Python SDK

Flask/FastAPI decorators for JWT verification, RBAC, and cloud credentials.

Install

pip install authfi

Initialize

from authfi import AuthFI

auth = AuthFI(
    tenant='acme',
    api_key='sk_live_...',
    application_id='your-client-id',
    auto_sync=True,
)

Flask Decorators

@app.route('/api/users')
@auth.require('read:users')
def get_users():
    user = auth.current_user()
    # user.id, user.email, user.roles, user.permissions, user.groups
    return jsonify(users)

@app.route('/api/admin', methods=['POST'])
@auth.require_role('admin')
def admin_action():
    return jsonify({'status': 'ok'})

FastAPI Dependencies

from authfi.fastapi import require_permission, get_current_user

@app.get('/api/users')
async def get_users(user = Depends(require_permission('read:users'))):
    return {'user': user.email}

Permission Registration

auth.register_permission('read:users', 'List all users')
auth.register_permission('write:users', 'Create and update users')
auth.sync()  # Push to AuthFI

Token Verification

claims = auth.verify_token(token_string)
# claims.sub, claims.email, claims.roles, claims.permissions

Cloud Credentials

# AWS
creds = auth.cloud_credentials(user_token, 'aws', role_arn='arn:aws:iam::123:role/MyRole')
# creds.access_key_id, creds.secret_access_key, creds.session_token

# GCP
creds = auth.cloud_credentials(user_token, 'gcp', project='my-project')

# Raw OIDC token
token = auth.cloud_token(user_token, audience='custom', ttl=900)