Overview
AuthFort is a complete authentication and authorization system for Python applications. It handles user signup, login, JWT tokens, OAuth providers, roles, sessions, and more — so you don’t have to build auth from scratch.
The Three Packages
Section titled “The Three Packages”AuthFort consists of three packages that work together:
authfort (Server)
Section titled “authfort (Server)”The full auth server. Handles user management, password hashing, JWT issuance, OAuth flows, roles, sessions, rate limiting, and event hooks. This is what you install if you’re building an application that needs authentication.
pip install authfortpip install authfortauthfort-service (Microservice Verifier)
Section titled “authfort-service (Microservice Verifier)”A lightweight JWT verifier for microservices. It fetches public keys from your auth server’s JWKS endpoint and validates tokens locally — no database access needed. Install this on services that need to verify users but don’t manage authentication themselves.
pip install authfort-servicepip install authfort-serviceauthfort-client (Client SDK)
Section titled “authfort-client (Client SDK)”A TypeScript SDK for browsers and mobile apps. Handles token lifecycle (refresh, retry on 401), auth state management, and OAuth redirects. Includes integrations for React, Vue, and Svelte.
npm install authfort-clientnpm install authfort-clientWhich Package Do I Need?
Section titled “Which Package Do I Need?”| Scenario | Packages |
|---|---|
| Single app (e.g., FastAPI + React) | authfort + authfort-client |
| Microservices (auth server + downstream services) | authfort + authfort-service + authfort-client |
| Just verify JWTs in a service | authfort-service only |
How They Connect
Section titled “How They Connect”The auth server issues JWTs and exposes a JWKS endpoint. Microservices fetch the public keys from JWKS to verify tokens locally. The client SDK handles token refresh and authenticated requests from the browser.