About GuardPost

GuardPost was born from the need for a framework-agnostic, reusable authentication and authorization layer for Python applications. Rather than tying auth logic to a specific web framework, GuardPost provides a clean, composable API that works with any async Python application.

The design is inspired by ASP.NET Core's authorization policies — the idea that authorization rules should be expressed as discrete, named policies made up of composable requirements, rather than hard-coded role checks scattered throughout the codebase.

GuardPost powers the authentication and authorization system in the BlackSheep web framework, where it underpins features such as JWT bearer authentication, policy-based authorization, and OIDC integration.

Tested identity providers

GuardPost has been tested with the following identity providers:

• Auth0
• Entra ID
• Azure Active Directory B2C
• Okta

The project's home

The project is hosted in GitHub , maintained following DevOps good practices, and published to PyPI.

Last modified on: 2026-03-10 20:06:58

RP