A production-style authentication system built with FastAPI, featuring secure password hashing, JWT-based login, and protected routes.
This project implements a complete authentication flow used in real-world backend systems:
- User registration with password hashing
- Secure login with credential validation
- JWT token generation
- Token-based protected routes
- π User Signup (hashed passwords)
- π Login with JWT token
- π‘οΈ Token Verification
- π« Unauthorized access handling
- π¦ Modular architecture (Auth separated cleanly)
- β‘ FastAPI
- π Python
- ποΈ SQLite
- π§ SQLAlchemy ORM
- π JWT (python-jose)
- π Password Hashing
src/
βββ auth/
β βββ controllers.py
β βββ routers.py
β βββ schemas.py
β βββ utils.py
β
βββ users/
β βββ models.py
β βββ schemas.py
β βββ controllers.py
β βββ routers.py
β
βββ utils/
β βββ db.py
β βββ settings.py
β
βββ main.py
POST /users/β Register user
POST /auth/loginβ Login & get tokenGET /auth/meβ Protected route (requires token)
{
"access_token": "your.jwt.token",
"token_type": "bearer"
}User β Login β Token Generated
β
Client stores token
β
Client sends token in headers
β
Server verifies token
β
Access granted / denied
git clone https://github.com/your-username/secureauth-backend.git
cd secureauth-backend
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
uvicorn src.main:app --reloadSwagger UI:
π http://127.0.0.1:8000/docs
- Implementing authentication from scratch
- Secure password handling
- Token-based authorization flow
- Dependency-based security in FastAPI
- Writing modular backend architecture
- π Role-Based Access Control
- β»οΈ Refresh Tokens
- ποΈ PostgreSQL integration
- π Deployment
Building secure backend systems step by step π