Auth

Architecture

System design and data flow for Auth

Auth is a stateless Python 3.13 FastAPI service that validates JWTs for partners and Bubble.

System context

Partner/Bubble ---> Auth (FastAPI) ---> JWKS endpoint (issuer)
                       |-> Secret Manager (API key, Sentry DSN)
                       |-> Sentry (errors + traces)

Request flow

Client sends a request with X-API-Key.
APIKeyMiddleware validates the key.
/api/v1/jwt/verify validates token structure and issuer.
JWKS is fetched (or served from cache) and used to verify the token.
Response returns validation result and claims.

Components

services/auth/main.py: app setup, middleware, Sentry lifecycle.
services/auth/routers/: API routing.
services/auth/api/v1/endpoints/jwt_verify.py: verification endpoint.
services/auth/util/jwt_verify.py: JWKS fetch + JWT verification logic.
services/auth/middleware/api_key_middleware.py: API key enforcement.
packages/python/common/: Secret Manager utilities.

Reliability and scaling

JWKS is cached in-memory for 300 seconds.
JWKS fetches use httpx with a 5-second timeout.
The service is stateless and scales horizontally.

Last updated on

Overview

Temporary Python 3.13 partner auth service for Bubble

Data model

Storage, schemas, and data ownership for Auth

On this page

Reliability and scaling