Phase 2 — Auth Primitives
Pre-release
Pre-release
What's included
Password Hashing
- argon2 (default) and bcrypt via pwdlib
verify_and_update()for silent rehash on login- Configurable policy: min length, uppercase, digit, special character
JWT Management
- Access + refresh token issuance via PyJWT
- Per-token revocation via
jtiblacklist - Pluggable blacklist backends: in-memory and Redis
Session Backends
SessionDatamodel with device fingerprinting (user_agent, ip_hash)- In-memory backend for development and testing
- Redis backend for production (requires
authwarden[redis])
Test Coverage
- 55 tests — 55 passing
- Cumulative: 112 tests passing across Phase 1 + Phase 2
Notes
- No breaking changes to Phase 1 interfaces
- Redis backends require
pip install authwarden[redis]