Skip to content



Ready-to-use and customizable Authentications and Oauth2 management for FastAPI ⚡

Project Status
CI  CI status  Codecov
Meta  Package version  Downloads  Pydantic Version 2  Ruff Quality Gate Status

Source Code:


Add a Fully registration and authentication or authorization system to your FastAPI project. authx is designed to be as customizable and adaptable as possible.


$ pip install authx

---> 100%


  • Support Python 3.8+ & Pydantic 2.0+.
  • Multiple customizable authentication backend:
  • JWT authentication backend included
    • JWT encoding/decoding for application authentication
    • Automatic detection of JWTs in requests:
    • JWTs in headers
    • JWTs in cookies
    • JWTs in query parameters
    • JWTs in request bodies
  • Cookie authentication backend included
  • Middleware for authentication and authorization through JWT.
  • Extensible Error Handling System.

Extra Features#


authx is designed to be as customizable and adaptable as possible.

So you need to install authx-extra to get extra features.

  • Using Redis as a session store & cache.
  • Support HTTPCache.
  • Support Sessions and Pre-built CRUD functions and Instance to launch Redis.
  • Support Middleware of pyinstrument to check your service performance.
  • Support Middleware for collecting and exposing Prometheus metrics.

Note: Check Release Notes.

Project using#

Here is a simple way to kickstart your project with authx:

from fastapi import FastAPI, Depends, HTTPException
from authx import AuthX, AuthXConfig, RequestToken

app = FastAPI()

config = AuthXConfig(
     JWT_ALGORITHM = "HS256",
     JWT_TOKEN_LOCATION = ["headers"],

auth = AuthX(config=config)

def login(username: str, password: str):
     if username == "xyz" and password == "xyz":
          token = auth.create_access_token(uid=username)
          return {"access_token": token}
     raise HTTPException(401, detail={"message": "Invalid credentials"})

@app.get("/protected", dependencies=[Depends(auth.get_token_from_request)])
def get_protected(token: RequestToken = Depends()):
          return {"message": "Hello world !"}
     except Exception as e:
          raise HTTPException(401, detail={"message": str(e)}) from e