Hey everyone, creator of AuthTuna here.
For years, I've been building complex, multi-tenant APIs with FastAPI, and I've always found that implementing robust, granular, and truly async security is a huge pain point. You either roll your own and risk vulnerabilities, or you wrestle with frameworks that aren't async-native, causing performance bottlenecks.
I built AuthTuna to solve this. It's the async-first security framework I always wanted:
Truly Async Core: Built on asyncio and SQLAlchemy 2.0. No part of your security logic will block the event loop.
Granular Hierarchical Permissions (RBAC): Go beyond simple roles. You can define permissions like Organization -> Project -> Resource and check them with a simple Depends(PermissionChecker(...)).
Advanced Server-Side Sessions: It provides the security of server-side sessions (with hijack detection) without sacrificing the performance you'd expect from JWTs.
Great Developer Experience: Comes with Pydantic models, pre-built routers for auth flows, and clear dependencies to get you started in minutes.
I use it in my own production systems, so it's been well tested. The goal is to make robust security the easy path, not an afterthought.
I'd love to hear your thoughts and get your feedback. What are you currently using to handle auth in your async Python projects?
scottydelta•1h ago
Does FastAPI has a mechanism to add external modules? Like Django calls it an app. People can make open-source Django apps and others can easily include them in their own Django project base.
Good job on launching!
shashstormer•1h ago
That's a great way to put it, and you're right that "framework for a framework" can sound a bit heavy! I think of AuthTuna more as a batteries-included library or an extension for FastAPI. You could compare it to a powerful, reusable Django 'app' that handles all things security-related.
You've hit on a key difference between Django and FastAPI's ecosystems. FastAPI doesn't have a central INSTALLED_APPS setting like Django. Instead, it encourages a more explicit, composable approach using a few key features:
Routers (APIRouter): This is the closest equivalent. A library like AuthTuna can provide a router with all its endpoints (e.g., /login, /logout), and you can mount it in your main app with a single line: app.include_router(auth_router). This is how you "plug in" a set of views.
Middleware: For things that need to run on every request, like our session management, you add it as middleware: app.add_middleware(...).
Dependencies: For protecting specific endpoints, you use FastAPI's powerful dependency injection system: user: User = Depends(get_current_user).
So while it's not a single "app" concept, the combination of these three features allows for creating powerful, reusable components like AuthTuna that can be easily integrated into any FastAPI project.