{"id":23213,"library":"aiohttp-security","title":"aiohttp-security","description":"A library for security-related functionality in aiohttp.web applications, including session-based and JWT identity policies, authorization, and permission checks. Current version is 0.5.0, released in February 2023. Release cadence is low, with the last release over two years ago.","status":"maintenance","version":"0.5.0","language":"python","source_language":"en","source_url":"https://github.com/aio-libs/aiohttp_security","tags":["aiohttp","security","authorization","jwt","session"],"install":[{"cmd":"pip install aiohttp-security","lang":"bash","label":"Install aiohttp-security"}],"dependencies":[{"reason":"Core dependency for aiohttp.web","package":"aiohttp","optional":false},{"reason":"Required for session-based identity policy, optional for JWT","package":"aiohttp-session","optional":true}],"imports":[{"note":"authorized_userid is exported at package level, not from api submodule","wrong":"from aiohttp_security.api import authorized_userid","symbol":"authorized_userid","correct":"from aiohttp_security import authorized_userid"},{"note":"check_authorized is exported at package level; decorators module exists but old alias","wrong":"from aiohttp_security.decorators import check_authorized","symbol":"check_authorized","correct":"from aiohttp_security import check_authorized"}],"quickstart":{"code":"import aiohttp\nfrom aiohttp import web\nfrom aiohttp_security import setup, SimpleIdentityPolicy, check_authorized, check_permission\nfrom aiohttp_security import SessionIdentityPolicy\nimport aiohttp_session\nfrom aiohttp_session import SimpleCookieStorage\n\nasync def handler(request):\n    identity = await check_authorized(request)\n    return web.json_response({\"user\": identity})\n\napp = web.Application()\naiohttp_session.setup(app, SimpleCookieStorage())\n# Example: using SessionIdentityPolicy\npolicy = SessionIdentityPolicy()\nsetup(app, policy)\napp.router.add_get('/protected', handler)\nweb.run_app(app)","lang":"python","description":"Initialize aiohttp-security with session identity policy and protect a route with check_authorized."},"warnings":[{"fix":"Replace @login_required with await check_authorized(request) inside handler.","message":"The decorators login_required and has_permission are deprecated since 0.3.0. Use check_authorized and check_permission functions instead.","severity":"deprecated","affected_versions":">=0.3.0"},{"fix":"Update code to handle identity as a string (e.g., username). Use JWTIdentityPolicy with custom payload processing if dict needed.","message":"In version 0.5.0, JWTIdentityPolicy identity now returns str (not dict). Previously it returned a dict, which may break code expecting dict.","severity":"gotcha","affected_versions":"0.5.0"},{"fix":"Install aiohttp-session: pip install aiohttp-session","message":"aiohttp-session is optional but required for SessionIdentityPolicy. Missing it causes ImportError.","severity":"gotcha","affected_versions":">=0.1.2"},{"fix":"Use public API functions; do not access app['aiohttp_security'] directly.","message":"Since 0.5.0, aiohttp.web.AppKey is used for internal storage. Older versions used plain strings; code directly accessing app internals may break.","severity":"breaking","affected_versions":"0.5.0"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Use check_authorized function: from aiohttp_security import check_authorized","cause":"login_required decorator was deprecated and removed in a later version (0.3.0+).","error":"ImportError: cannot import name 'login_required' from 'aiohttp_security'"},{"fix":"Add await: identity = await check_authorized(request)","cause":"Forgot to await check_authorized or other async function.","error":"TypeError: object str can't be used in 'await' expression"},{"fix":"Check that user is logged in and has the required permission when using check_permission.","cause":"User does not have required permission or is not authorized.","error":"aiohttp_security.exceptions.AuthorizationFailed: Authorization failed"},{"fix":"Ensure you are using aiohttp >=3.2 and call aiohttp_session.setup before aiohttp_security.setup.","cause":"Using incompatible version of aiohttp (maybe <3.0) or missing setup steps.","error":"AttributeError: 'Application' object has no attribute 'on_response_prepare'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}