Comprehensive authentication and authorization library for Python
Project description
authfort
Complete authentication and authorization library for Python.
Install
pip install authfort[fastapi]
# or with SQLite: pip install authfort[sqlite,fastapi]
Quick Start
from authfort import AuthFort, CookieConfig
from fastapi import FastAPI, Depends
auth = AuthFort(
database_url="postgresql+asyncpg://user:pass@localhost/mydb",
cookie=CookieConfig(),
)
app = FastAPI()
app.include_router(auth.fastapi_router(), prefix="/auth")
app.include_router(auth.jwks_router())
@app.get("/profile")
async def profile(user=Depends(auth.current_user)):
return {"email": user.email, "roles": user.roles}
Endpoints
| Method | Path | Description |
|---|---|---|
| POST | /auth/signup | Create account |
| POST | /auth/login | Sign in |
| POST | /auth/refresh | Refresh access token |
| POST | /auth/logout | Sign out |
| GET | /auth/me | Get current user |
| POST | /auth/magic-link | Request magic link |
| POST | /auth/magic-link/verify | Verify magic link |
| POST | /auth/otp | Request email OTP |
| POST | /auth/otp/verify | Verify email OTP |
| POST | /auth/verify-email | Verify email address |
| GET | /auth/oauth/{provider}/authorize | Start OAuth flow |
| GET | /auth/oauth/{provider}/callback | OAuth callback |
| POST | /auth/introspect | Token introspection |
| GET | /.well-known/jwks.json | Public signing keys |
Features
- Email/password auth with argon2 hashing
- JWT RS256 with automatic key management
- Refresh token rotation with theft detection
- OAuth 2.1 with PKCE (Google, GitHub, or any provider via GenericOAuthProvider/GenericOIDCProvider)
- Email verification, magic links, email OTP (passwordless)
- Role-based access control
- Password reset (programmatic — you control delivery)
- Change password (with old password verification)
- Session management (list, revoke, revoke all except current)
- Ban/unban users
- Rate limiting — per-endpoint IP + email based, in-memory sliding window, pluggable storage
- Admin user management — list, search, get, delete users programmatically
- Event hooks (24 event types)
- JWKS + key rotation
- Cookie and bearer token modes
- Multi-database: PostgreSQL (default), SQLite, MySQL via SQLAlchemy
OAuth
from authfort import AuthFort, GoogleProvider, GitHubProvider, GenericOIDCProvider
auth = AuthFort(
database_url="...",
providers=[
GoogleProvider(client_id="...", client_secret="..."),
GitHubProvider(client_id="...", client_secret="..."),
GenericOIDCProvider(
"keycloak",
client_id="...",
client_secret="...",
discovery_url="https://keycloak.example.com/realms/myrealm/.well-known/openid-configuration",
),
],
)
Programmatic API
# Create users without the HTTP endpoint
result = await auth.create_user("admin@example.com", "password", name="Admin")
# Roles
await auth.add_role(user_id, "admin")
await auth.remove_role(user_id, "editor")
# Password reset (you handle delivery — email, SMS, etc.)
token = await auth.create_password_reset_token("user@example.com")
if token:
send_email(email, f"https://myapp.com/reset?token={token}")
await auth.reset_password(token, "new_password")
# Change password (authenticated)
await auth.change_password(user_id, "old_password", "new_password")
# Sessions
sessions = await auth.get_sessions(user_id, active_only=True)
await auth.revoke_session(session_id)
await auth.revoke_all_sessions(user_id, exclude=user.session_id) # keep current
# Ban/unban
await auth.ban_user(user_id)
await auth.unban_user(user_id)
# Admin user management
users = await auth.list_users(query="john", role="admin", limit=20)
user = await auth.get_user(user_id)
await auth.delete_user(user_id)
count = await auth.get_user_count(banned=True)
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
authfort-0.0.20.tar.gz
(92.3 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
authfort-0.0.20-py3-none-any.whl
(69.7 kB
view details)
File details
Details for the file authfort-0.0.20.tar.gz.
File metadata
- Download URL: authfort-0.0.20.tar.gz
- Upload date:
- Size: 92.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.2 {"installer":{"name":"uv","version":"0.11.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f01cb44173d134b64106cc15c1c178a66bb8d0414d00b5736274676a652d1872
|
|
| MD5 |
41b2664e8213ad511a25181b98c35cb3
|
|
| BLAKE2b-256 |
6086c0e5b9d7a3f07de336184574779f3bfbb335bf5a5e83931f92f23b4b1f31
|
File details
Details for the file authfort-0.0.20-py3-none-any.whl.
File metadata
- Download URL: authfort-0.0.20-py3-none-any.whl
- Upload date:
- Size: 69.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.2 {"installer":{"name":"uv","version":"0.11.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
825bd40d676a3e677950d23422d32d8de30f47782b6433420e65fb838babf786
|
|
| MD5 |
0ddde9c1112eb3d7591f6580a7a5721c
|
|
| BLAKE2b-256 |
ff336023ada68bf005986b3eabbdf851faebf95bd4fcbce3ea660a4dcc8dd322
|
