Skip to main content

Authentication Made Simple

Add a fully featured authentication and authorization system to your FastAPI project with JWT tokens, refresh tokens, scopes, and CSRF protection built-in.

Get Started →API Reference

Quick start

Get up and running with AuthX in minutes. Install the package and add authentication to your FastAPI app.

1

Install AuthX

Install the AuthX package using pip or your preferred package manager.
pip
pip install authx
2

Configure AuthX

Create an AuthXConfig instance with your JWT secret key and token location preferences.
from authx import AuthX, AuthXConfig

config = AuthXConfig(
    JWT_SECRET_KEY="your-secret-key",  # Change this in production!
    JWT_TOKEN_LOCATION=["headers"],
)

auth = AuthX(config=config)
3

Protect your routes

Use AuthX dependencies to protect your FastAPI routes and access token information.
from fastapi import FastAPI, Depends

app = FastAPI()
auth.handle_errors(app)

@app.post("/login")
def login(username: str, password: str):
    # Verify credentials (implement your logic)
    token = auth.create_access_token(uid=username)
    return {"access_token": token}

@app.get("/protected", dependencies=[Depends(auth.access_token_required)])
def protected():
    return {"message": "Access granted"}
The access_token_required dependency automatically validates the JWT token from the request headers and raises an error if the token is missing or invalid.

Explore by topic

Learn about AuthX features and how to integrate them into your application.

Token authentication

Learn how JWT authentication works with access and refresh tokens

Scopes & permissions

Implement fine-grained authorization with scope-based access control

Cookie authentication

Use cookies for token storage with built-in CSRF protection

Token revocation

Implement token blocklists to revoke access before expiration

Fresh tokens

Require recent authentication for sensitive operations

Custom callbacks

Extend AuthX behavior with custom token and user callbacks

Features

Everything you need for production-ready authentication.

JWT authentication

Secure token-based authentication with access and refresh tokens, customizable expiration, and multiple token locations.

Scope-based authorization

Fine-grained permission control with scopes, including wildcard matching and AND/OR logic for complex access rules.

Multiple token locations

Store tokens in headers, cookies, query parameters, or JSON body. Mix and match for different endpoints.

CSRF protection

Built-in CSRF protection for cookie-based authentication with customizable methods and verification.

Implicit refresh

Automatic token refresh middleware keeps users authenticated without manual refresh token handling.

Extra features

Extend with authx-extra for Redis caching, Prometheus metrics, and performance profiling integration.

Resources

Additional resources to help you build with AuthX.

Examples

Browse working examples with real code

API reference

Complete API documentation

GitHub

View source code and contribute

Ready to get started?

Add secure authentication to your FastAPI application in minutes with AuthX.

Get Started →

Build docs developers (and LLMs) love

Get started for freeTalk to us