Authdog

Python

Last updated Jul 11, 2026
View as Markdown

The Authdog Python SDK validates sessions for FastAPI, Django, Flask, Starlette, and aiohttp. Every binding exposes the same Authdog client — a session resolver, a require_auth gate, and a logout handler — with idiomatic wiring per framework. For the model behind it, see Backend requests.

Install

Bash
pip install authdog-fastapi

The pip package is authdog-fastapi; the importable module is authdog, with framework bindings as submodules (authdog.fastapi, authdog.flask, authdog.django, authdog.starlette, authdog.aiohttp). Install the extra for your framework, e.g. pip install authdog-fastapi[flask].

Configure

Construct the client once with your environment's public key (pk_...). It's validated at construction, so a bad key fails at startup:

Python
import os
from authdog.fastapi import Authdog

authdog = Authdog(public_key=os.environ["PK_AUTHDOG"])

Pass fetch_user=False to skip the userinfo round-trip when you only need to detect a token. For self-hosted identity, allowlist hosts with the AUTHDOG_ALLOWED_IDENTITY_HOSTS environment variable (comma-separated).

FastAPI

require_auth is a dependency that rejects unauthenticated requests with HTTPException(401, "Unauthorized"):

Python
from fastapi import Depends, FastAPI, Request

app = FastAPI()

@app.get("/me")
async def me(user=Depends(authdog.require_auth)):
    return user

@app.get("/logout")
async def logout(request: Request):
    return authdog.logout(request)

Read the session without enforcing with Depends(authdog.session), which returns an AuthdogContext.

Django

Python
from authdog.django import Authdog

authdog = Authdog(public_key=os.environ["PK_AUTHDOG"])

@authdog.require_auth
def me(request):
    return JsonResponse(authdog.session(request).user)

authdog.logout(request) returns an HttpResponseRedirect, and authdog.middleware(get_response) resolves the session for every request.

Flask

Python
from authdog.flask import Authdog

authdog = Authdog(public_key=os.environ["PK_AUTHDOG"])

@app.get("/me")
@authdog.require_auth
def me():
    return authdog.session().user

authdog.session() caches the resolved context on flask.g; authdog.logout() returns a Response.

The session context

Every binding resolves an AuthdogContext, which never raises:

Python
{
  "token": str | None,
  "user": Any | None,
  "is_authenticated": bool,
  "user_info": dict | None,
}

Resolving a session tells you who the caller is — pair it with your environment's authorization model to decide what they can do. For a full RBAC layer on FastAPI, see the Python access-control guide.

Service-to-service

Machine-to-machine callers send their token as Authorization: Bearer <token>; it resolves on the same path as a browser session. See Backend requests.

Next steps