Skip to main content

A framework-agnostic, batteries-included authentication library for Python.

Project description

🔒 deadbolt

A framework-agnostic, batteries-included authentication library for Python. Own your auth, mount it on any framework — no hosted service, no lock-in.

PyPI Python License: MIT Typed

deadbolt is what Better Auth is for the TypeScript world, rebuilt idiomatically for Python: a self-hosted auth engine with a database-adapter abstraction, signed cookie-based sessions, and a plugin system — mountable onto any Python web framework.

Why

  • Framework-agnostic. One async-first core speaks a normalized request/response contract; a ~30-line adapter mounts it on FastAPI, Starlette, Flask, and more. WSGI frameworks are served from the async core through a background-loop sync bridge.
  • Bring your own database. A uniform adapter interface (built on SQLAlchemy 2.0 Core) covers Postgres/MySQL/SQLite; an in-memory adapter ships for tests and local dev.
  • Secure by default. Argon2id hashing, opaque DB-backed sessions stored hashed, signed __Host- cookies, session rotation, rate limiting, origin-based CSRF checks, and timing-safe sign-in.
  • Alias-first API. Everything hangs off one object: import deadbolt as dbdb.Auth(...).

Install

pip install deadbolt                          # core (email/password + sessions)
pip install "deadbolt[fastapi,sqlalchemy]"    # + a framework mount + a database adapter
pip install "deadbolt[all]"                   # everything, including every plugin's deps

Quickstart

import deadbolt as db
from deadbolt.integrations.fastapi import mount

auth = db.Auth(
    adapter=db.MemoryAdapter(),                 # or db.SQLAlchemyAdapter(engine)
    secret=SECRET,                              # 32+ random bytes
    email_and_password=db.EmailPassword(enabled=True),
)

# Mount on any framework — this is the whole integration:
mount(app, auth, prefix="/api/auth")

# ...or call endpoints directly, no HTTP:
result = await auth.api.sign_in_email(email="a@b.com", password="…", as_response=True)

Add features by dropping in plugins:

from deadbolt.plugins.oauth import social, google
from deadbolt.plugins.totp import totp
from deadbolt.plugins.passkeys import passkeys

auth = db.Auth(
    adapter=db.MemoryAdapter(),
    secret=SECRET,
    email_and_password=db.EmailPassword(enabled=True),
    plugins=[
        social(providers=[google(client_id=..., client_secret=..., redirect_uri=...)]),
        totp(),
        passkeys(rp_id="example.com", rp_name="Example", origin="https://example.com"),
    ],
)

Plugins

Plugin Import What it adds
Username deadbolt.plugins.username Sign in with a username
Magic link deadbolt.plugins.magic_link Passwordless email links
Email OTP deadbolt.plugins.email_otp Passwordless email codes
Phone OTP deadbolt.plugins.phone Passwordless SMS codes
Social OAuth deadbolt.plugins.oauth Google, GitHub, or any OAuth2/OIDC provider
Passkeys deadbolt.plugins.passkeys WebAuthn registration + authentication
TOTP 2FA deadbolt.plugins.totp Authenticator apps + backup codes
Organizations deadbolt.plugins.organization Multi-tenancy, RBAC, invitations, teams
API keys deadbolt.plugins.api_keys Machine-to-machine keys
Admin deadbolt.plugins.admin Roles, bans, user management
JWT deadbolt.plugins.jwt Stateless bearer tokens

CLI

Generate SQL DDL for your full schema (core plus every enabled plugin) from your Auth config:

deadbolt generate --config myapp.auth:auth --dialect postgresql

Development

uv sync --all-extras --group dev
uv run pre-commit install
uv run pytest
uv run ruff check . && uv run ruff format --check . && uv run mypy

Security

Please report vulnerabilities via GitHub private advisories — see SECURITY.md in the repository. Never open a public issue for a security bug. The architecture spec and STRIDE threat model live in the repository's docs/ directory.

License

MIT © the deadbolt contributors.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

deadbolt-0.2.1.tar.gz (256.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

deadbolt-0.2.1-py3-none-any.whl (67.2 kB view details)

Uploaded Python 3

File details

Details for the file deadbolt-0.2.1.tar.gz.

File metadata

  • Download URL: deadbolt-0.2.1.tar.gz
  • Upload date:
  • Size: 256.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for deadbolt-0.2.1.tar.gz
Algorithm Hash digest
SHA256 ad4107149da40fc33596274e9b3d73e8c0d2f02fd810f24b0a895470e9a0623d
MD5 8733b848ab9a886bc7425ffbcca9881c
BLAKE2b-256 c113b1be8fdfc7a79c8abfc8bb0be386712cf767bfadc4e2e9ac458b46282e47

See more details on using hashes here.

Provenance

The following attestation bundles were made for deadbolt-0.2.1.tar.gz:

Publisher: release.yml on ruban-s/deadbolt

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file deadbolt-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: deadbolt-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 67.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for deadbolt-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ee926e1e97ee513d64da4426709edb9a35446c0b150a81da2d3af7eb89680d67
MD5 25cea4b5a3e52150b6e39e3f49fe1b3c
BLAKE2b-256 c030e2b6eeafa55ea76b271e093ada4f8169e7f12beac614fe174d33f2a90a63

See more details on using hashes here.

Provenance

The following attestation bundles were made for deadbolt-0.2.1-py3-none-any.whl:

Publisher: release.yml on ruban-s/deadbolt

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page