Python Reference
PropelAuth’s Python library provides all the building blocks you need to add authentication to any Python backend.
For most Python frameworks, like FastAPI, Django, and Flask, we have built out libraries specifically for them. Those libraries will provide a more first-class experience than this library.
Installation
pip install propelauth_py
Initialize
init_base_auth
performs a one-time initialization of the library.
It will verify your api_key
is correct and fetch the metadata needed to verify access tokens validate_access_token_and_get_user and validate_access_token_and_get_user_with_org.
main.py
from propelauth_py import init_base_auth
auth = init_base_auth("YOUR_AUTH_URL", "YOUR_API_KEY")
Protect API Routes
After initializing auth, you can verify access tokens by passing in the Authorization header (formatted Bearer TOKEN
) to validate_access_token_and_get_user
.
You can see more information about the User object returned in User.
auth_header = # get authorization header in the form `Bearer {TOKEN}`
try:
user = auth.validate_access_token_and_get_user(auth_header)
print("Logged in as", user.user_id)
except UnauthorizedException:
print("Invalid access token")
Verifying the access token doesn't require an external request.
Authorization / Organizations
You can also verify which organizations the user is in, and which roles and permissions they have in each organization. For that, we have functions like:
validate_access_token_and_get_user_with_org
validate_access_token_and_get_user_with_org_by_minimum_role
validate_access_token_and_get_user_with_org_by_exact_role
validate_access_token_and_get_user_with_org_by_permission
validate_access_token_and_get_user_with_org_by_all_permissions
auth_header = # get authorization header in the form `Bearer {TOKEN}`
org_id = # get org id from request
try:
user_and_org = auth.validate_access_token_and_get_user_with_org(auth_header, org_id)
user = user_and_org.user
org = user_and_org.org_member_info
print("Logged in as", user.user_id, "in org", org.org_id)
except UnauthorizedException:
print("Invalid access token")
User
The User object contains information about the user that made the request.
- Name
user_id
- Type
- string
- Description
The unique id of the user.
- Name
org_id_to_org_member_info
- Type
- dict
- Description
A dictionary mapping from organization id to OrgMemberInfo object.
- Name
email
- Type
- string
- Description
The email of the user.
- Name
first_name
- Type
- string
- Description
The first name of the user.
- Name
last_name
- Type
- string
- Description
The last name of the user.
- Name
username
- Type
- string
- Description
The username of the user.
- Name
legacy_user_id
- Type
- string
- Description
If the user was migrated using our Migration API, this will be the id of the user in the legacy system.
- Name
is_impersonated()
- Type
- bool
- Description
True if the user is being impersonated.
- Name
impersonator_user_id
- Type
- string
- Description
If the user is being impersonated, this is id of the user that impersonated them.
- Name
properties
- Type
- dict
- Description
A dictionary of custom properties associated with the user.
OrgMemberInfo
The OrgMemberInfo object contains information about the user's membership in an organization.
- Name
org_id
- Type
- string
- Description
The unique id of the organization.
- Name
org_name
- Type
- string
- Description
The name of the organization.
- Name
org_metadata
- Type
- object
- Description
The metadata associated with the organization.
- Name
user_assigned_role
- Type
- string
- Description
The role of the user in the organization.
- Name
user_permissions
- Type
- list[string]
- Description
A list of permissions the user has in the organization, based on their role.
- Name
user_is_role
- Type
- fn(role: string) -> bool
- Description
A function that returns true if the user has the specified role in the organization.
- Name
user_is_at_least_role
- Type
- fn(role: string) -> bool
- Description
A function that returns true if the user has at least the specified role in the organization.
- Name
user_has_permission
- Type
- fn(permission: string) -> bool
- Description
A function that returns true if the user has the specified permission in the organization.
- Name
user_has_all_permissions
- Type
- fn(permissions: list[string]) -> bool
- Description
A function that returns true if the user has all of the specified permissions in the organization.
Calling Backend APIs
You can also use the library to call the PropelAuth APIs directly, allowing you to fetch users, create orgs, and a lot more. See the API Reference for more information.