registration session expired" errors in environments with proxy setups (e.g., Next.js, Vercel)
- Maintains backward compatibility with session-based challenge storage
Version 0.3.1
- Initial public release with full authentication features
License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
auth_kit_fastapi-0.3.5.tar.gz
(40.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file auth_kit_fastapi-0.3.5.tar.gz.
File metadata
- Download URL: auth_kit_fastapi-0.3.5.tar.gz
- Upload date:
- Size: 40.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3f0481b96659af3c98733b55b752fda17902a6e4822c615cd3cead1396ff688f
|
|
| MD5 |
f52f05f5d3d306164c15ddcd4aacfc34
|
|
| BLAKE2b-256 |
7e5072a85379a7ffda52dac6c824e65dd9044e46c7da4ce7c56b4bf48d29a9ea
|
File details
Details for the file auth_kit_fastapi-0.3.5-py3-none-any.whl.
File metadata
- Download URL: auth_kit_fastapi-0.3.5-py3-none-any.whl
- Upload date:
- Size: 50.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bf118334dcf8a73a5f4a5d7062e9784f41608244ed61b544ab183d9c59729d4d
|
|
| MD5 |
9febab94fdf935cdfaa178955fd42501
|
|
| BLAKE2b-256 |
bcda1b7c2e6968e24425648dbf396e9d70e9486b052d57264118d0289369e446
|
