Trusted-device management and session security for FastAPI applications.
Project description
fastapi-trusted-devices
Trusted-device management and session security for FastAPI.
Bind every authenticated session to a known device, list and revoke devices, and detect suspicious activity — without locking your app into a specific auth library or ORM.
Status
0.1.0 — Alpha. Core device registry + management endpoints. The public API
may change before 1.0. See CHANGELOG.md and the
roadmap.
Why
FastAPI gives you authentication primitives but no notion of which device a
token belongs to. fastapi-trusted-devices adds that layer:
- Associate each session with a
device_uid. - List a user's active devices and revoke any of them.
- Per-device permissions (who may update/revoke other devices).
- Hooks for "new device", "device revoked", and (from
0.2) suspicious-login and session-hijack events.
It is auth-agnostic (you keep your own login/JWT flow) and storage
abstracted behind a DeviceRepository protocol (SQLAlchemy 2.0 async adapter
included).
Install
pip install fastapi-trusted-devices
# optional extras:
pip install "fastapi-trusted-devices[geo]" # httpx geolocation backend (0.2+)
pip install "fastapi-trusted-devices[jwt]" # PyJWT token helpers
Quickstart
from fastapi import Depends, FastAPI
from sqlalchemy.ext.asyncio import async_sessionmaker, create_async_engine
from fastapi_trusted_devices import (
Base,
TrustedDevices,
TrustedDeviceConfig,
)
engine = create_async_engine("sqlite+aiosqlite:///./devices.db")
sessionmaker = async_sessionmaker(engine, expire_on_commit=False)
td = TrustedDevices(
config=TrustedDeviceConfig(max_devices_per_user=10),
sessionmaker=sessionmaker,
# tell the library how to identify the caller + their device from a request:
get_user_id=lambda request: request.headers["x-user-id"],
get_device_uid=lambda request: request.headers.get("x-device-uid"),
)
app = FastAPI()
app.include_router(td.router, prefix="/trusted-devices", tags=["devices"])
td.install_exception_handlers(app)
@app.on_event("startup")
async def _startup() -> None:
async with engine.begin() as conn:
await conn.run_sync(Base.metadata.create_all)
@app.get("/me", dependencies=[Depends(td.require_trusted_device)])
async def me() -> dict[str, str]:
return {"ok": "this route requires a recognized device"}
Endpoints
| Method | Path | Purpose |
|---|---|---|
GET |
/ |
List the current user's devices |
PATCH |
/{device_uid} |
Rename / change permissions of a device |
DELETE |
/{device_uid} |
Revoke a specific device |
POST |
/logout |
Revoke the current device |
POST |
/revoke-all |
Revoke every device except the current one |
Roadmap
- 0.1 — core registry, CRUD endpoints, dependencies, SQLAlchemy adapter.
- 0.2 — geolocation backend + cache,
X-Forwarded-Forparsing, suspicious-login detection. - 0.3 — concurrent-session/hijack detection, max-device eviction policies, rate limiting, PyJWT helpers, docs site.
- 1.0 — API freeze + semver guarantee.
License
MIT — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi_trusted_devices-0.1.0.tar.gz.
File metadata
- Download URL: fastapi_trusted_devices-0.1.0.tar.gz
- Upload date:
- Size: 14.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
06579f82e21b5dc6ff7726da57153ed9abf9dff659cbf34169e8d4d88f8f71b9
|
|
| MD5 |
ce6fb9d9c8826ff9e5b60978a66f9e1c
|
|
| BLAKE2b-256 |
c7a28b7359add2223cf5c758c68fc46f152d7540a35e3922027cb600afcdeb5c
|
Provenance
The following attestation bundles were made for fastapi_trusted_devices-0.1.0.tar.gz:
Publisher:
release.yml on javlondevv/fastapi-trusted-devices
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fastapi_trusted_devices-0.1.0.tar.gz -
Subject digest:
06579f82e21b5dc6ff7726da57153ed9abf9dff659cbf34169e8d4d88f8f71b9 - Sigstore transparency entry: 1854300931
- Sigstore integration time:
-
Permalink:
javlondevv/fastapi-trusted-devices@fa5a5de320a54a2bbd48ac7c9eddbbeb90332b88 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/javlondevv
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@fa5a5de320a54a2bbd48ac7c9eddbbeb90332b88 -
Trigger Event:
push
-
Statement type:
File details
Details for the file fastapi_trusted_devices-0.1.0-py3-none-any.whl.
File metadata
- Download URL: fastapi_trusted_devices-0.1.0-py3-none-any.whl
- Upload date:
- Size: 15.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
268dc0a077ed51c96b239e1b89128c911adaf2456ab568048e76cd9054534f0d
|
|
| MD5 |
8e1ebdec19ed3e4f855b522d5ee38d69
|
|
| BLAKE2b-256 |
d395faa41211665cc17113810733cb6c7d793975a56dba7a41200641fe50c1d8
|
Provenance
The following attestation bundles were made for fastapi_trusted_devices-0.1.0-py3-none-any.whl:
Publisher:
release.yml on javlondevv/fastapi-trusted-devices
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
fastapi_trusted_devices-0.1.0-py3-none-any.whl -
Subject digest:
268dc0a077ed51c96b239e1b89128c911adaf2456ab568048e76cd9054534f0d - Sigstore transparency entry: 1854301010
- Sigstore integration time:
-
Permalink:
javlondevv/fastapi-trusted-devices@fa5a5de320a54a2bbd48ac7c9eddbbeb90332b88 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/javlondevv
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@fa5a5de320a54a2bbd48ac7c9eddbbeb90332b88 -
Trigger Event:
push
-
Statement type: