A robust, production-ready authentication and authorization server built with FastAPI, SQLAlchemy, and PostgreSQL. This server provides comprehensive OAuth 2.0, OpenID Connect, and multi-factor authentication capabilities.
The project includes an integrated OAuth demo frontend served directly from the FastAPI application!
Quick Access:
- π Local/Docker:
http://localhost:8000/oauth-demo - π Standalone Mode: frontend/README.md
Features:
- β OAuth 2.0 Authorization Code Flow with PKCE
- β Integrated into Docker container (no separate frontend server needed)
- β Auto-configuration based on deployment environment
- β Modern, responsive UI with real-time token display
- OAuth 2.0 & OpenID Connect - Full implementation with PKCE support
- Multi-Factor Authentication - TOTP with backup codes
- Role-Based Access Control - Granular permission management
- JWT Token Management - Secure token generation and validation
- Database Migrations - Alembic-based schema management
- Docker Support - Complete development environment
- Comprehensive Testing - Unit, integration, and end-to-end tests
- Security Features - Rate limiting, audit logging, security headers
- Framework: FastAPI (Python 3.13+)
- Database: PostgreSQL with SQLAlchemy ORM
- Cache: Redis
- Authentication: JWT, OAuth 2.0, OpenID Connect
- MFA: PyOTP for TOTP implementation
- Migrations: Alembic
- Testing: pytest
- Code Quality: Black, Flake8, MyPy
- Containerization: Docker & Docker Compose
- Docker Desktop (includes Docker and Docker Compose)
- Git
- That's it! Everything else runs in Docker containers
git clone <repository-url>
cd authserver-py# Copy the example environment file
cp .env.example .env
# Edit .env with your configuration (use the defaults for quick start)
# Most important: Set JWT_SECRET_KEY, JWT_PRIVATE_KEY, JWT_PUBLIC_KEY# Start all services (API, PostgreSQL, Redis, Frontend)
make docker-up
# Initialize the database (run migrations + seed data)
make docker-setup-dbThat's it! π Everything is now running:
- π API Server: http://localhost:8000
- π± OAuth Demo UI: http://localhost:8000/oauth-demo
- π API Documentation: http://localhost:8000/docs
- π₯ Health Check: http://localhost:8000/health
# Check container status
make docker-ps
# View logs
make docker-logs
# Restart services (after code changes)
# Note: Most Python changes auto-reload!
make docker-restart
# Stop everything
make docker-downOnce the server is running, you can access:
- Interactive API Docs:
http://localhost:8000/docs - ReDoc Documentation:
http://localhost:8000/redoc - OpenAPI Schema:
http://localhost:8000/openapi.json
# Complete database setup (fresh migrations + seed data)
make docker-setup-db
# Run migrations only
make docker-migrate
# Reset database (drops all tables + runs migrations)
make docker-migrate-fresh
# Seed database with test data
make docker-seed# Open a shell in the container to run custom commands
make docker-shell
# Then inside the container:
alembic revision --autogenerate -m "Description of changes"
alembic upgrade head
alembic downgrade -1
alembic currentThe application connects to PostgreSQL running in Docker:
- Host: postgres (container name) / localhost (from host)
- Port: 5432
- Database: authserver
- User: authuser
# Run all tests in Docker (recommended)
make test-docker
# Run unit tests only
make test-docker-unit
# Run integration tests only
make test-docker-int
# Run specific test file
make test-docker-file FILE=test_mfa_flows.py TYPE=int
# Run specific test class/method
make test-docker-file FILE=test_mfa_flows.py TYPE=int NAME=TestMFAStatus::test_get_mfa_status_disabled# Run linting checks
make docker-lint
# Format code (black + isort)
make docker-format
# Security checks
make docker-security-check# Run full CI pipeline (lint + security + tests)
make ciFor a complete list of available commands:
make helpCommon commands:
# Start services
make docker-up
# Initialize database
make docker-setup-db
# Run tests
make test-docker
# View logs
make docker-logs
# Stop services
make docker-down
# Clean up temporary files
make cleanauthserver-py/
βββ alembic/ # Database migrations
βββ app/ # Application code
β βββ api/ # API endpoints
β β βββ v1/ # API version 1
β βββ core/ # Core functionality
β βββ models/ # Database models
β βββ repositories/ # Data access layer
β βββ schemas/ # Pydantic schemas
β βββ middleware/ # Custom middleware
βββ docker/ # Docker configuration
βββ scripts/ # Utility scripts
βββ tests/ # Test suite
βββ tasks/ # Project task management
βββ pyproject.toml # Project configuration
βββ docker-compose.yml # Development services
βββ README.md # This file
# Database
DATABASE_URL=postgresql://user:password@host:port/database
JWT_SECRET_KEY=your-secret-key-here
# Server
HOST=0.0.0.0
PORT=8000
DEBUG=true# Redis
REDIS_URL=redis://localhost:6379/0
# Security
JWT_ALGORITHM=HS256
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
JWT_REFRESH_TOKEN_EXPIRE_DAYS=7
# MFA
MFA_TOTP_ISSUER=AuthServer
MFA_TOTP_DIGITS=6
MFA_TOTP_PERIOD=30# Build production image
docker build -t authserver:latest .
# Run with environment variables
docker run -d \
-p 8000:8000 \
-e DATABASE_URL=your-production-db-url \
-e JWT_SECRET_KEY=your-production-secret \
authserver:latestThe application automatically loads configuration based on the APP_ENV environment variable:
development- Development settings with debug enabledproduction- Production settings with security optimizationstesting- Test-specific configuration
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow PEP 8 style guidelines
- Write comprehensive tests for new features
- Update documentation for API changes
- Use conventional commit messages
- Ensure all tests pass before submitting PRs
This project is licensed under the MIT License - see the LICENSE file for details.
For support and questions:
- Check the API documentation when running locally
- Review the task list for development progress
- Open an issue for bugs or feature requests
See CHANGELOG.md for a detailed history of changes and releases.