Thanks alot for the wonderful job done thus far. You approach is really superb. I am pretty new to FastAPI but much in love with this library.

I would love to request if these 2 events could be added to the authentication (/login).
on_after_failed_login(): in case of multiple failed attempt, I would love to keep track of this failed attempt and possibly delay/deny future attempts
on_before_login() -> bool: based on the number of previous failed login attempts I may want to decide if to allow or deny login at this moment. Am thinking this would only be called after every other conditions/parameters like the password, is_active, is_verified has been checked and ready generate the jwt/access_token, such that it would allow us raise exception/return false to deny the user login access

** Also, in situation where the admin created a new user account and forwarded the credentials to the user's email. I maybe want to force the user to change the default password. I may want to abort the login process just before the final stage and redirect the user to the change password screen before s/he can proceed

This would be cleaner for further customization