Production-grade, async-native authentication and authorization library for FastAPI
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
FastAPI FullAuth
Production-grade, async-native authentication and authorization for FastAPI.
Documentation: https://mdfarhankc.github.io/fastapi-fullauth
Source Code: https://github.com/mdfarhankc/fastapi-fullauth
Add a complete authentication and authorization system to your FastAPI project. FastAPI FullAuth is designed to be production-ready, async-native, and pluggable — handling JWT tokens, refresh rotation, password hashing, email verification, OAuth2 social login, and role-based access out of the box.
Features
- JWT access + refresh tokens with configurable expiry
- Refresh token rotation with reuse detection — revokes entire session family on replay
- Password hashing via Argon2id (default) or bcrypt, with transparent rehashing
- Email verification and password reset flows with event hooks
- OAuth2 social login — Google and GitHub, with multi-redirect-URI support
- Role-based access control —
CurrentUser,VerifiedUser,SuperUser,require_role() - Rate limiting — per-route auth limits + global middleware (memory or Redis)
- CSRF protection and security headers middleware, auto-wired
- Pluggable adapters — SQLModel, SQLAlchemy, or in-memory
- Auto-derived schemas — custom user fields picked up automatically
- Event hooks —
after_register,after_login,send_verification_email, etc. - Custom JWT claims — embed app-specific data in tokens
- Structured logging — all auth events, security violations, and failures logged
- Redis support — token blacklist and rate limiter backends
- Python 3.10 – 3.14 supported
Installation
pip install fastapi-fullauth
# with an ORM adapter
pip install fastapi-fullauth[sqlmodel]
pip install fastapi-fullauth[sqlalchemy]
# with Redis for token blacklisting
pip install fastapi-fullauth[sqlmodel,redis]
# with OAuth2 social login
pip install fastapi-fullauth[sqlmodel,oauth]
# everything
pip install fastapi-fullauth[all]
Quick start
from fastapi import FastAPI
from fastapi_fullauth import FullAuth
from fastapi_fullauth.adapters.memory import InMemoryAdapter
app = FastAPI()
fullauth = FullAuth(
secret_key="your-secret-key",
adapter=InMemoryAdapter(),
)
fullauth.init_app(app)
That's it — 15+ auth routes are registered under /api/v1/auth/ automatically.
Omit secret_key in dev and a random one is generated (tokens won't survive restarts).
Routes
| Method | Path | Description |
|---|---|---|
POST |
/auth/register |
Create a new user |
POST |
/auth/login |
Authenticate, get tokens |
POST |
/auth/logout |
Blacklist token |
POST |
/auth/refresh |
Rotate token pair |
GET |
/auth/me |
Get current user |
GET |
/auth/me/verified |
Verified users only |
PATCH |
/auth/me |
Update profile |
DELETE |
/auth/me |
Delete account |
POST |
/auth/change-password |
Change password |
POST |
/auth/verify-email/request |
Request verification email |
POST |
/auth/verify-email/confirm |
Confirm email |
POST |
/auth/password-reset/request |
Request password reset |
POST |
/auth/password-reset/confirm |
Reset password |
POST |
/auth/admin/assign-role |
Assign role (superuser) |
POST |
/auth/admin/remove-role |
Remove role (superuser) |
With OAuth enabled, additional routes are registered under /auth/oauth/. All routes are prefixed with /api/v1 by default.
Custom user fields
Define your model — schemas are auto-derived:
from sqlmodel import Field, Relationship
from fastapi_fullauth.adapters.sqlmodel import (
UserBase, Role, UserRoleLink, RefreshTokenRecord, SQLModelAdapter,
)
class User(UserBase, table=True):
__tablename__ = "fullauth_users"
display_name: str = Field(default="", max_length=100)
phone: str = Field(default="", max_length=20)
roles: list[Role] = Relationship(link_model=UserRoleLink)
refresh_tokens: list[RefreshTokenRecord] = Relationship()
fullauth = FullAuth(
secret_key="...",
adapter=SQLModelAdapter(session_maker, user_model=User),
)
Registration and response schemas pick up display_name and phone automatically. No separate schema classes needed.
Protected routes
from fastapi import Depends
from fastapi_fullauth.dependencies import CurrentUser, VerifiedUser, SuperUser, require_role
@app.get("/profile")
async def profile(user: CurrentUser):
return user
@app.get("/dashboard")
async def dashboard(user: VerifiedUser):
return {"email": user.email}
@app.delete("/admin/users/{id}")
async def delete_user(user: SuperUser):
...
@app.get("/editor")
async def editor_panel(user=Depends(require_role("editor"))):
...
OAuth2 social login
fullauth = FullAuth(
secret_key="...",
adapter=adapter,
oauth_providers={
"google": {
"client_id": "your-google-client-id",
"client_secret": "your-google-secret",
"redirect_uris": [
"http://localhost:3000/auth/callback",
"https://myapp.com/auth/callback",
],
},
"github": {
"client_id": "your-github-client-id",
"client_secret": "your-github-secret",
"redirect_uri": "http://localhost:3000/auth/callback",
},
},
)
Requires httpx: pip install fastapi-fullauth[oauth]
Event hooks
async def welcome(user):
await send_email(user.email, "Welcome!")
async def send_verify(email, token):
await send_email(email, f"Verify: https://myapp.com/verify?token={token}")
fullauth.hooks.on("after_register", welcome)
fullauth.hooks.on("send_verification_email", send_verify)
Events: after_register, after_login, after_logout, after_password_change, after_password_reset, after_email_verify, send_verification_email, send_password_reset_email, after_oauth_login
Configuration
Pass inline kwargs or a config object. All options read from env vars with FULLAUTH_ prefix.
fullauth = FullAuth(
secret_key="...",
adapter=adapter,
access_token_expire_minutes=60,
api_prefix="/api/v2",
login_field="username",
password_hash_algorithm="bcrypt",
blacklist_backend="redis",
redis_url="redis://localhost:6379/0",
rate_limit_enabled=True,
trusted_proxy_headers=["X-Forwarded-For"],
)
See Configuration docs for all options.
Development
git clone https://github.com/mdfarhankc/fastapi-fullauth.git
cd fastapi-fullauth
uv sync --dev --extra sqlalchemy --extra sqlmodel
uv run pytest tests/ -v
# run examples
uv run uvicorn examples.memory_app.main:app --reload
uv run uvicorn examples.sqlmodel_app.main:app --reload
License
MIT
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi_fullauth-0.5.0.tar.gz.
File metadata
- Download URL: fastapi_fullauth-0.5.0.tar.gz
- Upload date:
- Size: 146.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c4e9240021cb49427d9a0b9842b2c7f2213d5cdbb9aff359d139c36085230744
|
|
| MD5 |
88e259e2f6a180214d5d05fee587a302
|
|
| BLAKE2b-256 |
909255b3804ba54e4217ee757700d24fd3979e02ec8f32577ac1545c113891af
|
Provenance
The following attestation bundles were made for fastapi_fullauth-0.5.0.tar.gz:
Publisher:
publish.yml on mdfarhankc/fastapi-fullauth
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fastapi_fullauth-0.5.0.tar.gz -
Subject digest:
c4e9240021cb49427d9a0b9842b2c7f2213d5cdbb9aff359d139c36085230744 - Sigstore transparency entry: 1280553497
- Sigstore integration time:
-
Permalink:
mdfarhankc/fastapi-fullauth@d9eb7bf331aa9bf4011c5810d683521d29ab5bcd -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/mdfarhankc
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d9eb7bf331aa9bf4011c5810d683521d29ab5bcd -
Trigger Event:
release
-
Statement type:
File details
Details for the file fastapi_fullauth-0.5.0-py3-none-any.whl.
File metadata
- Download URL: fastapi_fullauth-0.5.0-py3-none-any.whl
- Upload date:
- Size: 53.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
efdc96f275884ee37a47f6bed229c558c893e1c6aa840c98bdcf30ab86f55e15
|
|
| MD5 |
1210a122dafb44d356493e712de16679
|
|
| BLAKE2b-256 |
aa0dd77b50b4ad7cacf502980416d4a697e8b6afc5d751016b04493a4c277072
|
Provenance
The following attestation bundles were made for fastapi_fullauth-0.5.0-py3-none-any.whl:
Publisher:
publish.yml on mdfarhankc/fastapi-fullauth
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fastapi_fullauth-0.5.0-py3-none-any.whl -
Subject digest:
efdc96f275884ee37a47f6bed229c558c893e1c6aa840c98bdcf30ab86f55e15 - Sigstore transparency entry: 1280553502
- Sigstore integration time:
-
Permalink:
mdfarhankc/fastapi-fullauth@d9eb7bf331aa9bf4011c5810d683521d29ab5bcd -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/mdfarhankc
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d9eb7bf331aa9bf4011c5810d683521d29ab5bcd -
Trigger Event:
release
-
Statement type:
