A simple and robust OTP (One-Time Password) authentication library for FastAPI, backed by Redis and Email.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for roksprogar from gravatar.com roksprogar

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

FastAPI OTP Auth

PyPI License: MIT

A simple and robust OTP (One-Time Password) authentication library for FastAPI, backed by Redis and Email.

Features

  • 🔐 Secure OTP Generation: Cryptographically secure 6-digit codes.
  • 🎫 JWT Support: Auto-generates Access and Refresh tokens upon verification.
  • 🍪 HttpOnly Cookies: Securely stores refresh tokens in HttpOnly cookies.
  • Redis-Backed: Fast and reliable storage for OTPs with automatic expiration.
  • 📧 Email Delivery: Integrated email sending using fastapi-mail.
  • 🔌 Easy Integration: Drop-in APIRouter for quick setup.
  • ⚙️ Configurable: Fully customizable via environment variables.
  • 🚫 Token Blacklisting: Secure logout and immediate token revocation.

Installation

pip install fastapi-otp-auth

Or using uv:

uv add fastapi-otp-auth

Configuration

The library is configured using environment variables. The prefix for all variables is FASTAPI_OTP_AUTH_.

Variable Description Default
FASTAPI_OTP_AUTH_REDIS_URL Connection string for Redis redis://localhost:6379/0
FASTAPI_OTP_AUTH_SMTP_SERVER SMTP server hostname 127.0.0.1
FASTAPI_OTP_AUTH_SMTP_PORT SMTP server port 1025
FASTAPI_OTP_AUTH_SMTP_USERNAME SMTP username user@example.com
FASTAPI_OTP_AUTH_SMTP_PASSWORD SMTP password password
FASTAPI_OTP_AUTH_MAIL_FROM_NAME Sender name for emails FastAPI App
FASTAPI_OTP_AUTH_OTP_EXPIRY_SECONDS OTP validity duration in seconds 300 (5 minutes)
FASTAPI_OTP_AUTH_OTP_KEY_PREFIX Prefix for Redis keys otp_
FASTAPI_OTP_AUTH_JWT_SECRET Secret key for signing JWTs change-me-in-production
FASTAPI_OTP_AUTH_JWT_ALGORITHM Algorithm for JWTs HS256
FASTAPI_OTP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES Access token lifetime 60 (1 hour)
FASTAPI_OTP_AUTH_REFRESH_TOKEN_EXPIRE_DAYS Refresh token lifetime 7 (7 days)
FASTAPI_OTP_AUTH_BLACKLIST_KEY_PREFIX Prefix for blacklisted tokens in Redis blacklist_

Usage

Import the auth_router and include it in your FastAPI application:

from fastapi import FastAPI
from fastapi_otp_auth.auth_router import router as auth_router

app = FastAPI()

# Include the router
app.include_router(auth_router, prefix="/auth", tags=["Authentication"])

# The following endpoints will be available:
# POST /auth/request-otp - Request a new OTP
# POST /auth/verify-otp  - Verify a received OTP
# POST /auth/logout      - Logout and blacklist tokens

Requesting an OTP

Send a POST request to /auth/request-otp:

{
  "email": "user@example.com"
}

Verifying an OTP

Send a POST request to /auth/verify-otp:

{
  "email": "user@example.com",
  "otp": "123456"
}

On success, the response will contain the access token, and the refresh token will be set as an HttpOnly cookie:

{
  "message": "OTP verified successfully!",
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer"
}

Protecting Routes

Use the get_current_user dependency to protect routes. This will verify the access token and return the user's email.

from fastapi import Depends
from fastapi_otp_auth.dependencies import get_current_user

@app.get("/protected")
async def protected_route(user: str = Depends(get_current_user)):
    return {"message": f"Hello, {user}!"}

Refreshing Tokens

To get a new access token using the HttpOnly refresh token cookie, send a POST request to /auth/refresh. The browser will automatically include the cookie.

POST /auth/refresh

Response:

{
  "access_token": "new_access_token_here",
  "token_type": "bearer"
}


### Logging Out

To logout, send a POST request to `/auth/logout`. This will blacklist both the access token (provided in the Authorization header) and the refresh token (provided in the cookie).

```bash
POST /auth/logout
Authorization: Bearer <access_token>
Cookie: refresh_token=<refresh_token>

Response:

{
  "message": "Successfully logged out"
}

Development

To run tests locally using Docker (no local environment needed):

make test

This will spin up a Redis container and run the test suite in an isolated environment.

Running Checks

To run linting checks (ruff) using Docker:

docker-compose -f docker-compose.test.yml run --rm app-test uv run ruff check .

Pre-commit Hooks

To automatically run checks before every commit, install the pre-commit hooks:

uv run pre-commit install

You can also run the hooks manually against all files:

uv run pre-commit run --all-files

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for roksprogar from gravatar.com roksprogar

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.1.4

0.1.2

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fastapi_otp_auth-0.1.1.tar.gz (53.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fastapi_otp_auth-0.1.1-py3-none-any.whl (9.9 kB view details)

Uploaded Python 3

File details

Details for the file fastapi_otp_auth-0.1.1.tar.gz.

File metadata

  • Download URL: fastapi_otp_auth-0.1.1.tar.gz
  • Upload date:
  • Size: 53.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.10 {"installer":{"name":"uv","version":"0.9.10"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for fastapi_otp_auth-0.1.1.tar.gz
Algorithm Hash digest
SHA256 ae713044fd27316323c52ff46da6edf2a2c3b8a36d98c1ea8144d47585515b7a
MD5 7157d3e42c7857b364e0de899be216f9
BLAKE2b-256 9d160042f45ba3863bdf8c02ad75ce6d8f74e1ee0da7dee0f56c1d2449ba3454

See more details on using hashes here.

File details

Details for the file fastapi_otp_auth-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: fastapi_otp_auth-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 9.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.10 {"installer":{"name":"uv","version":"0.9.10"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for fastapi_otp_auth-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 79f16370e3ce1a33db9801f29a617be06a715631bcc22922a79f04988949bc44
MD5 8c2d225eb6a1b46bb4ef1acda0810102
BLAKE2b-256 61759b72a2baea52a6530b2717041b1491c170d63ef63fba07a3ab8db9941407

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page