deadbolt¶
A framework-agnostic, batteries-included authentication library for Python. Own your auth, mount it on any framework — no hosted service, no lock-in.
import deadbolt as db
from deadbolt.integrations.fastapi import mount
auth = db.Auth(
adapter=db.MemoryAdapter(), # or db.SQLAlchemyAdapter(engine)
secret=SECRET, # 32+ random bytes
email_and_password=db.EmailPassword(enabled=True),
)
mount(app, auth, prefix="/api/auth") # the whole integration
deadbolt is what Better Auth is for the TypeScript world, rebuilt
idiomatically for Python: a self-hosted auth engine with a database-adapter abstraction, signed
cookie-based sessions, and a plugin system — mountable onto any Python web framework.
Why deadbolt¶
-
Framework-agnostic
One async-first core speaks a normalized request/response contract; a thin adapter mounts it on FastAPI/Starlette (native) or Flask/WSGI (via a background-loop sync bridge).
-
Bring your own database
A uniform adapter interface built on SQLAlchemy 2.0 Core covers Postgres/MySQL/SQLite; an in-memory adapter ships for tests and local dev.
-
Secure by default
Argon2id hashing, opaque DB-backed sessions stored hashed, signed
__Host-cookies, session rotation, rate limiting, origin CSRF checks, and timing-safe sign-in. -
Plugins for everything
Passwordless (magic link, email/phone OTP, passkeys), social OAuth, TOTP 2FA, organizations with RBAC and teams, API keys, admin, JWT, and username sign-in.
Start here¶
-
Install deadbolt and make your first authenticated request in minutes.
-
The built-in email/password and session API, endpoint by endpoint.
-
How the core, adapters, plugins, and hooks fit together.
-
The full security model — hashing, tokens, cookies, CSRF, and rate limiting.