Skip to content

Authentication & Authorization

FastPluggy ships a minimal auth layer. The actual authentication backend is provided externally via FastPluggy(auth_manager=...).

Dependencies

from fastpluggy.core.auth import require_authentication, require_role

require_authentication

Redirects unauthenticated requests to the login page.

# Protect an entire router
app.include_router(my_router, dependencies=[Depends(require_authentication)])

# Or a single route
@router.get("/secret", dependencies=[Depends(require_authentication)])
async def secret(request: Request): ...

require_role(role: str)

Requires the user to have a specific role (checked against request.auth.scopes). FastPluggy uses "fp_admin" to protect its own admin routes.

app.include_router(admin_router, dependencies=[Depends(require_role("fp_admin"))])

Current user

Set by CurrentUserMiddleware on every request:

user = request.state.current_user   # None if not authenticated
if user and user.is_admin:
    ...

Available in templates as {{ request.state.current_user }}.

The user object shape depends on the auth backend. FastPluggy core expects:

Attribute Description
display_name Shown in the topbar user menu
is_admin Controls visibility of the admin sidebar section
profile_picture Optional; used for avatar display

No auth manager

If auth_manager=None is passed to FastPluggy, authentication is disabled: all routes are accessible without login and the admin section is always visible. A warning is logged at startup.