FastAuth

Production-ready authentication for FastAPI applications

FastAuth is a flexible, database-agnostic authentication library for FastAPI that provides secure user authentication, session management, and authorization out of the box.

✨ Features

• Complete Authentication - Registration, login, logout, token refresh
• Role-Based Access Control - Fine-grained permissions and roles
• Session Management - Multi-device session tracking
• OAuth Support - Social login (Google, GitHub, etc.)
• Email Verification - Secure email verification with tokens
• Password Reset - Self-service password reset
• Database Agnostic - Works with any database via adapters
• Type Safe - Full type hints and validation

Quick Start

Install

pip install sreekarnv-fastauth

Create Your App

from fastapi import Depends, FastAPI
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

from fastauth.api.auth import router as auth_router
from fastauth.security.jwt import decode_access_token

app = FastAPI()
app.include_router(auth_router)

security = HTTPBearer()

@app.get("/protected")
def protected(credentials: HTTPAuthorizationCredentials = Depends(security)):
    payload = decode_access_token(credentials.credentials)
    return {"user_id": payload["sub"]}

Run

uvicorn main:app --reload

Visit http://localhost:8000/docs to see the auto-generated API documentation.

Documentation

• Getting Started - Install and setup in 5 minutes
• Guides - Authentication, RBAC, sessions, OAuth
• API Reference - Complete API documentation
• Examples - Working example applications

Examples

Check out complete working examples:

• OAuth with Google - Social login with PKCE
• RBAC Blog - Role-based access control
• Session Management - Multi-device tracking
• Basic App - Simple authentication

Security

FastAuth follows security best practices:

• Argon2 password hashing (OWASP recommended)
• JWT tokens with configurable expiration
• Rate limiting for authentication endpoints
• Refresh token rotation
• Session tracking and revocation

Architecture

┌─────────────────────────────────────┐
│         Your FastAPI App            │
├─────────────────────────────────────┤
│         FastAuth API Layer          │
├─────────────────────────────────────┤
│      Core Business Logic            │  ← Database-agnostic
├─────────────────────────────────────┤
│      Adapter Interface              │
├─────────────────────────────────────┤
│   Database Implementation           │  ← SQLAlchemy, MongoDB, etc.
└─────────────────────────────────────┘

Key Principles: - Database-agnostic core - Adapter pattern for flexibility - Dependency injection - Full type safety

Contributing

Contributions are welcome! See CONTRIBUTING.md for guidelines.

# Setup development environment
git clone https://github.com/sreekarnv/fastauth.git
cd fastauth
poetry install
poetry run pytest

License

MIT License - see LICENSE for details.

Links

• Changelog - Version history and release notes
• Code of Conduct - Community guidelines
• Contributing - How to contribute

Acknowledgments

Built with FastAPI, SQLModel, Argon2, and python-jose.

---

Made with by Sreekar Nutulapati