Python Core

get401-core is the foundational Python SDK for Get401. It handles public key retrieval with caching, EdDSA/Ed25519 JWT verification, and token claim parsing. Used internally by get401-fastapi and get401-django, and can also be used standalone.

GitHub: get401/python-core

Installation

pip install get401-core

Quick Start

from get401_core import Get401Client, TokenVerifier
 
client = Get401Client(
    app_id="your-app-id",
    origin="https://yourapp.com",
)
verifier = TokenVerifier(client)
 
# Sync
claims = verifier.verify(token_string)
print(claims.sub)      # user public ID
print(claims.roles)    # e.g. ["USER"]
print(claims.scopes)   # e.g. ["read", "write"]
 
# Async
claims = await verifier.async_verify(token_string)

Configuration

Parameter	Description	Default
`app_id`	Your application ID (`X-App-Id` header)	required
`origin`	Your application origin URL (`Origin` header)	required
`host`	get401 API base URL	`https://app.get401.com`

TokenClaims Reference

Attribute	Type	Description
`sub`	`str`	User's public ID
`exp`	`int`	Expiration Unix timestamp
`iat`	`int`	Issued-at Unix timestamp
`iss`	`str`	Token issuer
`roles`	`List[str]`	Roles granted to the user
`scope`	`str`	Comma-separated scope string
`scopes`	`List[str]`	`scope` split into a list
`is_authenticated_user`	`bool`	`True` when roles contains `"USER"`

Role and Scope Helpers

claims.has_role("USER")
claims.has_any_role("USER", "ADMIN")
claims.has_all_roles("USER", "PREMIUM")
 
claims.has_scope("read")
claims.scopes  # ["read", "write"]

Error Handling

from get401_core import TokenExpiredError, InvalidTokenError, Get401Error
 
try:
    claims = verifier.verify(token)
except TokenExpiredError:
    # prompt re-login
    ...
except Get401Error as e:
    # catch-all for any get401 error
    ...

Exception	When raised
`TokenExpiredError`	`exp` claim is in the past
`InvalidTokenError`	Malformed token or bad signature
`InvalidAlgorithmError`	Token declares an algorithm other than EdDSA
`PublicKeyFetchError`	Could not reach the get401 backend
`InsufficientPermissionsError`	Missing required roles or scope (raised by framework integrations)

All exceptions inherit from Get401Error.

Public Key Caching

The client automatically caches the public key until the backend-provided expires_at timestamp passes. To force a refresh:

client.get_public_key(force_refresh=True)
await client.async_get_public_key(force_refresh=True)

Relationship to Other SDKs

get401-core is used internally by FastAPI SDK and Django SDK. Use it directly when building a custom integration or working outside those frameworks.

← PreviousDjango SDK

Python Core#

Installation#

Quick Start#

Configuration#

TokenClaims Reference#

Role and Scope Helpers#

Error Handling#

Public Key Caching#

Relationship to Other SDKs#