A framework-agnostic, batteries-included authentication library for Python.
Project description
🔒 deadbolt
A framework-agnostic, batteries-included authentication library for Python.
Own your auth. Mount it on any framework. No hosted service, no lock-in.
Status: pre-alpha (Phase 0 — architecture & scaffold). The public API below is the target shape; implementation lands in Phase 1. See
docs/ARCHITECTURE.mdand the design plan.
deadbolt is what Better Auth is for the TypeScript world, rebuilt
idiomatically for Python: a self-hosted auth engine with a database-adapter abstraction, signed
cookie-based sessions, and a plugin system — that mounts onto any Python web framework.
Why
- Framework-agnostic. One async-first core speaks a normalized request/response contract; a ~30-line adapter mounts it on FastAPI, Starlette, Litestar, Flask, Django, Quart, Sanic, aiohttp…
- Bring your own database. A uniform adapter interface (built on SQLAlchemy 2.0 Core) covers Postgres/MySQL/SQLite; Django ORM and in-memory adapters ship too.
- Secure by default. Argon2id hashing, opaque DB-backed sessions, signed
__Host-cookies, session rotation on privilege change — the OWASP session model, not a pile of footguns. - Alias-first API. Everything hangs off one object:
import deadbolt as db→db.Auth(...).
Install
pip install deadbolt # core
pip install "deadbolt[fastapi,sqlalchemy]" # + integration + adapter
Quickstart (target API)
import deadbolt as db
from deadbolt.integrations.fastapi import mount
auth = db.Auth(
adapter=db.SQLAlchemyAdapter(engine),
secret=SECRET, # 32+ random bytes
email_and_password=db.EmailPassword(enabled=True),
)
# Mount on any framework — this is the whole integration:
mount(app, auth, prefix="/api/auth")
# ...or call endpoints directly, no HTTP:
session = await auth.api.sign_in_email(email="a@b.com", password="…")
Scope (v0.1 — Core only)
Email/password sign-up · sign-in · sign-out · get-session · change-password · password reset. Social OAuth, 2FA, passkeys, organizations, and the CLI are plugins on the roadmap.
Development
uv sync --all-extras --group dev
uv run pre-commit install
uv run pytest
uv run ruff check . && uv run ruff format --check . && uv run mypy
Security
Please report vulnerabilities via GitHub private advisories — see SECURITY.md.
Never open a public issue for a security bug.
License
MIT © the deadbolt contributors.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file deadbolt-0.1.0.tar.gz.
File metadata
- Download URL: deadbolt-0.1.0.tar.gz
- Upload date:
- Size: 211.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
27357674cf848f088663b2ae1a34fd59e5b8bbd01cd07a0213c04edf64dae6fa
|
|
| MD5 |
cc7e7a5e73afc682eab5ee9fa4f8b22e
|
|
| BLAKE2b-256 |
120373c95b0829d95ed73541112a56f05c67bffe144d556a412401f81f6d31ae
|
Provenance
The following attestation bundles were made for deadbolt-0.1.0.tar.gz:
Publisher:
release.yml on ruban-s/deadbolt
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
deadbolt-0.1.0.tar.gz -
Subject digest:
27357674cf848f088663b2ae1a34fd59e5b8bbd01cd07a0213c04edf64dae6fa - Sigstore transparency entry: 2115534536
- Sigstore integration time:
-
Permalink:
ruban-s/deadbolt@0966bd42a0a18bcf6059f8646b6b8f73e845f52f -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/ruban-s
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@0966bd42a0a18bcf6059f8646b6b8f73e845f52f -
Trigger Event:
push
-
Statement type:
File details
Details for the file deadbolt-0.1.0-py3-none-any.whl.
File metadata
- Download URL: deadbolt-0.1.0-py3-none-any.whl
- Upload date:
- Size: 63.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
524d891fd8225e138dbf77aee00ecf63ec9af5000c8a18e98a62d76b2aaf3300
|
|
| MD5 |
9814a14eccf44617b41892b7e3be14e1
|
|
| BLAKE2b-256 |
5c30477c7ae101ebd3144105a33965d7c4ab34d065d4d774115698dd01787d2c
|
Provenance
The following attestation bundles were made for deadbolt-0.1.0-py3-none-any.whl:
Publisher:
release.yml on ruban-s/deadbolt
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
deadbolt-0.1.0-py3-none-any.whl -
Subject digest:
524d891fd8225e138dbf77aee00ecf63ec9af5000c8a18e98a62d76b2aaf3300 - Sigstore transparency entry: 2115534743
- Sigstore integration time:
-
Permalink:
ruban-s/deadbolt@0966bd42a0a18bcf6059f8646b6b8f73e845f52f -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/ruban-s
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@0966bd42a0a18bcf6059f8646b6b8f73e845f52f -
Trigger Event:
push
-
Statement type: