AuthX

1.6.0 verified Fri May 01 auth: no python

Ready-to-use and customizable authentication and OAuth2 management for FastAPI. Provides JWT, session, rate limiting, and scope management. Current version 1.6.0, requires Python >=3.9, rapid releases.

pip install authx

Common errors

error ImportError: cannot import name 'AuthX' from 'authx' ↓

cause AuthX was renamed from AuthXCore in early versions; or using wrong import path.

fix

Use 'from authx import AuthX' (package export). Do not use 'from authx.core import AuthX'.

error ModuleNotFoundError: No module named 'authx' ↓

cause AuthX not installed or installed in wrong environment.

fix

Run 'pip install authx' and ensure the environment is active.

error AttributeError: 'AuthXConfig' object has no attribute 'JWT_SECRET_KEY' ↓

cause Trying to set a config attribute before initializing properly or using an outdated config class.

fix

Check version: 'from authx import AuthXConfig'; config = AuthXConfig(); config.JWT_SECRET_KEY = '...'

Warnings

breaking Version 1.6.0 introduces rate limiting and session management. If you were using custom rate limiting or session handling, review changes. ↓

fix Update your code to use built-in rate limiting: auth.add_rate_limit(...) or session management: auth.create_session(...)

breaking Version 1.5.0 drops support for Pydantic v1. Only Pydantic v2 is supported. ↓

fix Upgrade your project to Pydantic v2. If you need Pydantic v1, stay on authx<=1.4.3.

deprecated 'data' keyword argument in decode_token is deprecated since 1.4.2. Use 'extra' instead. ↓

fix Replace decode_token(token, data=...) with decode_token(token, extra=...)

gotcha JWT_SECRET_KEY must be set; otherwise AuthX defaults to an insecure key. In production, use a strong secret via environment variable. ↓

fix config.JWT_SECRET_KEY = os.environ.get('AUTHX_SECRET_KEY', 'fallback')

Imports

AuthX
wrong
```
from authx.core import AuthX
```
correct
```
from authx import AuthX
```
AuthX is exported at package level, not from core submodule

AuthXConfig

wrong

from authx.config import AuthXConfig

correct

from authx import AuthXConfig

Config class is re-exported at package level

Quickstart

Minimal FastAPI app with AuthX JWT authentication

from fastapi import FastAPI, Depends
from authx import AuthX, AuthXConfig

app = FastAPI()
config = AuthXConfig()
config.JWT_SECRET_KEY = "secret"
config.JWT_ACCESS_TOKEN_EXPIRES = 3600
auth = AuthX(config=config)

@app.get("/protected")
def protected(user = Depends(auth.get_current_user)):
    return {"user": user}

@app.post("/login")
def login(username: str, password: str):
    # Validate credentials (pseudo)
    if username == "test" and password == "pass":
        token = auth.create_access_token(uid="123")
        return {"access_token": token, "token_type": "bearer"}
    return {"error": "Invalid credentials"}