Skip to content

authwarden

A production-grade, pluggable authentication library for FastAPI.

JWT auth, OAuth2 across 8 providers, MFA, RBAC, and full flow flexibility — behind a single facade you mount into any FastAPI app.

pip install authwarden

This site is the complete reference. If you just want to get something running in two minutes, start with the README instead — come back here when you need a specific config field, flow detail, or customization pattern.

What's covered here

Design philosophy

authwarden is built around Protocols, not base classes. Almost everything — the user store, the email backend, the SMS backend, the notification service — can be swapped for your own implementation without touching the library's internals. You don't inherit from anything; you just implement the methods the protocol expects.

This means:

  • Use any database — the AbstractUserStore protocol already works with SQLAlchemy, MongoDB/Beanie, SQLModel, or Tortoise via a thin adapter you write
  • Use any email or SMS provider — built-in backends exist for the common ones, but writing your own is a single class with one method
  • Extend the user model with your own fields — via extra_data or full subclassing, no migration required for the simple case