Python ยท FastAPI
PyPI versionCI status

Authentication for FastAPI

A session resolver, a require_auth gate, and a logout handler for FastAPI โ€” as first-class dependencies that return a typed AuthdogContext. Validate Authdog sessions on every request, on the same wire as the Node SDKs.

Dependencies, not middleware

Everything FastAPI apps need

A drop-in session resolver, a require_auth gate, and a typed context โ€” all expressed as FastAPI dependencies you compose, override, and test like any other, wire-compatible with the rest of your Authdog stack.

A FastAPI dependency

Depends(authdog.session) resolves the request's session and returns a typed AuthdogContext โ€” token, user, and is_authenticated โ€” for any path operation.

require_auth gate

Depend on authdog.require_auth and FastAPI raises HTTPException(401) for unauthenticated requests, returning the user object otherwise. This is the security boundary.

At most one userinfo call

The resolved context is cached on request.state, so combining session and require_auth on one request makes a single outbound userinfo call.

Native to the dependency system

The bindings are plain FastAPI dependencies โ€” compose them with your own Depends(), override them in tests, and document them automatically in /docs.

Safe logout handler

authdog.logout(request) returns a RedirectResponse that expires the session cookie and redirects to a redirect_uri sanitized against open redirects.

Same wire as Node

It mirrors @authdog/express and @authdog/fastify on the wire, so one Authdog environment serves your Node and FastAPI services interchangeably.

Gate routes with a dependency

Protect a route with require_auth

Depend on authdog.require_auth and FastAPI rejects unauthenticated requests before your handler runs. The dependency returns the verified user object, resolved once per request.

routes.py
# routes.py
@app.get("/me")
async def me(user=Depends(authdog.require_auth)):
return user

Ship secure FastAPI services

Authdog's FastAPI bindings resolve the session and enforce auth at a single gate, caching the result on request.state so each request makes at most one userinfo call.

Depends()

To resolve the session

Add authdog.session as a dependency and any path operation gets a typed AuthdogContext โ€” no middleware boilerplate.

require_auth

The single enforcement point

Depend on authdog.require_auth and unauthenticated requests are rejected with 401 before your handler runs.

async

Non-blocking by default

Session resolution runs on the event loop with an async httpx client, so gating a route never blocks the worker.

Add auth to your FastAPI app.

pip install 'authdog-fastapi[fastapi]', wire up the dependency, and gate your routes with require_auth today. Free to start, with secure defaults built in.