apexauthlib 0.1.10__py3-none-any.whl → 0.1.11__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- apexauthlib-0.1.11.dist-info/METADATA +132 -0
- {apexauthlib-0.1.10.dist-info → apexauthlib-0.1.11.dist-info}/RECORD +4 -4
- {apexauthlib-0.1.10.dist-info → apexauthlib-0.1.11.dist-info}/WHEEL +1 -1
- apexauthlib-0.1.10.dist-info/METADATA +0 -21
- {apexauthlib-0.1.10.dist-info → apexauthlib-0.1.11.dist-info}/licenses/LICENSE +0 -0
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: apexauthlib
|
|
3
|
+
Version: 0.1.11
|
|
4
|
+
Summary: Apex authorization library for services
|
|
5
|
+
License-File: LICENSE
|
|
6
|
+
Author: Apex Dev
|
|
7
|
+
Author-email: dev@apex.ge
|
|
8
|
+
Requires-Python: >=3.11
|
|
9
|
+
Classifier: Programming Language :: Python :: 3
|
|
10
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
11
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
12
|
+
Classifier: Programming Language :: Python :: 3.14
|
|
13
|
+
Requires-Dist: apexdevkit
|
|
14
|
+
Requires-Dist: fastapi (==0.120.*)
|
|
15
|
+
Requires-Dist: httpx
|
|
16
|
+
Requires-Dist: uvicorn
|
|
17
|
+
Description-Content-Type: text/markdown
|
|
18
|
+
|
|
19
|
+
# apexauthlib
|
|
20
|
+
|
|
21
|
+
Private Python library for integrating backend services with the company auth-service.
|
|
22
|
+
|
|
23
|
+
This library provides:
|
|
24
|
+
- **Entities** used across services (user, service, client, service metadata, permissions).
|
|
25
|
+
- A **FastAPI router** (`auth_api`) with login endpoints and dependency helpers that inject the current user + metadata from JWT.
|
|
26
|
+
- A small **HTTP client wrapper** (`AuthApiProvider` / `AuthApi`) for services to:
|
|
27
|
+
- obtain a token (password login or OAuth code exchange),
|
|
28
|
+
- fetch current user and service-scoped metadata,
|
|
29
|
+
- list users for a service,
|
|
30
|
+
- and register/update service permissions.
|
|
31
|
+
|
|
32
|
+
> Notes
|
|
33
|
+
> - This documentation is best used along with the documentation for auth-service.
|
|
34
|
+
> - This is a **private library**. If you change it, you should push to GitHub and then update downstream usage by running `make install` wherever it’s consumed (per team workflow).
|
|
35
|
+
|
|
36
|
+
---
|
|
37
|
+
|
|
38
|
+
## Concepts at a glance
|
|
39
|
+
|
|
40
|
+
### Users
|
|
41
|
+
The `User` entity includes:
|
|
42
|
+
- `hashed_password`: **must never expose an actual password** through APIs (except in create/update requests handled elsewhere).
|
|
43
|
+
- `is_admin`: indicates whether the user is a “superadmin”.
|
|
44
|
+
|
|
45
|
+
### Service-scoped auth model
|
|
46
|
+
The auth model used by services is service-centric:
|
|
47
|
+
- Services have a name (`service_name`) and service admins.
|
|
48
|
+
- Each service can define **permissions** (schema) and **per-user metadata** values that should align with those permissions.
|
|
49
|
+
|
|
50
|
+
See: [`docs/concepts.md`](docs/concepts.md)
|
|
51
|
+
|
|
52
|
+
---
|
|
53
|
+
|
|
54
|
+
## Usage pattern (high-level)
|
|
55
|
+
|
|
56
|
+
### 1) Create an `AuthApiProvider`
|
|
57
|
+
|
|
58
|
+
Example (from service code):
|
|
59
|
+
|
|
60
|
+
```python
|
|
61
|
+
provider = AuthApiProvider[HaccpPermissions](
|
|
62
|
+
http=FluentHttp(
|
|
63
|
+
Httpx.Builder().with_url(AUTH_SERVICE_API).build(),
|
|
64
|
+
),
|
|
65
|
+
service_name=SERVICE_NAME,
|
|
66
|
+
formatter=DataclassFormatter(HaccpPermissions),
|
|
67
|
+
)
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
### 2) Register permissions (service schema)
|
|
71
|
+
|
|
72
|
+
Example:
|
|
73
|
+
|
|
74
|
+
```python
|
|
75
|
+
provider.for_token(
|
|
76
|
+
provider.login(ADMIN_USERNAME, ADMIN_PASSWORD)
|
|
77
|
+
).update_permissions(
|
|
78
|
+
[
|
|
79
|
+
ServicePermission(
|
|
80
|
+
# ...
|
|
81
|
+
)
|
|
82
|
+
]
|
|
83
|
+
)
|
|
84
|
+
```
|
|
85
|
+
|
|
86
|
+
### 3) Add FastAPI auth routes + dependencies
|
|
87
|
+
|
|
88
|
+
Example:
|
|
89
|
+
|
|
90
|
+
```python
|
|
91
|
+
FastApiBuilder()
|
|
92
|
+
.with_title(TITLE)
|
|
93
|
+
.with_description(DESCRIPTION)
|
|
94
|
+
.with_version(VERSION)
|
|
95
|
+
.with_route(auth_api)
|
|
96
|
+
.with_dependency(
|
|
97
|
+
auth=provider,
|
|
98
|
+
auth_code=AuthCodeApi(
|
|
99
|
+
http=FluentHttp(
|
|
100
|
+
Httpx.Builder()
|
|
101
|
+
.with_url(AUTH_SERVICE_API)
|
|
102
|
+
.build(),
|
|
103
|
+
),
|
|
104
|
+
client_id=CLIENT_ID,
|
|
105
|
+
client_secret=CLIENT_SECRET,
|
|
106
|
+
),
|
|
107
|
+
)
|
|
108
|
+
.build()
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
See: [`docs/fastapi.md`](docs/fastapi.md)
|
|
112
|
+
|
|
113
|
+
## Known Limitations
|
|
114
|
+
|
|
115
|
+
### Permission sync is name-based only
|
|
116
|
+
|
|
117
|
+
AuthApi.update_permissions() compares permissions by name and only creates/deletes.
|
|
118
|
+
If a permission keeps the same name but changes type, default, label, etc.,
|
|
119
|
+
it currently won’t be updated automatically.
|
|
120
|
+
|
|
121
|
+
### Admin password dependency for permission registration
|
|
122
|
+
|
|
123
|
+
The example uses provider.login(ADMIN_USERNAME, ADMIN_PASSWORD) to obtain a token for updating permissions.
|
|
124
|
+
If the admin password changes, downstream services must update their configuration, or a more proper flow should
|
|
125
|
+
be introduced (e.g., service-to-service auth or code-based admin auth).
|
|
126
|
+
|
|
127
|
+
### Refresh tokens are not currently handled in this library
|
|
128
|
+
|
|
129
|
+
Current flow assumes a bearer access token is provided/used. Supporting refresh tokens would enable
|
|
130
|
+
longer-lived sessions with automatic token renewal.
|
|
131
|
+
|
|
132
|
+
|
|
@@ -6,7 +6,7 @@ apexauthlib/fastapi/auth.py,sha256=hkvG2BougydElkYbEpwsuSgRoLOLANe6DbVSoa-zBRM,3
|
|
|
6
6
|
apexauthlib/integration/__init__.py,sha256=f2lGbyoGct4kpZ2CUTExHhtQHs-1YR_xanvrj9Y4GiI,87
|
|
7
7
|
apexauthlib/integration/api.py,sha256=iSjaq6FrLOvnC86Y4DtV8O2fNqy09Tt5HjyAp707C4I,6478
|
|
8
8
|
apexauthlib/integration/formatter.py,sha256=DyVRMWYkZErZBeP_f4aYdSbe9g9zck-x2ONFPxwVNfY,2037
|
|
9
|
-
apexauthlib-0.1.
|
|
10
|
-
apexauthlib-0.1.
|
|
11
|
-
apexauthlib-0.1.
|
|
12
|
-
apexauthlib-0.1.
|
|
9
|
+
apexauthlib-0.1.11.dist-info/METADATA,sha256=2iH1MMTn76woy7R_XuungNbggbxFuhkuBv8bBf00mik,3922
|
|
10
|
+
apexauthlib-0.1.11.dist-info/WHEEL,sha256=kJCRJT_g0adfAJzTx2GUMmS80rTJIVHRCfG0DQgLq3o,88
|
|
11
|
+
apexauthlib-0.1.11.dist-info/licenses/LICENSE,sha256=iai0ILQTDgUXV1cIXl0UzSeOdFpMFK3shn5aqnz_Uro,1065
|
|
12
|
+
apexauthlib-0.1.11.dist-info/RECORD,,
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
Metadata-Version: 2.4
|
|
2
|
-
Name: apexauthlib
|
|
3
|
-
Version: 0.1.10
|
|
4
|
-
Summary: Apex authorization library for services
|
|
5
|
-
License-File: LICENSE
|
|
6
|
-
Author: Apex Dev
|
|
7
|
-
Author-email: dev@apex.ge
|
|
8
|
-
Requires-Python: >=3.11
|
|
9
|
-
Classifier: Programming Language :: Python :: 3
|
|
10
|
-
Classifier: Programming Language :: Python :: 3.12
|
|
11
|
-
Classifier: Programming Language :: Python :: 3.13
|
|
12
|
-
Classifier: Programming Language :: Python :: 3.14
|
|
13
|
-
Requires-Dist: apexdevkit
|
|
14
|
-
Requires-Dist: fastapi (==0.120.*)
|
|
15
|
-
Requires-Dist: httpx
|
|
16
|
-
Requires-Dist: uvicorn
|
|
17
|
-
Description-Content-Type: text/markdown
|
|
18
|
-
|
|
19
|
-
# apexauthlib
|
|
20
|
-
Central authorization library for apex services
|
|
21
|
-
|
|
File without changes
|