{"id":7516,"library":"propelauth-py","title":"PropelAuth Python SDK","description":"PropelAuth is a Python library for managing authentication and authorization in B2B/multi-tenant applications. It provides features like user login, signup, organization management, roles, permissions, and API key authentication. The library simplifies backend authorization with hosted UIs and a developer-friendly SDK. It maintains an active release cadence with frequent updates for new features and improvements. Current version is 4.3.2.","status":"active","version":"4.3.2","language":"en","source_language":"en","source_url":"https://github.com/propelauth/propelauth-py","tags":["authentication","authorization","user-management","identity","b2b","multi-tenant","auth"],"install":[{"cmd":"pip install propelauth-py","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"note":"Synchronous initialization of the PropelAuth client.","symbol":"init_base_auth","correct":"from propelauth_py import init_base_auth"},{"note":"Asynchronous initialization of the PropelAuth client.","symbol":"init_base_async_auth","correct":"from propelauth_py import init_base_async_auth"},{"note":"Exception raised when an access token is invalid or unauthorized.","symbol":"UnauthorizedException","correct":"from propelauth_py.errors import UnauthorizedException"},{"note":"Represents an authenticated user object returned by validation functions.","symbol":"User","correct":"from propelauth_py import User"}],"quickstart":{"code":"import os\nfrom propelauth_py import init_base_auth, UnauthorizedException\n\n# Your PropelAuth Auth URL and API Key from your PropelAuth dashboard\nAUTH_URL = os.environ.get('PROPELAUTH_AUTH_URL', 'YOUR_AUTH_URL')\nAPI_KEY = os.environ.get('PROPELAUTH_API_KEY', 'YOUR_API_KEY')\n\nif not AUTH_URL or AUTH_URL == 'YOUR_AUTH_URL' or not API_KEY or API_KEY == 'YOUR_API_KEY':\n    print(\"Please set PROPELAUTH_AUTH_URL and PROPELAUTH_API_KEY environment variables\")\n    exit(1)\n\ntry:\n    auth = init_base_auth(AUTH_URL, API_KEY)\n    \n    # Simulate an Authorization header from an incoming request\n    # In a real application, this would come from a client request\n    mock_auth_header = \"Bearer a_mock_jwt_token\"\n    \n    # Validate the access token and get user information\n    user = auth.validate_access_token_and_get_user(mock_auth_header)\n    \n    print(f\"Successfully authenticated user: {user.user_id}\")\n    print(f\"User email: {user.email}\")\n    if user.orgs:\n        print(\"User belongs to organizations:\")\n        for org_member_info in user.orgs:\n            print(f\"  - Org ID: {org_member_info.org_id}, Name: {org_member_info.org_name}, Roles: {org_member_info.roles}\")\n            \n    # Example of calling a backend API to create a magic link\n    # Note: This requires appropriate permissions on your API key\n    # magic_link_response = auth.create_magic_link(\"test@example.com\")\n    # print(f\"Magic link URL: {magic_link_link.url}\")\n\nexcept UnauthorizedException:\n    print(\"Authentication failed: Invalid access token or configuration.\")\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")\n","lang":"python","description":"This quickstart demonstrates how to initialize the PropelAuth client and validate an access token. It uses environment variables for secure configuration. Upon successful validation, it prints user and organization details. It also includes commented-out code for an example backend API call (e.g., creating a magic link)."},"warnings":[{"fix":"Access attributes directly (e.g., `user.user_id`) instead of treating the object as a dictionary for unpacking. Dictionary-style key lookup (`user[\"user_id\"]`) still works, but direct attribute access is preferred.","message":"In v4.x, response objects (e.g., from validation or API calls) are now explicit datatypes with proper type hints instead of plain dictionaries. Attempting to unpack a response using the `**` operator will result in a `TypeError`.","severity":"breaking","affected_versions":">=4.0.0"},{"fix":"Consider using the framework-specific PropelAuth library if available for your chosen web framework to leverage native integration patterns.","message":"The core `propelauth-py` library provides general authentication functionalities. However, for specific web frameworks like FastAPI, Flask, or Django REST Framework, dedicated libraries (`propelauth-fastapi`, `propelauth-flask`, `propelauth-django-rest-framework`) offer a more integrated and 'first-class' experience for route protection and user handling.","severity":"gotcha","affected_versions":"All"},{"fix":"To disable exception logging, pass `log_exceptions=False` during initialization (e.g., `init_base_auth(..., log_exceptions=False)`) or configure it globally using `propelauth_py.configure_logging(log_exceptions=False)`.","message":"By default, the PropelAuth Python library logs exceptions using Python's standard logging module. This might lead to sensitive information in logs if not properly managed.","severity":"gotcha","affected_versions":"All"},{"fix":"Ensure you import and use `init_base_async_auth` for asynchronous contexts. This often requires an `httpx.AsyncClient()` if a custom client is needed.","message":"When using asynchronous operations, remember to use the `_async` suffix for initialization functions (e.g., `init_base_async_auth` instead of `init_base_auth`). All subsequent API calls will then be asynchronous.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Access user attributes directly (e.g., `user.user_id`, `user.email`). If you need a dictionary representation, you might need to convert it explicitly if the library doesn't provide a `.to_dict()` method.","cause":"Attempting to unpack a PropelAuth response object (like the `User` object) using dictionary unpacking syntax (`**`) after it was changed to an explicit datatype in v4.x.","error":"TypeError: 'User' object is not subscriptable"},{"fix":"Ensure the `Authorization` header is present and in the format `Bearer {TOKEN}`. Verify that your `AUTH_URL` and `API_KEY` are correct and match your PropelAuth project settings. Check if the token itself is valid and not expired.","cause":"The provided Authorization header is missing, malformed, or contains an expired/invalid access token. It can also occur if the `AUTH_URL` or `API_KEY` used during initialization are incorrect.","error":"propelauth_py.errors.UnauthorizedException: Invalid access token"},{"fix":"Run `pip install propelauth-py` to install the library. For serverless applications, ensure `propelauth-py` is listed in your `requirements.txt` file (or equivalent) so it gets bundled with your deployment.","cause":"The `propelauth-py` library is not installed in the current Python environment or is not included in the deployment package for serverless functions (e.g., AWS Lambda with Chalice).","error":"ModuleNotFoundError: No module named 'propelauth_py'"}]}