adalib-auth 1.1.1__tar.gz

adalib_auth-1.1.1/PKG-INFO

@@ -0,0 +1,53 @@
+Metadata-Version: 2.1
+Name: adalib-auth
+Version: 1.1.1
+Summary: The programmatic tool to authenticate with AdaLab.
+Home-page: https://adamatics.com
+Author: Adamatics ApS
+Author-email: info@adamatics.com
+Requires-Python: >=3.10.0,<4.0.0
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Dist: python-keycloak (>=3.3.0,<4.0.0)
+Requires-Dist: requests-oauthlib (>=1.3.1,<2.0.0)
+Project-URL: Repository, https://gitlab.com/adamatics/python/adalib-auth
+Description-Content-Type: text/markdown
+
+# adalib-auth
+
+This repository contains the source code of `adalib-auth`, the Python library used to authenticate with the AdaLab platform.
+
+## Installation
+
+`adalib-auth` can be installed from PyPI or a `devpi` index:
+
+```sh
+# PyPI
+pip install adalib-auth
+# devpi
+pip install --extra-index-url <devpi_index_url> adalib-auth
+```
+
+In order to add it to the dependencies of a Python project using `poetry` use:
+
+```sh
+poetry source add --priority=primary <repo_name> <devpi_index_url>
+poetry source add --priority=primary PyPI
+poetry add --source <repo_name> adalib-auth
+```
+
+## Usage
+
+See the corresponding `adalib` example notebooks.
+
+## Contributing
+
+See the [contributor's guide](CONTRIBUTING.md).
+

adalib_auth-1.1.1/README.md

@@ -0,0 +1,30 @@
+# adalib-auth
+
+This repository contains the source code of `adalib-auth`, the Python library used to authenticate with the AdaLab platform.
+
+## Installation
+
+`adalib-auth` can be installed from PyPI or a `devpi` index:
+
+```sh
+# PyPI
+pip install adalib-auth
+# devpi
+pip install --extra-index-url <devpi_index_url> adalib-auth
+```
+
+In order to add it to the dependencies of a Python project using `poetry` use:
+
+```sh
+poetry source add --priority=primary <repo_name> <devpi_index_url>
+poetry source add --priority=primary PyPI
+poetry add --source <repo_name> adalib-auth
+```
+
+## Usage
+
+See the corresponding `adalib` example notebooks.
+
+## Contributing
+
+See the [contributor's guide](CONTRIBUTING.md).

adalib_auth-1.1.1/adalib_auth/__init__.py

@@ -0,0 +1,13 @@
+"""The adalib-auth package handles the authentication workflow with the AdaLab platform.
+"""
+
+import importlib.metadata
+
+from . import config, jupyterhub, keycloak
+
+_DISTRIBUTION_METADATA = importlib.metadata.metadata("adalib-auth")
+__project__ = _DISTRIBUTION_METADATA["name"]
+__version__ = _DISTRIBUTION_METADATA["version"]
+__description__ = _DISTRIBUTION_METADATA["description"]
+
+__all__ = ["config", "jupyterhub", "keycloak"]

adalib_auth-1.1.1/adalib_auth/config/__init__.py

@@ -0,0 +1,12 @@
+"""The Config sub-package sets up the environment for adalib. It also fetches all the
+configuration values needed in the library.
+
+The first client call to import this module will initialize it, after which it
+will be a singleton instantiation for the duration of the process.
+"""
+
+from .config import Configuration, get_config
+
+__all__ = ["Configuration", "get_config"]
+
+__title__ = "adalib-auth Config"

adalib_auth-1.1.1/adalib_auth/config/config.py

@@ -0,0 +1,222 @@
+import logging
+import os
+import threading
+import urllib.parse
+
+import requests
+
+
+class Singleton(type):
+    """Class to ensure singleton behaviour of the Configuration class."""
+
+    _instances = {}
+    _lock = threading.Lock()
+
+    def __call__(cls, *args, **kwargs):
+        """Instantiate Configuration singleton."""
+        if cls not in cls._instances:
+            with cls._lock:
+                cls._instances[cls] = super(Singleton, cls).__call__(
+                    *args, **kwargs
+                )
+        return cls._instances[cls]
+
+    def reset_instances(cls):
+        """Reset Configuration singleton instance."""
+        if cls in cls._instances:
+            with cls._lock:
+                del cls._instances[cls]
+        else:
+            raise ValueError("No instance exists, therefore nothing to reset.")
+
+
+class Configuration(metaclass=Singleton):
+    """Configuration singleton class."""
+
+    def __init__(self, adaboard_api_url=None, **kwargs):
+        """Initialize Configuration instance"""
+        self.LOG_LEVEL = os.getenv("ADALIB_LOG_LEVEL", "INFO")
+        self.HARBOR_AUTH_FILE = os.path.join(
+            os.getenv("XDG_RUNTIME_DIR", ".docker"), "config.json"
+        )
+        self.__configure_logging()
+        self.__configure_environment()
+        self.__configure_adaboard(adaboard_api_url=adaboard_api_url)
+        self.__configure_clients()
+        self.__configure_services()
+        self.__configure_credentials(**kwargs)
+        match self.ENVIRONMENT:
+            case "jupyterhub":
+                logging.info("adalib configured, running in JupyterHub.")
+            case "nonpub-user-app":
+                logging.info(
+                    "adalib configured, running in a non-public deployed app."
+                )
+            case "external":
+                logging.info(
+                    "adalib configured, running in an external environment."
+                )
+
+    def __configure_credentials(self, **kwargs):
+        """access token and refresh token refer to the JH client"""
+        if self.ENVIRONMENT == "jupyterhub":
+            self.CREDENTIALS = {
+                "username": os.environ["LOGNAME"],
+                "jh_token": os.environ["JUPYTERHUB_API_TOKEN"],
+                "access_token": None,
+                "refresh_token": None,
+            }
+        elif self.ENVIRONMENT == "nonpub-user-app":
+            self.CREDENTIALS = {
+                "client_id": os.environ["_UA_CLIENT_ID"],
+                "client_secret": os.environ["_UA_CLIENT_SECRET"],
+                "app_access_token": kwargs.get(
+                    "app_access_token"
+                ),  # Deployed app client
+                "app_refresh_token": kwargs.get(
+                    "app_refresh_token"
+                ),  # Deployed app client
+                "access_token": None,
+                "refresh_token": None,
+            }
+        elif self.ENVIRONMENT == "external":
+            self.CREDENTIALS = {
+                "access_token": None,
+                "refresh_token": None,
+                "token": kwargs.get("token"),
+            }
+
+    def __configure_environment(self, **kwargs):
+        """
+        Find out in which environment is adalib running.
+        """
+        if "JUPYTERHUB_API_TOKEN" in os.environ:
+            self.ENVIRONMENT = "jupyterhub"
+        elif "_UA_CLIENT_ID" in os.environ:
+            self.ENVIRONMENT = "nonpub-user-app"
+        else:
+            self.ENVIRONMENT = "external"
+
+    def __configure_adaboard(self, adaboard_api_url=None):
+        """Confgiure the target Adaboard API URL."""
+        if self.ENVIRONMENT == "external" and (
+            adaboard_api_url is None and "ADABOARD_API_URL" not in os.environ
+        ):
+            raise ValueError(
+                "adaboard_api_url must be provided for external environment"
+            )
+        if adaboard_api_url:
+            self.ADABOARD_API_URL = adaboard_api_url
+        elif "ADABOARD_API_URL" in os.environ:
+            self.ADABOARD_API_URL = os.environ["ADABOARD_API_URL"]
+        elif "_NAMESPACE" in os.environ:
+            self.ADABOARD_API_URL = (
+                f"http://adaboard-api-svc.{os.environ['_NAMESPACE']}:8000"
+            )
+        else:
+            self.ADABOARD_API_URL = "http://adaboard-api-svc:8000"
+
+    def __configure_service_x(self, x: str, given_name: str, apps: list[dict]):
+        """Configure AdaLab app or service."""
+        url_type = "external" if self.ENVIRONMENT == "external" else "internal"
+        for app in apps:
+            if app["name"] == x:
+                url_parsed = urllib.parse.urlparse(url=app[url_type])
+                self.SERVICES[given_name] = {
+                    "url": app["internal"],
+                    "external": app["external"],
+                    "netloc": url_parsed.netloc,
+                    "path": url_parsed.path,
+                }
+
+    def __configure_services(self):
+        """Configure all services present in the AdaLab deployment."""
+        resp = requests.get(
+            self.ADABOARD_API_URL,
+            params={"include_apps": True},
+            timeout=10,
+        ).json()
+
+        apps = resp["apps"]
+
+        if (
+            resp["jh_secret"] == ""
+            and "ADALAB_CLIENT_SECRET" not in os.environ
+        ):
+            raise ValueError("AdaLab client secret was not set")
+        elif resp["jh_secret"] == "":
+            self.KEYCLOAK_CLIENTS["jupyterhub_secret"] = os.environ[
+                "ADALAB_CLIENT_SECRET"
+            ]
+        else:
+            self.KEYCLOAK_CLIENTS["jupyterhub_secret"] = resp["jh_secret"]
+
+        namespace = resp["namespace"]
+        network_host = resp["network_host"]
+
+        self.NAMESPACE = namespace
+        self.NETWORK_HOST = network_host
+        self.SERVICES = dict()
+        self.__configure_service_x(
+            x="adaboard-api", given_name="adaboard-api", apps=apps
+        )
+        self.__configure_service_x(
+            x="container-registry", given_name="harbor", apps=apps
+        )
+        self.__configure_service_x(
+            x="jupyterhub", given_name="jupyterhub", apps=apps
+        )
+        self.__configure_service_x(
+            x="keycloak", given_name="keycloak", apps=apps
+        )
+        self.__configure_service_x(x="mlflow", given_name="mlflow", apps=apps)
+        self.__configure_service_x(
+            x="superset", given_name="superset", apps=apps
+        )
+
+    def __configure_clients(self):
+        """Configure clients for services present in the AdaLab deployment."""
+        self.KEYCLOAK_REALM = os.environ.get("KEYCLOAK_REALM", "adalab")
+        self.KEYCLOAK_CLIENTS = dict()
+        self.KEYCLOAK_CLIENTS["adaboard-api"] = os.environ.get(
+            "KEYCLOAK_ADABOARD_CLIENT_ID", "adaboard"
+        )
+        self.KEYCLOAK_CLIENTS["harbor"] = os.environ.get(
+            "KEYCLOAK_HARBOR_CLIENT_ID", "harbor"
+        )
+        self.KEYCLOAK_CLIENTS["jupyterhub"] = os.environ.get(
+            "KEYCLOAK_JUPYTERHUB_CLIENT_ID", "jupyterhub"
+        )
+        self.KEYCLOAK_CLIENTS["superset"] = os.environ.get(
+            "KEYCLOAK_SUPERSET_CLIENT_ID", "superset"
+        )
+
+    def __configure_logging(self):
+        """Set up execution logs."""
+        log_level = getattr(logging, self.LOG_LEVEL.upper(), logging.INFO)
+        logging.basicConfig(
+            level=log_level,
+            format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+        )
+
+    @classmethod
+    def clean(cls):
+        """
+        Delete existing instances of the class.
+        """
+        cls.reset_instances()
+
+    def reset(self, adaboard_api_url=None, **kwargs):
+        """
+        Clean up and create a new class instance with the new parameters.
+        """
+        self.clean()
+        self.__init__(adaboard_api_url=adaboard_api_url, **kwargs)
+
+
+def get_config(adaboard_api_url=None, **kwargs):
+    """
+    Initialize the Configuration singleton. This is called automatically when
+    the Configuration class is imported.
+    """
+    return Configuration(adaboard_api_url=adaboard_api_url, **kwargs)

adalib_auth-1.1.1/adalib_auth/jupyterhub/__init__.py

@@ -0,0 +1,8 @@
+"""Module to work with JupyterHub on the AdaLab platform.
+"""
+
+from .jupyterhub import get_token_from_auth_state, is_this_jupyterhub
+
+__all__ = ["get_token_from_auth_state", "is_this_jupyterhub"]
+
+__title__ = "adalib-auth JupyterHub"

adalib_auth-1.1.1/adalib_auth/jupyterhub/jupyterhub.py

@@ -0,0 +1,34 @@
+import os
+
+import requests_oauthlib
+
+
+def get_token_from_auth_state(
+    username: str,
+    jh_token: str,
+    jh_api_url: str,
+) -> dict:
+    """Get a keycloak token from jupyter auth state.
+
+    :return: Token to access jupyterhub.
+    :rtype: dict
+    """
+    if jh_api_url.startswith("http://"):
+        os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
+    session = requests_oauthlib.OAuth2Session(token={"access_token": jh_token})
+    response = session.get(f"{jh_api_url}/users/{username}")
+    response.raise_for_status()
+    user_info = response.json()
+    auth_state = user_info["auth_state"]
+    if not auth_state:
+        raise ValueError("No auth state returned by JupyterHub API")
+    return auth_state
+
+
+def is_this_jupyterhub():
+    """Checks whether this package is running in a JupyterHub environment.
+
+    :return: `true` if called from a program in JupyterHub, `false` otherwise
+    :rtype: bool
+    """
+    return "JUPYTERHUB_API_TOKEN" in os.environ

adalib_auth-1.1.1/adalib_auth/keycloak/__init__.py

@@ -0,0 +1,28 @@
+"""Keycloak authentication module for adalib-auth."""
+
+from .. import config, jupyterhub
+from .keycloak import (
+    app_authentication,
+    authenticate_with_stored_credentials,
+    external_authentication,
+    get_client,
+    get_client_token,
+    get_token_from_exchange,
+    jupyterhub_authentication,
+    update_tokens_in_config,
+)
+
+__all__ = [
+    "app_authentication",
+    "authenticate_with_stored_credentials",
+    "external_authentication",
+    "get_client",
+    "get_client_token",
+    "get_token_from_exchange",
+    "jupyterhub_authentication",
+    "update_tokens_in_config",
+    "config",
+    "jupyterhub",
+]
+
+__title__ = "adalib-auth Keycloak"

adalib_auth-1.1.1/adalib_auth/keycloak/keycloak.py

@@ -0,0 +1,274 @@
+import logging
+from typing import Union
+
+import requests
+
+import keycloak
+import keycloak.exceptions
+
+from . import config, jupyterhub
+
+
+def app_authentication(audience: str, scope: str = "openid") -> dict:
+    """
+    Returns an audience authentication token from an exchange with an app token.
+
+    :param audience: The audience for which the token is requested.
+    :type audience: str
+    :param scope: The scope of the token exchange, defaults to "openid"
+    :type scope: str, optional
+    :return: The audience token.
+    :rtype: dict
+    """
+    adalib_config = config.get_config()
+    app_token = {
+        "access_token": adalib_config.CREDENTIALS["app_access_token"],
+        "refresh_token": adalib_config.CREDENTIALS["app_refresh_token"],
+    }
+
+    # Exchange the app token for a Jupyterhub token
+    jh_token = get_token_from_exchange(
+        audience=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+        token=app_token,
+        client_id=adalib_config.CREDENTIALS["client_id"],
+        client_secret=adalib_config.CREDENTIALS["client_secret"],
+        scope=scope,
+    )
+    update_tokens_in_config(
+        new_token=jh_token,
+        client_id=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+    )
+    # Exchange the Jupyterhub token for an audience token
+    audience_token = get_token_from_exchange(
+        audience=audience,
+        token=jh_token,
+        client_id=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+        client_secret=adalib_config.KEYCLOAK_CLIENTS["jupyterhub_secret"],
+        scope=scope,
+    )
+    return audience_token
+
+
+def authenticate_with_stored_credentials(
+    audience_client_id: str,
+) -> Union[dict, None]:
+    """Attempt to get token for audience_client using stored credentials.
+
+    :param audience_client_id: The client ID of the audience.
+    :type audience_client_id: str
+    :return: The token for the current user to authenticate to the audience_client with.
+    :rtype: dict or None
+    """
+
+    adalib_config = config.get_config()
+    token = {
+        "access_token": adalib_config.CREDENTIALS["access_token"],
+        "refresh_token": adalib_config.CREDENTIALS["refresh_token"],
+    }
+    if token["access_token"] is None and token["refresh_token"] is None:
+        logging.debug("No stored credentials.")
+        return None
+    try:
+        audience_token = get_token_from_exchange(
+            audience=audience_client_id,
+            token=token,
+            client_id=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+            client_secret=adalib_config.KEYCLOAK_CLIENTS["jupyterhub_secret"],
+        )
+    except AssertionError:
+        logging.warning("Stored credentials are no longer valid.")
+        return None
+    return audience_token
+
+
+def external_authentication(audience: str, scope: str = "openid") -> dict:
+    """
+    Returns an audience authentication token from an exchange with external user credentials.
+
+    :param audience: The audience for which the token is requested.
+    :type audience: str
+    :param scope: The scope of the token exchange, defaults to "openid"
+    :type scope: str, optional
+    :return: The audience token.
+    :rtype: dict
+    """
+    adalib_config = config.get_config()
+    resp = requests.get(
+        adalib_config.ADABOARD_API_URL + "/adalib/token",
+        headers={
+            "Authorization": f"Token {adalib_config.CREDENTIALS['token']}"
+        },
+    )
+    if resp.status_code != 200:
+        raise AssertionError(
+            "Failed to authenticate with external credentials."
+        )
+
+    jh_token = resp.json()["access_token"]
+    client = get_client(
+        client_id=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+        client_secret=adalib_config.KEYCLOAK_CLIENTS["jupyterhub_secret"],
+    )
+    new_token = client.exchange_token(
+        token=jh_token,
+        audience=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+    )
+    update_tokens_in_config(
+        new_token=new_token,
+        client_id=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+    )
+    audience_token = get_token_from_exchange(
+        audience=audience,
+        token=new_token,
+        client_id=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+        client_secret=adalib_config.KEYCLOAK_CLIENTS["jupyterhub_secret"],
+        scope=scope,
+    )
+    return audience_token
+
+
+def get_client(
+    client_id: str = None,
+    client_secret: str = None,
+) -> keycloak.KeycloakOpenID:
+    """Returns a Keycloak client configured for a specific client. Defaults to
+    the Jupyterhub client.
+
+    :param client_id: The ID of a client that is registered in Keycloak
+    :param client_secret: The secret matching the given client ID
+    :return: Keycloak client for the given client ID.
+    :rtype: KeycloakClient
+    """
+    adalib_config = config.get_config()
+    external = True if adalib_config.ENVIRONMENT == "external" else False
+    if external:
+        server_url = adalib_config.SERVICES["keycloak"]["external"] + "/auth/"
+    else:
+        server_url = adalib_config.SERVICES["keycloak"]["url"] + "/auth/"
+    return keycloak.KeycloakOpenID(
+        server_url=server_url,
+        client_id=client_id,
+        client_secret_key=client_secret,
+        realm_name=adalib_config.KEYCLOAK_REALM,
+        verify=True,
+    )
+
+
+def get_client_token(audience_client_id: str) -> dict:
+    """Get the token for the current user to authenticate to adaboard with depending on adalib's
+    environment configuration.
+
+    :param audience_client_id: The client ID of the audience.
+    :type audience_client_id: str
+    :return: The token for the current user to authenticate to adaboard with.
+    :rtype: dict
+    """
+
+    # First try to authenticate with stored credentials
+    logging.debug("Attempting to authenticate with stored credentials.")
+    token_from_stored_credentials = authenticate_with_stored_credentials(
+        audience_client_id=audience_client_id
+    )
+    if token_from_stored_credentials is not None:
+        return token_from_stored_credentials
+
+    # If that fails, try to authenticate with user credentials
+    adalib_config = config.get_config()
+    logging.debug("Attempting to authenticate with provided credentials.")
+    if adalib_config.ENVIRONMENT == "jupyterhub":
+        return jupyterhub_authentication(audience=audience_client_id)
+    elif adalib_config.ENVIRONMENT == "nonpub-user-app":
+        return app_authentication(audience=audience_client_id)
+    elif adalib_config.ENVIRONMENT == "external":
+        return external_authentication(audience=audience_client_id)
+
+
+def get_token_from_exchange(
+    audience: str,
+    token: str,
+    client_id: str,
+    client_secret: str,
+    scope: str = "openid",
+) -> dict:
+    """Get a token for the audience given a valid client token.
+
+    Note for developers: The scope defaults to `openid` to be consistent with the
+    subsequent call to `keycloakOpenID.exchange_token(...)`. If this default is
+    changed it should be done so with respect to this underlying method.
+
+    :param audience: Client that we need to get a token for.
+    :type audience: str
+    :param token: Token to exchange for audience token.
+    :type token: str
+    :param client_id: Client ID of the client that the token is for.
+    :type client_id: str
+    :param client_secret: Client secret of the client that the token is for.
+    :type client_secret: str
+    :param scope: Scope of token requested, defaults to ""
+    :type scope: str, optional
+    :return: Token to access audience
+    :rtype: dict
+    """
+    client = get_client(client_id=client_id, client_secret=client_secret)
+    if not client.introspect(token=token["access_token"])["active"]:
+        assert (
+            "refresh_token" in token and token["refresh_token"] is not None
+        ), "Access token is no longer valid and a refresh token was not provided"
+        try:
+            token = client.refresh_token(refresh_token=token["refresh_token"])
+        except Exception as exc:
+            raise AssertionError("Refresh token has expired.") from exc
+        update_tokens_in_config(new_token=token, client_id=client_id)
+
+    audience_token = client.exchange_token(
+        token=token["access_token"],
+        audience=audience,
+        subject=None,
+        scope=scope,
+    )
+    return audience_token
+
+
+def jupyterhub_authentication(audience: str, scope: str = "openid") -> dict:
+    """
+    Returns an audience authentication token from an exchange with a Jupyterhub token.
+
+    :param audience: The audience for which the token is requested.
+    :type audience: str
+    :param scope: The scope of the token exchange, defaults to "openid"
+    :type scope: str, optional
+    :return: The audience token.
+    :rtype: dict
+    """
+    adalib_config = config.get_config()
+    jh_token = jupyterhub.get_token_from_auth_state(
+        username=adalib_config.CREDENTIALS["username"],
+        jh_token=adalib_config.CREDENTIALS["jh_token"],
+        jh_api_url=adalib_config.SERVICES["jupyterhub"]["url"] + "/hub/api",
+    )
+    update_tokens_in_config(
+        new_token=jh_token,
+        client_id=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+    )
+    audience_token = get_token_from_exchange(
+        audience=audience,
+        token=jh_token,
+        client_id=adalib_config.KEYCLOAK_CLIENTS["jupyterhub"],
+        client_secret=adalib_config.KEYCLOAK_CLIENTS["jupyterhub_secret"],
+        scope=scope,
+    )
+    return audience_token
+
+
+def update_tokens_in_config(new_token: dict, client_id: str):
+    """Update the tokens in the config object.
+
+    :param new_token: The new token to update the config with.
+    :type new_token: dict
+    :param client_id: The client ID of the client that the token is for.
+    :type client_id: str
+    """
+    adalib_config = config.get_config()
+    if client_id == adalib_config.KEYCLOAK_CLIENTS["jupyterhub"]:
+        adalib_config.CREDENTIALS["access_token"] = new_token["access_token"]
+        adalib_config.CREDENTIALS["refresh_token"] = new_token["refresh_token"]

adalib_auth-1.1.1/pyproject.toml

@@ -0,0 +1,104 @@
+[project]
+name = "adalib-auth"
+version = "1.1.1"
+description = "The programmatic tool to authenticate with AdaLab."
+keywords = [ "authentication", "keycloak"]
+
+[[project.authors]]
+name = "Adamatics ApS"
+email = "info@adamatics.com"
+
+[tool.poetry]
+name = "adalib-auth"
+version = "1.1.1"
+description = "The programmatic tool to authenticate with AdaLab."
+authors = ["Adamatics ApS <info@adamatics.com>"]
+readme = "README.md"
+homepage = "https://adamatics.com"
+repository = "https://gitlab.com/adamatics/python/adalib-auth"
+classifiers = [
+  "Development Status :: 4 - Beta",
+  "Intended Audience :: Developers",
+  "Operating System :: OS Independent",
+  "Programming Language :: Python",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3.10",
+  "Topic :: Software Development :: Libraries :: Python Modules",
+  "Typing :: Typed",
+]
+packages = [
+    { include = "adalib_auth" }
+]
+
+[tool.poetry.dependencies]
+python = "^3.10.0"
+python-keycloak = "^3.3.0"
+requests-oauthlib = "^1.3.1"
+
+[tool.poetry.group.dev.dependencies]
+black = "^23.9.1"
+flake8 = "^6.1.0"
+interrogate = "^1.5.0"
+isort = "^5.12.0"
+pre-commit = "^3.4.0"
+pytest = "^7.4.2"
+pytest-cov = "^4.1.0"
+pyproject-flake8 = "^6.1.0"
+requests-mock = "^1.11.0"
+tox = "^4.11.3"
+
+[build-system]
+requires = ["poetry-core>=1.0.0"]
+build-backend = "poetry.core.masonry.api"
+
+[tool.isort]
+profile = "black"
+src_paths = ["adalib_auth", "tests"]
+multi_line_output = 3
+include_trailing_comma = true
+force_grid_wrap = 0
+use_parentheses = true
+line_length = 79
+
+[tool.black]
+target-version = ["py310"]
+include = '\.pyi?$'
+line-length = 79
+
+[tool.flake8]
+ignore = ["F401", "E203", "E266", "E501", "W503"]
+max-complexity = 18
+select = ["B","C","E","F","W","T4"]
+exclude = [".git",".venv",".tox"]
+max-line-length = 79
+
+[tool.pytest]
+testpaths = "tests/"
+
+[tool.pytest.ini_options]
+addopts = """\
+    --cov adalib_auth \
+    --cov tests \
+    --cov-report term-missing \
+    --no-cov-on-fail \
+"""
+
+[tool.coverage.report]
+fail_under = 100
+exclude_lines = [
+    'if TYPE_CHECKING:',
+    'pragma: no cover'
+]
+
+[tool.mypy]
+disallow_any_unimported = true
+disallow_untyped_defs = true
+no_implicit_optional = true
+strict_equality = true
+warn_unused_ignores = true
+warn_redundant_casts = true
+warn_return_any = true
+check_untyped_defs = true
+show_error_codes = true
+files = "src/"
+ignore_missing_imports = true