AuthTuna – A modern, async security framework for FastAPI
Hey everyone, creator of AuthTuna here.
For years, I've been building complex, multi-tenant APIs with FastAPI, and I've always found that implementing robust, granular, and truly async security is a huge pain point. You either roll your own and risk vulnerabilities, or you wrestle with frameworks that aren't async-native, causing performance bottlenecks.
I built AuthTuna to solve this. It's the async-first security framework I always wanted:
Truly Async Core: Built on asyncio and SQLAlchemy 2.0. No part of your security logic will block the event loop.
Granular Hierarchical Permissions (RBAC): Go beyond simple roles. You can define permissions like Organization -> Project -> Resource and check them with a simple Depends(PermissionChecker(...)).
Advanced Server-Side Sessions: It provides the security of server-side sessions (with hijack detection) without sacrificing the performance you'd expect from JWTs.
Great Developer Experience: Comes with Pydantic models, pre-built routers for auth flows, and clear dependencies to get you started in minutes.
We use it in our own production systems ("eating our own dogfood"), so it's been battle-tested. The goal is to make robust security the easy path, not an afterthought.
I'd love to hear your thoughts and get your feedback. What are you currently using to handle auth in your async Python projects?
No comments yet