{"id":3998,"library":"fastapi-users","title":"FastAPI Users","description":"FastAPI Users provides ready-to-use and customizable user management for FastAPI applications, including authentication, registration, password reset, and OAuth. It reached maintenance mode with version 15.0.0, meaning it will continue to receive security updates and dependency maintenance but no new features. The current version is 15.0.5.","status":"maintenance","version":"15.0.5","language":"en","source_language":"en","source_url":"https://github.com/fastapi-users/fastapi-users","tags":["FastAPI","authentication","authorization","users","ORM","OAuth2","security"],"install":[{"cmd":"pip install fastapi-users[sqlalchemy]","lang":"bash","label":"Install with SQLAlchemy backend"},{"cmd":"pip install fastapi-users[mongodb]","lang":"bash","label":"Install with MongoDB backend"},{"cmd":"pip install fastapi-users","lang":"bash","label":"Install core (requires separate backend install)"}],"dependencies":[{"reason":"Required for SQLAlchemy-based user database backend.","package":"sqlalchemy","optional":true},{"reason":"Required for MongoDB-based user database backend.","package":"mongodb","optional":true},{"reason":"Required for Tortoise ORM-based user database backend.","package":"tortoise-orm","optional":true},{"reason":"Optional, for advanced features like session storage or OTP via Redis.","package":"redis","optional":true},{"reason":"Required for JWT token handling.","package":"pyjwt[crypto]","optional":false},{"reason":"Password hashing library (replaces passlib as of v13).","package":"pwdlib","optional":false}],"imports":[{"symbol":"FastAPIUsers","correct":"from fastapi_users import FastAPIUsers"},{"symbol":"SQLAlchemyUserDatabase","correct":"from fastapi_users_db_sqlalchemy import SQLAlchemyUserDatabase"},{"symbol":"BearerBackend","correct":"from fastapi_users.authentication import BearerBackend"},{"symbol":"CookieBackend","correct":"from fastapi_users.authentication import CookieBackend"},{"symbol":"AuthenticationBackend","correct":"from fastapi_users.authentication import AuthenticationBackend"},{"symbol":"UUIDIDStrategy","correct":"from fastapi_users.authentication import JWTStrategy, Strategy, UUIDIDStrategy"}],"quickstart":{"code":"import uuid\n\nfrom typing import AsyncGenerator\n\nfrom fastapi import Depends, FastAPI\nfrom fastapi_users import FastAPIUsers, schemas\nfrom fastapi_users.authentication import JWTStrategy, AuthenticationBackend, CookieBackend\nfrom fastapi_users_db_sqlalchemy import SQLAlchemyUserDatabase, UUID_ID, SQLAlchemyBaseUserTableUUID\n\nfrom sqlalchemy.ext.asyncio import AsyncSession, create_async_engine\nfrom sqlalchemy.orm import sessionmaker, DeclarativeBase\n\nDATABASE_URL = \"sqlite+aiosqlite:///./test.db\"\nSECRET = \"\" # For JWT and Cookie backend, replace with os.environ.get('SECRET', '')\n\nclass Base(DeclarativeBase):\n    pass\n\nclass User(SQLAlchemyBaseUserTableUUID, Base):\n    pass\n\n\nasync def get_async_session() -> AsyncGenerator[AsyncSession, None]:\n    async_engine = create_async_engine(DATABASE_URL)\n    async_session_maker = sessionmaker(async_engine, class_=AsyncSession, expire_on_commit=False)\n\n    async with async_session_maker() as session:\n        yield session\n\n\nasync def create_db_and_tables():\n    async_engine = create_async_engine(DATABASE_URL)\n    async with async_engine.begin() as conn:\n        await conn.run_sync(Base.metadata.create_all)\n\n\nasync def get_user_db(session: AsyncSession = Depends(get_async_session)):\n    yield SQLAlchemyUserDatabase(session, User)\n\n\ndef get_jwt_strategy() -> JWTStrategy[User, UUID_ID]:\n    return JWTStrategy(secret=SECRET, lifetime_seconds=3600)\n\n\nauth_backend = AuthenticationBackend(\n    name=\"jwt\",\n    transport=CookieBackend(name=\"b\", lifetime_seconds=3600, secret=SECRET),\n    get_strategy=get_jwt_strategy,\n)\n\n\nfastapi_users = FastAPIUsers[User, UUID_ID](\n    get_user_db,\n    [auth_backend],\n)\n\napp = FastAPI()\n\n@app.on_event(\"startup\")\nasync def on_startup():\n    await create_db_and_tables()\n\napp.include_router(\n    fastapi_users.get_auth_router(auth_backend),\n    prefix=\"/auth/jwt\",\n    tags=[\"auth\"],\n)\n\napp.include_router(\n    fastapi_users.get_register_router(),\n    prefix=\"/auth\",\n    tags=[\"auth\"],\n)\n\napp.include_router(\n    fastapi_users.get_users_router(),\n    prefix=\"/users\",\n    tags=[\"users\"],\n)\n\n","lang":"python","description":"This quickstart sets up a basic FastAPI application with user registration, login (using JWT stored in a cookie), and user management endpoints. It uses an in-memory SQLite database with SQLAlchemy for simplicity. Remember to replace the `SECRET` with a strong, environment-variable-managed secret in production."},"warnings":[{"fix":"Be aware of the project's status and ensure existing features meet your requirements before adoption.","message":"FastAPI Users entered maintenance mode starting with v15.0.0. While security updates and dependency maintenance will continue, no new features are planned. Consider this for long-term project planning.","severity":"gotcha","affected_versions":">=15.0.0"},{"fix":"Upgrade your project's Python version to 3.10+ and Pydantic to v2+ or pin `fastapi-users` to `<15.0.0`.","message":"Python 3.9 and Pydantic v1 support was dropped in v15.0.0. Applications targeting these versions must either upgrade their Python/Pydantic or remain on FastAPI Users v14.x.","severity":"breaking","affected_versions":">=15.0.0"},{"fix":"Review your OAuth2 setup, especially for cross-domain usage. The cookie parameters for `get_oauth_router` were updated in 15.0.3 to help.","message":"A CSRF vulnerability fix in v15.0.2 introduced a cookie requirement for OAuth2 flows. This might require additional configuration for cross-domain setups or if the client isn't sending cookies correctly.","severity":"breaking","affected_versions":">=15.0.2"},{"fix":"If you used a custom `CryptContext`, you'll need to adapt it to `pwdlib`. Otherwise, existing passwords will still be verified correctly.","message":"The underlying password hashing library changed from `passlib` to `pwdlib` in v13.0.0. This is a breaking change only if you were using a custom `CryptContext` configuration.","severity":"breaking","affected_versions":">=13.0.0"},{"fix":"Always install `fastapi-users` with the appropriate backend extra: `pip install fastapi-users[your_backend_name]`.","message":"The `fastapi-users` core package only provides the framework. You MUST install a specific database backend (e.g., `fastapi-users[sqlalchemy]`, `fastapi-users[mongodb]`) for persistence.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}