Hey everyone, creator of AuthTuna here.

For years, I've been building complex, multi-tenant APIs with FastAPI, and I've always found that implementing robust, granular, and truly async security is a huge pain point. You either roll your own and risk vulnerabilities, or you wrestle with frameworks that aren't async-native, causing performance bottlenecks.

I built AuthTuna to solve this. It's the async-first security framework I always wanted:

Truly Async Core: Built on asyncio and SQLAlchemy 2.0. No part of your security logic will block the event loop.

Granular Hierarchical Permissions (RBAC): Go beyond simple roles. You can define permissions like Organization -> Project -> Resource and check them with a simple Depends(PermissionChecker(...)).

Advanced Server-Side Sessions: It provides the security of server-side sessions (with hijack detection) without sacrificing the performance you'd expect from JWTs.

Great Developer Experience: Comes with Pydantic models, pre-built routers for auth flows, and clear dependencies to get you started in minutes.

I use it in my own production systems, so it's been well tested. The goal is to make robust security the easy path, not an afterthought.

I'd love to hear your thoughts and get your feedback. What are you currently using to handle auth in your async Python projects?