Phase 6 — Assembly
Pre-releaseWhat's included
AuthWarden Facade
A single object wiring together every previous phase — password hashing,
JWT, sessions, notifications, OAuth providers — behind one clean constructor.
warden = AuthWarden(config=WardenConfig(secret_key="..."), user_store=MyUserStore())
app.include_router(warden.router, prefix="/auth", tags=["auth"])
20 FastAPI Endpoints
Full router coverage across auth, MFA, and OAuth — register, login, logout,
refresh, password flows (link + OTP), MFA setup/confirm/disable, and the
complete OAuth authorize/callback/connect/disconnect/accounts set.
Dependency Injection
warden.current_user— fresh DB fetch + is_active check on every requestwarden.require_roles(*roles)/warden.require_scopes(*scopes)— JWT-claim-based guards
Fixed
authwarden/__init__.py had been silently empty since Phase 2 — the documented
quickstart now actually works.
Bug caught
FastAPI 0.137.1 changed include_router() internals to lazily wrap sub-routers.
Verified real HTTP routing still resolves correctly via TestClient despite the
new internal representation — all 20 endpoints confirmed working end-to-end.
Test Coverage
29 tests — 29 passing
Cumulative: 323 tests passing across all six phases
Next
Phase 7 — End-to-end HTTP test suite (more exhaustive coverage of every
endpoint's edge cases, beyond Phase 6's wiring-focused tests)