b3dmar-auth-core
Shared authentication library for FastAPI services
Open-source, stateless authentication primitives for FastAPI microservices: JWT handling, Argon2id password hashing, RBAC, and Redis-backed token revocation.
What is b3dmar-auth-core?
A shared authentication library extracted from our production services. Rather than duplicating JWT validation, password hashing, and RBAC logic across 3ngram, Climbr, and future products, we extracted the common patterns into a single, tested library.
Design principles
Stateless and composable. Each module (JWT, password, RBAC, revocation) works independently. Use all of them or just the parts you need.
Domain-agnostic. The library has no opinion on your user model, database, or tenancy scheme. You bring your own user lookup and permission matrix — b3dmar-auth-core handles the auth mechanics.
Production-tested. Every primitive runs in production across multiple services before being extracted here.
Modules
- jwt — Token creation and validation with type discrimination (access/refresh), JTI tracking, issuer/audience support
- password — Argon2id hashing following OWASP recommendations
- rbac — Generic permission checker with FastAPI dependency factories
- revocation — Redis-backed token denylist with configurable fail-open/fail-closed modes
- rate_limit — Pre-configured slowapi limiter for auth endpoints
- schemas — Pydantic v2 token payload and response models
Getting started
pip install git+https://github.com/sebastianebg/b3dmar-auth-core.gitSee the repository README and cookbook directory for integration examples.