Aura Auth

Models and backend

Mixins, default models, and BackendProtocol overview.

Mixins

Under aura_auth.models.base, mixins define the columns shared by the default implementation:

  • UserMixin — identity fields (no password on the user row).
  • AccountMixin — links to user_id, provider_id, account_id, tokens, password for credential provider, timestamps.
  • SessionMixintoken, expires_at, optional IP / user agent.
  • VerificationMixinidentifier, value, expires_at, timestamps.

Subclass a mixin with your declarative Base, add columns, then pass user_model=... (and optionally account/session/verification models) into AuraAuth.

Default models

aura_auth.models.sqlalchemy exposes DefaultUser, DefaultAccount, DefaultSession, DefaultVerification and a shared Base for create_tables.

BackendProtocol

The SQLAlchemy backend implements async methods for:

  • Usersget_user_by_id, get_user_by_email, create_user, update_user, delete_user
  • Accountsget_account, get_accounts_by_user, create_account, update_account, delete_account
  • Sessionscreate_session, get_session_by_token, list_sessions_by_user, deletes by id/token/user
  • Verificationscreate_verification, get_verification, delete_verification, delete_expired_verifications

Strategies and UserManager depend on this protocol so another database layer could be swapped in later.

Sessions and cookies

Opaque session tokens, Bearer vs cookie transport, and local development.

For LLMs and agents

Machine-readable exports — llms.txt, llms-full.txt, and .mdx URLs for this site.

On this page

MixinsDefault modelsBackendProtocol