Ship auth without the glue code
Password hashing, account + session tables, and a ready-made /auth router — install and wire it in a handful of lines.
pip install aura-authYour app in one file
from fastapi import Depends, FastAPI
from aura_auth import AuraAuth
app = FastAPI()
auth = AuraAuth(
database_url="sqlite+aiosqlite:///./app.db",
secret="your-long-random-secret",
cookie_transport=True,
cookie_secure=False, # True behind HTTPS
)
@app.on_event("startup")
async def startup():
await auth.create_tables()
auth.init_app(app)
@app.get("/me")
async def me(user=Depends(auth.current_user())):
return {"name": user.name, "email": user.email}Works with
Built for real APIs
Sessions live in the database — revoke a token, list devices, use cookies or Bearer headers without inventing a session store.
Optional extras (OAuth, magic links, 2FA, passkeys) are planned as installable layers on the same contracts.
What you get
Protocols in _core, defaults you can subclass.
Account-based identity
Users hold profile data; credential (and future OAuth) accounts live separately — multiple sign-in methods per user.
Server-side sessions
Opaque tokens in the database — revoke devices, list sessions, log out instantly.
Bearer or HTTP-only cookies
One flag switches transport; tune cookie name, SameSite, and lifetime in config.
Async SQLAlchemy
One backend protocol for users, accounts, sessions, and verifications.
FastAPI-native
Router, exception mapping, and Depends() helpers for protected routes.
Extensible models
Subclass mixins; pass custom models into AuraAuth.
Three steps
- 1
Install
Add aura-auth, set database URL and secret.
pip install aura-auth - 2
Mount
Create tables on startup, then init_app — register/login routes appear under /auth (or your prefix).
await auth.create_tables() auth.init_app(app) - 3
Protect
Require a logged-in user on any route.
Depends(auth.current_user())
Docs for tools & LLMs
Same content as markdown exports for agents and search.
Try Aura Auth
Early beta — pin versions and read release notes when upgrading.