Back to Projects

PyAuth

A production-grade authentication library for Python focused on delivering a Better Auth-style developer experience. PyAuth provides a shared core architecture with framework-agnostic auth flows covering credentials (Argon2id), sessions (opaque token storage), OAuth2 (Google/GitHub with PKCE), email verification, and bearer/cookie transport. Ships with an async SQLAlchemy adapter and FastAPI as the first integration, with Litestar, Flask, and Django Ninja planned.

October 2025 - Present
View Code
PythonFastAPISQLAlchemyPydanticPostgreSQLJWTOAuth2
PyAuth

The Challenge

Authentication in Python is powerful but fragmented. Many libraries solve one part of the problem well, but few provide a cohesive developer experience across credentials, OAuth, session management, adapters, verification flows, and framework integration. Features like passkeys, magic links, OTP, and organization workflows are either missing, split across multiple packages, or require significant custom glue code.

The Solution

Built PyAuth, a framework-agnostic authentication library for Python that delivers a Better Auth-style developer experience. The system provides a shared core architecture with typed Pydantic v2 configuration, an async SQLAlchemy adapter, and a unified error model. Ships with credentials (Argon2id), session management, OAuth2 (Google/GitHub with PKCE), email verification, and both cookie and bearer transport — all mountable via a single FastAPI router.

Technical Highlights

  • Architected framework-agnostic auth core with composable strategies and a standardized adapter interface across data layers
  • Implemented async SQLAlchemy adapter for SQLite and PostgreSQL with shared User, Account, Session, and Verification schema
  • Built OAuth2 authorization-code flows for Google and GitHub with PKCE, state validation, and cautious account linking
  • Developed session management with high-entropy opaque tokens, hashed token storage, and secure cookie defaults
  • Created PyAuthRouter with FastAPI integration supporting mountable auth endpoints, bearer/cookie dependencies, and dev helpers

Key Results & Impact

Delivers unified auth covering credentials, OAuth, sessions, and email verification in a single library
Supports both cookie-based and JWT bearer transport with framework-agnostic abstractions
Provides typed Pydantic v2 configuration for hashing, JWTs, sessions, cookies, OAuth, and mailer behavior
Enables zero-config local development via PyAuthSettings.for_development() and built-in ConsoleMailer
Ships production-ready FastAPI adapter with mountable router and current-user dependency injection

Business Impact

PyAuth unifies Python authentication into a single cohesive library, eliminating the need to stitch together multiple packages. By providing secure defaults for Argon2id hashing, opaque session tokens, and OAuth2 with PKCE, it enables developers to ship production-grade auth rapidly. The project demonstrates expertise in security architecture, protocol implementation, adapter patterns, and Python library design for the open-source ecosystem.

Key Achievements

Architected framework-agnostic auth core with typed Pydantic v2 configuration and unified error model
Implemented async SQLAlchemy adapter supporting SQLite and PostgreSQL with shared User/Account/Session/Verification schema
Built OAuth2 flows for Google and GitHub with PKCE, state validation, and cautious account linking
Developed session management with high-entropy opaque tokens, hashed storage, and secure cookie defaults
Shipped FastAPI integration with mountable router, bearer/cookie auth dependencies, and development helpers

Interested in Learning More?

Check out the source code or see the project in action

Explore Source Code