two-fast-auth is a FastAPI middleware that provides seamless two-factor authentication implementation. It integrates with FastAPI to offer robust 2FA protection for your application routes.
📚 Full Documentation - Comprehensive technical documentation and API reference
- QR Code Generation: Automatic QR code creation for authenticator apps
- TOTP Verification: Time-based one-time password validation
- Recovery Codes: Secure recovery code generation and management
- Optional Secret Encryption: Securely store and verify 2FA secrets
- Middleware Integration: Easy integration with FastAPI routes
To install two-fast-auth, use pip:
pip install two-fast-authfrom fastapi import FastAPI from two_fast_auth import TwoFactorMiddleware, TwoFactorAuth app = FastAPI() async def get_user_secret(user_id: str) -> str: # Implement your logic to retrieve user's secret from database return "user_stored_secret" # Replace with actual DB lookup app.add_middleware( TwoFactorMiddleware, get_user_secret_callback=get_user_secret, excluded_paths=["/docs", "/redoc"], header_name="X-2FA-Code", encryption_key="your-key-here" # Optional ) @app.get("/protected-route") async def protected_route(): return {"message": "2FA protected content"}| Parameter | Default | Description |
|---|---|---|
secret | Auto-generated | Base32 secret for TOTP generation |
qr_fill_color | "black" | QR code foreground color |
qr_back_color | "white" | QR code background color |
issuer_name | "2FastAuth" | Name displayed in authenticator apps |
| Parameter | Default | Description |
|---|---|---|
encryption_key | None | Encryption key for securing 2FA secrets (Fernet-compatible key) |
excluded_paths | ["/login", "/setup-2fa"] | Paths that bypass 2FA verification |
header_name | "X-2FA-Code" | Request header containing 2FA verification code |
# Generate and encrypt secret secret = TwoFactorAuth().secret encrypted_secret = TwoFactorAuth.encrypt_secret( secret, encryption_key="your-key-here" ) # Store encrypted secret in database async def get_user_secret(user_id: str) -> str: return await fetch_encrypted_secret_from_db(user_id) # Middleware with encrypted secrets app.add_middleware( TwoFactorMiddleware, get_user_secret_callback=get_user_secret, encryption_key="your-key-here", excluded_paths=["/healthcheck"] )Contributions are welcome! Please open an issue or submit a pull request on GitHub.
MIT License - See LICENSE for details
Renzo Franceschini
