Email + password user management, admin invites, RBAC-ready — replaces Keycloak for simple_module apps
Project description
simple_module_users
Email+password user management for simple_module apps. Replaces Keycloak/Auth0 for the common case: local accounts, admin invites, password reset, optional public signup. Built on fastapi-users.
Install
pip install simple_module_users
Pre-wired into any app scaffolded with smpy new.
What it provides
- Email + password registration, login, logout, password reset.
- Admin invite flow — admin enters an email, recipient clicks a link, sets a password, is logged in.
- Public signup toggle (
SM_USERS_ALLOW_SIGNUP, defaultfalse). - Bootstrap admin via env vars (
SM_USERS_BOOTSTRAP_EMAIL+SM_USERS_BOOTSTRAP_PASSWORD) — idempotent, only creates if the users table is empty. smpy users create-adminCLI for ad-hoc admin creation.- Inertia pages for login/register/invite-accept/admin-invite.
- Console mailer (logs to stdout) or SMTP mailer (
SM_USERS_MAILER=smtp).
Usage
CLI:
uv run smpy users create-admin --email admin@example.com --password 'change-me'
Bootstrap-on-boot (.env):
SM_USERS_BOOTSTRAP_EMAIL=admin@example.com
SM_USERS_BOOTSTRAP_PASSWORD=change-me
Program:
from auth.deps import CurrentUser # type: ignore[import-not-found]
@router.get("/profile")
async def profile(user: CurrentUser):
return {"email": user.email}
Depends on
simple_module_core,simple_module_db,simple_module_hosting,simple_module_settings,simple_module_authfastapi-users[sqlalchemy,oauth]>=15,<16,aiosmtplib,cachetools,typer
Social sign-in (Google, GitHub, Microsoft, OIDC)
OAuth providers are configured in the admin UI at /settings/modules → Users (no environment variables). Each provider activates once its client id and secret are set; the secret is masked in the UI. Changes apply live — no restart.
Microsoft (Entra ID). Register an app in the Entra admin center and set the
redirect URI to <base-url>/api/users/auth/microsoft/callback. Configure under
the Microsoft OAuth group:
oauth_microsoft_client_id,oauth_microsoft_client_secretoauth_microsoft_tenant—common(any work/school or personal account, the default),organizations(work/school only), or your tenant GUID to restrict sign-in to one tenant.
Each provider's callback URL is <base-url>/api/users/auth/<provider>/callback
(google, github, microsoft, oidc).
Note: for Microsoft guest/external accounts the identity email comes from the Graph
userPrincipalName, which may not be a plain email (e.g.user_ext.com#EXT#@tenant.onmicrosoft.com). For tenant members it is the user's email.
Migrating from SM_USERS_OAUTH_* env vars
Earlier versions read provider credentials from SM_USERS_OAUTH_* environment
variables. These are no longer read at runtime. Migrate existing values into the
settings store once with:
uv run smpy settings import-from-env
License
MIT — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file simple_module_users-0.0.24.tar.gz.
File metadata
- Download URL: simple_module_users-0.0.24.tar.gz
- Upload date:
- Size: 90.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
abfceabcd583e40b390752cf7dba05fd62217e94e4b3d022ff56b8cb82343a33
|
|
| MD5 |
87cf150d3b6cec95297bf4106e1c31a4
|
|
| BLAKE2b-256 |
9a770b0ed5b7b0dc1400eb510cc3491a7f24f83aeab4638ec5130c45ddd2dc74
|
Provenance
The following attestation bundles were made for simple_module_users-0.0.24.tar.gz:
Publisher:
release.yml on antosubash/simple_module_python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
simple_module_users-0.0.24.tar.gz -
Subject digest:
abfceabcd583e40b390752cf7dba05fd62217e94e4b3d022ff56b8cb82343a33 - Sigstore transparency entry: 2026220646
- Sigstore integration time:
-
Permalink:
antosubash/simple_module_python@35bb8df75943c017d7a7d581859027157488f1d9 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/antosubash
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@35bb8df75943c017d7a7d581859027157488f1d9 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file simple_module_users-0.0.24-py3-none-any.whl.
File metadata
- Download URL: simple_module_users-0.0.24-py3-none-any.whl
- Upload date:
- Size: 87.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fb33e71390b9390fb078e621ace05f0266f8a02df2fff73033a8690c9d6cb0d4
|
|
| MD5 |
ddc0b745d7c27b85999f249037065ac6
|
|
| BLAKE2b-256 |
4a8f7655ca96b36d9a72426a0d15038be9e41f8841d5fb844cbbb6423839ab02
|
Provenance
The following attestation bundles were made for simple_module_users-0.0.24-py3-none-any.whl:
Publisher:
release.yml on antosubash/simple_module_python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
simple_module_users-0.0.24-py3-none-any.whl -
Subject digest:
fb33e71390b9390fb078e621ace05f0266f8a02df2fff73033a8690c9d6cb0d4 - Sigstore transparency entry: 2026220710
- Sigstore integration time:
-
Permalink:
antosubash/simple_module_python@35bb8df75943c017d7a7d581859027157488f1d9 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/antosubash
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@35bb8df75943c017d7a7d581859027157488f1d9 -
Trigger Event:
workflow_dispatch
-
Statement type: