fastapi-auth

This skill provides a robust architectural pattern for handling user authentication within FastAPI applications, specifically designed for systems requiring session persistence and OAuth2 provider integration. It follows a clean 3-layer architecture, separating data access via repository patterns, business logic within service layers, and request handling through FastAPI routers. By utilizing Argon2 for secure password hashing and SQLAlchemy for database-backed session management, this skill ensures that user credentials and active sessions are handled with industry-standard security practices. It is intended for software engineers building scalable web backends who need a structured approach to login, registration, and route protection.

• Implements Argon2 password hashing for high-entropy credential security and verifiability.

• Provides a modular OAuth2 callback architecture, currently supporting Google OAuth workflows for rapid user onboarding.

• Includes a dedicated session repository and service to manage token-based persistence in PostgreSQL.

• Features custom exception handling using HTTPExceptionMixin to standardize 401 and authentication-related error responses across the API.

• Utilizes Pydantic schemas for precise input validation of OAuth callbacks and user session responses.

• Implements dependency injection for auth guards, allowing for granular, endpoint-specific access control using HTTPBearer tokens.

• Use this skill when architecting the backend of a platform that requires user accounts, session state tracking, and integration with third-party identity providers.

• The system expects inputs such as user credentials for direct login or OAuth2 callback parameters for social authentication, outputting secure SessionResponse objects with expiration data.

• Ensure that the environment variables for OAuth credentials (e.g., GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET) are correctly configured before deploying the Auth service.

• The service is designed to be highly extensible; you can add additional OAuth providers by extending the providers dictionary in the AuthService.

• All database interactions are asynchronous, requiring an async-compatible SQLAlchemy setup to maintain performance.