Skip to main content

AI Prompt

Using AI to integrate Auth0? Add this prompt to Cursor, Windsurf, Copilot, Claude Code or your favourite AI-powered IDE to speed up development.
Prerequisites: Before you begin, ensure you have the following installed:
  • Python 3.9 or newer (3.11+ recommended)
  • pip 21+ or Poetry 1.2+
  • OpenSSL - Required for generating session secrets
FastAPI Version Compatibility: This quickstart requires FastAPI 0.115.11+ and Pydantic 2.12.5+.

Get Started

This quickstart demonstrates how to add Auth0 authentication to a Python FastAPI Web application. You’ll build a secure web app with login, logout, and user profile features using the Auth0 FastAPI SDK.
1

Create a new project

Create a new directory for your project and set up a virtual environment:
Create and activate a virtual environment:
2

Install the Auth0 FastAPI SDK

3

Setup your Auth0 App

Next up, you need to create a new app on your Auth0 tenant and add the environment variables to your project.You can choose to set up your Auth0 app automatically by running a CLI command, or do it manually via the Dashboard:
Run the following shell command on your project’s root directory to create an Auth0 app and generate a .env file:
This command will:
  1. Check if you’re authenticated (and prompt for login if needed)
  2. Create an Auth0 Regular Web Application configured for http://localhost:3000
  3. Generate a .env file with AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, SESSION_SECRET, and APP_BASE_URL
4

Configure the Auth0 FastAPI SDK

Create a main.py file in your project’s root directory and add the following code:
main.py
SESSION_SECRET is used to encrypt session cookies and must be cryptographically secure. Without a strong secret (minimum 32 bytes), your application’s sessions can be compromised. Generate a secure secret using openssl rand -hex 64 and never commit it to version control.SessionMiddleware must be added before using the SDK. Without it, FastAPI cannot read or set cookies, and all authentication attempts will fail silently.HTTPS in Production is required for secure cookies (secure=True). Without HTTPS, session cookies will not be sent by browsers, and users will be repeatedly logged out after each request.
5

Create Routes and Display User Profile

Add the following routes to your main.py file to create a home page and a protected profile page:
main.py
This creates:
  • A home page (/) that displays a login button when logged out, or the user’s profile when logged in
  • A protected API endpoint (/profile) that returns user data as JSON and requires authentication
  • Full styling for a polished user experience
6

Run your app

Alternatively, if you added the if __name__ == "__main__" block to your main.py:
CheckpointYou should now have a fully functional Auth0 login page running on your localhost.

Advanced Usage

Create custom FastAPI dependencies for role-based access control:
Configure the SDK to request access tokens for your API and use them in downstream calls:
Scale your application by storing sessions in Redis instead of encrypted cookies:
Benefits of stateful sessions:
  • No cookie size limits - Store unlimited session data
  • Immediate invalidation - Delete sessions server-side
  • Backchannel logout support - Handle logout events from Auth0
  • Better for distributed systems - Share sessions across multiple servers

Troubleshooting

Problem: Users are logged in but sessions don’t persist across requests.Possible Causes & Solutions:
  1. Missing SessionMiddleware Ensure you’ve added SessionMiddleware to your app:
  2. HTTP in production with secure cookies Secure cookies require HTTPS. If testing locally over HTTP, you can temporarily disable secure cookies (not recommended for production):
  3. Weak or missing SESSION_SECRET Generate a strong secret:
Problem: After clicking “Log In”, Auth0 displays an error: “Callback URL mismatch”Cause: The callback URL is not registered in your Auth0 Application settings.Solution:
  1. Go to Auth0 Dashboard → Applications → Your App → Settings
  2. Add your callback URL to Allowed Callback URLs:
  3. For production, add your production URL:
  4. Click Save Changes
Note: The URL must match exactly, including protocol (http/https) and port number.
Problem: Errors related to async functions or event loops.Cause: FastAPI is an async framework and all SDK methods must be awaited.Solution: Ensure all route functions are async and SDK methods are properly awaited:
Problem: Sessions work locally but not in production.Cause: Secure cookies require HTTPS in production. The secure=True flag prevents cookies from being sent over unencrypted HTTP connections.Solution:
  1. Configure HTTPS on your production server using:
    • Let’s Encrypt certificates
    • Cloud provider SSL/TLS (AWS ALB, Cloudflare, etc.)
    • Reverse proxy (Nginx, Caddy, Traefik)
  2. Update your Auth0 Application URLs to use HTTPS:
  3. Ensure APP_BASE_URL uses HTTPS:
For more advanced features and configuration options, check out the Auth0 FastAPI SDK documentation.