API reference
Auto-generated from the source docstrings. Everything below is part of the public,
supported API and is importable from the top-level fastapi_passkeys package.
Facade (Layer A)
fastapi_passkeys.Passkeys
High-level entry point wiring config, storage, engine, and HTTP routes.
Source code in src/fastapi_passkeys/api/router.py
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 | |
install_exception_handlers(app)
Register JSON error responses for the library's exceptions.
Source code in src/fastapi_passkeys/api/router.py
93 94 95 | |
fastapi_passkeys.PasskeyConfig
Bases: BaseSettings
Relying-party policy for passkey ceremonies.
Source code in src/fastapi_passkeys/config.py
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | |
require_user_verification
property
Whether assertions/attestations must prove user verification.
Services (Layer B)
fastapi_passkeys.RegistrationService
Begins and finishes passkey registration (attestation) ceremonies.
Source code in src/fastapi_passkeys/services/registration.py
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 | |
begin(user)
async
Issue creation options and a challenge handle the client echoes back.
Source code in src/fastapi_passkeys/services/registration.py
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 | |
finish(*, response, handle, device_name='')
async
Verify the attestation response and persist the new credential.
Source code in src/fastapi_passkeys/services/registration.py
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | |
fastapi_passkeys.AuthenticationService
Begins and finishes passkey authentication (assertion) ceremonies.
Source code in src/fastapi_passkeys/services/authentication.py
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 | |
begin(*, user_id=None)
async
Issue request options and a challenge handle.
Pass user_id for a username-first flow (restricts allowed credentials)
or omit it for a usernameless / discoverable-credential flow.
Source code in src/fastapi_passkeys/services/authentication.py
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | |
finish(*, response, handle)
async
Verify the assertion, enforce the signature counter, and record usage.
Source code in src/fastapi_passkeys/services/authentication.py
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 | |
Domain models
fastapi_passkeys.PasskeyUser
dataclass
The subject of a ceremony.
id is your stable internal identifier (it becomes the WebAuthn user
handle). name and display_name are shown by the authenticator UI.
Source code in src/fastapi_passkeys/domain/models.py
16 17 18 19 20 21 22 23 24 25 26 | |
fastapi_passkeys.Credential
dataclass
A registered passkey, as persisted by a :class:CredentialRepository.
Source code in src/fastapi_passkeys/domain/models.py
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | |
fastapi_passkeys.AuthenticationResult
dataclass
Returned to the application once a passkey assertion is verified.
Source code in src/fastapi_passkeys/domain/models.py
97 98 99 100 101 102 103 | |
Storage protocols
fastapi_passkeys.CredentialRepository
Bases: Protocol
Persistence for registered passkeys. All methods are coroutines.
Source code in src/fastapi_passkeys/repositories/credentials.py
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | |
add(credential)
async
Persist a newly registered credential.
Source code in src/fastapi_passkeys/repositories/credentials.py
21 22 23 | |
delete(credential_id, user_id)
async
Revoke a credential. Scoped to user_id so users cannot delete others'.
Source code in src/fastapi_passkeys/repositories/credentials.py
47 48 49 | |
get_by_credential_id(credential_id)
async
Return the credential with this id, or None if unknown.
Source code in src/fastapi_passkeys/repositories/credentials.py
25 26 27 | |
list_by_user(user_id)
async
Return all credentials registered to a user (may be empty).
Source code in src/fastapi_passkeys/repositories/credentials.py
29 30 31 | |
rename(credential_id, user_id, name)
async
Set a user-facing device name. Scoped to user_id for safety.
Source code in src/fastapi_passkeys/repositories/credentials.py
43 44 45 | |
update_usage(credential_id, *, sign_count, last_used_at)
async
Record a successful authentication: advance counter and last-used.
Source code in src/fastapi_passkeys/repositories/credentials.py
33 34 35 36 37 38 39 40 41 | |
fastapi_passkeys.ChallengeStore
Bases: Protocol
Single-use storage for in-flight ceremony challenges.
Source code in src/fastapi_passkeys/repositories/challenges.py
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | |
consume(handle)
async
Atomically fetch and invalidate the challenge.
Returns None if the handle is unknown, already consumed, expired, or
tampered with. Never returns an expired challenge.
Source code in src/fastapi_passkeys/repositories/challenges.py
24 25 26 27 28 29 30 | |
put(challenge)
async
Store a challenge and return an opaque handle the client echoes back.
Source code in src/fastapi_passkeys/repositories/challenges.py
20 21 22 | |
Audit
fastapi_passkeys.AuditEvent
dataclass
Source code in src/fastapi_passkeys/audit.py
28 29 30 31 32 33 34 | |
fastapi_passkeys.AuditSink
Bases: Protocol
Receives audit events. Implementations must not raise on the hot path.
Source code in src/fastapi_passkeys/audit.py
37 38 39 40 41 | |
Exceptions
Typed exception hierarchy.
Every error the library raises carries a machine-readable code and a default
status_code. install_exception_handlers (see :mod:fastapi_passkeys.api)
turns these into JSON responses without leaking internal detail. The messages are
intentionally generic for verification failures to avoid handing attackers an
oracle (e.g. we do not say why an assertion failed).
PasskeyError
Bases: Exception
Base class for every error raised by fastapi-passkeys.
Source code in src/fastapi_passkeys/exceptions.py
13 14 15 16 17 18 19 20 21 | |
ConfigurationError
Bases: PasskeyError
The library was configured incorrectly.
Source code in src/fastapi_passkeys/exceptions.py
24 25 26 27 28 | |
ChallengeError
Bases: PasskeyError
A challenge could not be validated.
Source code in src/fastapi_passkeys/exceptions.py
34 35 36 37 38 | |
ChallengeNotFound
Bases: ChallengeError
The challenge is unknown, already used, or has expired.
Source code in src/fastapi_passkeys/exceptions.py
41 42 43 44 45 | |
ChallengeExpired
Bases: ChallengeError
The challenge is no longer valid.
Source code in src/fastapi_passkeys/exceptions.py
48 49 50 51 52 | |
RegistrationError
Bases: PasskeyError
Registration could not be completed.
Source code in src/fastapi_passkeys/exceptions.py
58 59 60 61 62 | |
CredentialAlreadyExists
Bases: RegistrationError
This credential is already registered.
Source code in src/fastapi_passkeys/exceptions.py
65 66 67 68 69 | |
AttestationVerificationError
Bases: RegistrationError
The registration response failed verification.
Source code in src/fastapi_passkeys/exceptions.py
72 73 74 75 76 | |
AuthenticationError
Bases: PasskeyError
Authentication could not be completed.
Source code in src/fastapi_passkeys/exceptions.py
82 83 84 85 86 | |
CredentialNotFound
Bases: AuthenticationError
No matching registered credential was found.
Source code in src/fastapi_passkeys/exceptions.py
89 90 91 92 93 | |
AssertionVerificationError
Bases: AuthenticationError
The authentication response failed verification.
Source code in src/fastapi_passkeys/exceptions.py
96 97 98 99 100 | |
CloneDetectedError
Bases: AuthenticationError
The signature counter did not advance; the authenticator may be cloned.
Source code in src/fastapi_passkeys/exceptions.py
103 104 105 106 107 | |