auth0-ai-langchain 0.1.2__py3-none-any.whl → 1.0.0b1__py3-none-any.whl

auth0_ai_langchain/FGARetriever.py

@@ -32,7 +32,7 @@ class FGARetriever(BaseRetriever):
         Args:
             retriever (BaseRetriever): The retriever used to fetch documents.
             build_query (Callable[[Document], ClientBatchCheckItem]): Function to convert documents into FGA queries.
-            fga_configuration (Optional[ClientConfiguration]): Configuration for the OpenFGA client. If not provided, defaults to environment variables.
+            fga_configuration (ClientConfiguration, optional): Configuration for the OpenFGA client. If not provided, defaults to environment variables.
         """
         super().__init__()
         self._retriever = retriever
@@ -95,7 +95,7 @@ class FGARetriever(BaseRetriever):
 
         Args:
             query (str): The query for retrieving documents.
-            run_manager (Optional[object]): Optional manager for tracking runs.
+            run_manager (object, optional): Optional manager for tracking runs.
 
         Returns:
             List[Document]: Filtered and relevant documents.
@@ -148,7 +148,7 @@ class FGARetriever(BaseRetriever):
 
         Args:
             query (str): The query for retrieving documents.
-            run_manager (Optional[object]): Optional manager for tracking runs.
+            run_manager (object, optional): Optional manager for tracking runs.
 
         Returns:
             List[Document]: Filtered and relevant documents.

auth0_ai_langchain/auth0_ai.py

@@ -1,43 +1,112 @@
 from typing import Callable, Optional
-from langchain_core.runnables.config import RunnableConfig
 from langchain_core.tools import BaseTool
-from auth0_ai.credentials import Credential
-from auth0_ai.authorizers.types import AuthorizerParams
-from auth0_ai.authorizers.federated_connection_authorizer import FederatedConnectionAuthorizerParams 
-from .federated_connections.federated_connection_authorizer import FederatedConnectionAuthorizer
-from .ciba.ciba_graph.ciba_graph import CIBAGraph
-from .ciba.ciba_graph.types import CIBAGraphOptions
-
-def get_access_token(config: RunnableConfig) -> Credential:
-    """
-    Fetch the access token obtained during the CIBA flow.
+from auth0_ai.authorizers.ciba import CIBAAuthorizerParams
+from auth0_ai.authorizers.federated_connection_authorizer import FederatedConnectionAuthorizerParams
+from auth0_ai.authorizers.types import Auth0ClientParams
+from auth0_ai_langchain.ciba.ciba_authorizer import CIBAAuthorizer
+from auth0_ai_langchain.federated_connections.federated_connection_authorizer import FederatedConnectionAuthorizer
+
 
-    Attributes:
-        config(RunnableConfig): LangGraph runnable configuration instance.
+class Auth0AI:
+    """Provides decorators to secure LangChain tools using Auth0 authorization flows.
     """
-    return config.get("configurable", {}).get("_credentials", {}).get("access_token")
 
-class Auth0AI():
-    def __init__(self, config: Optional[AuthorizerParams] = None):
-        self._graph: Optional[CIBAGraph] = None
-        self.config = config
+    def __init__(self, auth0: Optional[Auth0ClientParams] = None):
+        """Initializes the Auth0AI instance.
 
-    def with_async_user_confirmation(self, **options: CIBAGraphOptions) -> CIBAGraph:
+        Args:
+            auth0 (Optional[Auth0ClientParams]): Parameters for the Auth0 client.
+                If not provided, values will be automatically read from environment
+                variables: `AUTH0_DOMAIN`, `AUTH0_CLIENT_ID`, and `AUTH0_CLIENT_SECRET`.
         """
-        Initializes and registers a state graph for conditional trade operations using CIBA.
+        self.auth0 = auth0
 
-        Attributes:
-            options (Optional[CIBAGraphOptions]): The base CIBA options.
-        """
-        self._graph = CIBAGraph(CIBAGraphOptions(**options), self.config)
-        return self._graph
-    
-    def with_federated_connection(self, **options: FederatedConnectionAuthorizerParams) -> Callable[[BaseTool], BaseTool]:
+    def with_async_user_confirmation(self, **params: CIBAAuthorizerParams) -> Callable[[BaseTool], BaseTool]:
+        """Protects a tool with the CIBA (Client-Initiated Backchannel Authentication) flow.
+
+        Requires user confirmation via a second device (e.g., phone)
+        before allowing the tool to execute.
+
+        Args:
+            **params: Parameters defined in `CIBAAuthorizerParams`.
+
+        Returns:
+            Callable[[BaseTool], BaseTool]: A decorator to wrap a LangChain tool.
+
+        Example:
+            ```python
+            import os
+            from auth0_ai_langchain.auth0_ai import Auth0AI
+            from auth0_ai_langchain.ciba import get_ciba_credentials
+            from langchain_core.runnables import ensure_config
+            from langchain_core.tools import StructuredTool
+
+            auth0_ai = Auth0AI()
+
+            with_async_user_confirmation = auth0_ai.with_async_user_confirmation(
+                scope="stock:trade",
+                audience=os.getenv("AUDIENCE"),
+                binding_message=lambda ticker, qty: f"Authorize the purchase of {qty} {ticker}",
+                user_id=lambda *_, **__: ensure_config().get("configurable", {}).get("user_id")
+            )
+
+            def tool_function(ticker: str, qty: int) -> str:
+                credentials = get_ciba_credentials()
+                headers = {
+                    "Authorization": f"{credentials['token_type']} {credentials['access_token']}",
+                    # ...
+                }
+                # Call API
+
+            trade_tool = with_async_user_confirmation(
+                StructuredTool(
+                    name="trade_tool",
+                    description="Use this function to trade a stock",
+                    func=tool_function,
+                )
+            )
+            ```
         """
-        Protects a tool execution with the Federated Connection authorizer.
+        authorizer = CIBAAuthorizer(CIBAAuthorizerParams(**params), self.auth0)
+        return authorizer.authorizer()
+
+    def with_federated_connection(self, **params: FederatedConnectionAuthorizerParams) -> Callable[[BaseTool], BaseTool]:
+        """Enables a tool to obtain an access token from a federated identity provider (e.g., Google, Azure AD).
+
+        The token can then be used within the tool to call third-party APIs on behalf of the user.
+
+        Args:
+            **params: Parameters defined in `FederatedConnectionAuthorizerParams`.
+
+        Returns:
+            Callable[[BaseTool], BaseTool]: A decorator to wrap a LangChain tool.
+
+        Example:
+            ```python
+            from auth0_ai_langchain.auth0_ai import Auth0AI
+            from auth0_ai_langchain.federated_connections import get_credentials_for_connection
+            from langchain_core.tools import StructuredTool
+            from datetime import datetime
+
+            auth0_ai = Auth0AI()
+
+            with_google_calendar_access = auth0_ai.with_federated_connection(
+                connection="google-oauth2",
+                scopes=["https://www.googleapis.com/auth/calendar.freebusy"]
+            )
+
+            def tool_function(date: datetime):
+                credentials = get_credentials_for_connection()
+                # Call Google API using credentials["access_token"]
 
-        Attributes:
-            options (FederatedConnectionAuthorizerParams): The Federated Connections authorizer options.
+            check_calendar_tool = with_google_calendar_access(
+                StructuredTool(
+                    name="check_user_calendar",
+                    description="Use this function to check if the user is available on a certain date and time",
+                    func=tool_function,
+                )
+            )
+            ```
         """
-        authorizer = FederatedConnectionAuthorizer(FederatedConnectionAuthorizerParams(**options), self.config)
+        authorizer = FederatedConnectionAuthorizer(FederatedConnectionAuthorizerParams(**params), self.auth0)
         return authorizer.authorizer()

auth0_ai_langchain/ciba/__init__.py

@@ -0,0 +1,3 @@
+from auth0_ai.authorizers.ciba.ciba_authorizer_base import get_ciba_credentials as get_ciba_credentials
+from auth0_ai_langchain.ciba.ciba_authorizer import CIBAAuthorizer as CIBAAuthorizer
+from auth0_ai_langchain.ciba.graph_resumer import GraphResumer as GraphResumer

auth0_ai_langchain/ciba/ciba_authorizer.py

@@ -0,0 +1,17 @@
+from abc import ABC
+from typing import Union
+from auth0_ai.authorizers.ciba import CIBAAuthorizerBase
+from auth0_ai.interrupts.ciba_interrupts import AuthorizationPendingInterrupt, AuthorizationPollingInterrupt
+from auth0_ai_langchain.utils.interrupt import to_graph_interrupt
+from auth0_ai_langchain.utils.tool_wrapper import tool_wrapper
+from langchain_core.tools import BaseTool
+
+class CIBAAuthorizer(CIBAAuthorizerBase, ABC):
+    def _handle_authorization_interrupts(self, err: Union[AuthorizationPendingInterrupt, AuthorizationPollingInterrupt]) -> None:
+        raise to_graph_interrupt(err)
+    
+    def authorizer(self):
+        def wrap_tool(tool: BaseTool) -> BaseTool:
+            return tool_wrapper(tool, self.protect)
+        
+        return wrap_tool

auth0_ai_langchain/ciba/graph_resumer.py

@@ -0,0 +1,154 @@
+import asyncio
+from threading import Event
+from typing import Callable, Optional, Dict, Any, List, TypedDict
+from auth0_ai.authorizers.ciba import CIBAAuthorizationRequest
+from auth0_ai.interrupts.ciba_interrupts import CIBAInterrupt, AuthorizationPendingInterrupt, AuthorizationPollingInterrupt
+from auth0_ai_langchain.utils.interrupt import get_auth0_interrupts
+from langgraph_sdk.client import LangGraphClient
+from langgraph_sdk.schema import Thread, Interrupt
+
+class WatchedThread(TypedDict):
+    thread_id: str
+    assistant_id: str
+    interruption_id: str
+    auth_request: CIBAAuthorizationRequest
+    config: Dict[str, Any]
+    last_run: float
+
+class GraphResumerFilters(TypedDict):
+    graph_id: str
+
+class GraphResumer:
+    def __init__(self, lang_graph: LangGraphClient, filters: Optional[GraphResumerFilters] = None):
+        self.lang_graph = lang_graph
+        self.filters = filters or {}
+        self.map: Dict[str, WatchedThread] = {}
+        self._stop_event = Event()
+        self._loop_task: Optional[asyncio.Task] = None
+
+        # Event callbacks
+        self._resume_callbacks: List[Callable[[WatchedThread], None]] = []
+        self._error_callbacks: List[Callable[[Exception], None]] = []
+
+    # Public API to register event callbacks
+    def on_resume(self, callback: Callable[[WatchedThread], None]) -> "GraphResumer":
+        self._resume_callbacks.append(callback)
+        return self
+
+    def on_error(self, callback: Callable[[Exception], None]) -> "GraphResumer":
+        self._error_callbacks.append(callback)
+        return self
+
+    def _emit_resume(self, thread: WatchedThread) -> None:
+        for callback in self._resume_callbacks:
+            callback(thread)
+
+    def _emit_error(self, error: Exception) -> None:
+        for callback in self._error_callbacks:
+            callback(error)
+
+    async def _get_all_interrupted_threads(self) -> List[Thread]:
+        interrupted_threads: List[Thread] = []
+        offset = 0
+
+        while True:
+            page = await self.lang_graph.threads.search(
+                status="interrupted",
+                limit=100,
+                offset=offset,
+                metadata={"graph_id": self.filters["graph_id"]} if "graph_id" in self.filters else None
+            )
+
+            if not page:
+                break
+
+            for t in page:
+                interrupt = self._get_first_interrupt(t)
+                if interrupt and CIBAInterrupt.is_interrupt(interrupt["value"]) and CIBAInterrupt.has_request_data(interrupt["value"]):
+                    interrupted_threads.append(t)
+
+            offset += len(page)
+            if len(page) < 100:
+                break
+
+        return interrupted_threads
+
+    def _get_first_interrupt(self, thread: Thread) -> Optional[Interrupt]:
+        interrupts = thread["interrupts"]
+        if interrupts:
+            values = list(interrupts.values())
+            if values and values[0]:
+                return values[0][0]
+        return None
+
+    def _get_hash_map_id(self, thread: Thread) -> str:
+        return f"{thread['thread_id']}:{next(iter(thread['interrupts']))}"
+
+    async def _resume_thread(self, t: WatchedThread):
+        self._emit_resume(t)
+
+        await self.lang_graph.runs.wait(t["thread_id"], t["assistant_id"], config=t["config"])
+
+        t["last_run"] = asyncio.get_event_loop().time() * 1000
+
+    async def loop(self):
+        all_threads = await self._get_all_interrupted_threads()
+
+        # Remove old interrupted threads
+        active_keys = {self._get_hash_map_id(t) for t in all_threads}
+
+        for key in list(self.map.keys()):
+            if key not in active_keys:
+                del self.map[key]
+
+        # Add new interrupted threads
+        for thread in all_threads:
+            interrupt = next(
+                (i for i in get_auth0_interrupts(thread)
+                 if AuthorizationPendingInterrupt.is_interrupt(i["value"])
+                 or AuthorizationPollingInterrupt.is_interrupt(i["value"])),
+                None
+            )
+
+            if not interrupt or not interrupt["value"].get("_request"):
+                continue
+
+            key = self._get_hash_map_id(thread)
+            if key not in self.map:
+                self.map[key] = {
+                    "thread_id": thread["thread_id"],
+                    "assistant_id": thread["metadata"].get("graph_id"),
+                    "config": getattr(thread, "config", {}),
+                    "interruption_id": next(iter(thread["interrupts"])),
+                    "auth_request": interrupt["value"]["_request"],
+                }
+
+        threads_to_resume = [
+            t for t in self.map.values()
+            if "last_run" not in t or (t["last_run"] + t["auth_request"]["interval"] * 1000 < asyncio.get_event_loop().time() * 1000)
+        ]
+
+        await asyncio.gather(*[
+            self._resume_thread(t) for t in threads_to_resume
+        ])
+
+    def start(self):
+        if self._loop_task and not self._loop_task.done():
+            return
+
+        self._stop_event.clear()
+
+        async def _run_loop():
+            while not self._stop_event.is_set():
+                try:
+                    await self.loop()
+                except Exception as e:
+                    self._emit_error(e)
+                await asyncio.sleep(5)
+
+        self._loop_task = asyncio.create_task(_run_loop())
+
+    def stop(self):
+        self._stop_event.set()
+        if self._loop_task:
+            self._loop_task.cancel()

auth0_ai_langchain/federated_connections/__init__.py

@@ -1,3 +1,7 @@
-from auth0_ai.interrupts.federated_connection_interrupt import FederatedConnectionError as FederatedConnectionError
-from auth0_ai.authorizers.federated_connection_authorizer import get_access_token_for_connection as get_access_token_for_connection
+from auth0_ai.interrupts.federated_connection_interrupt import (
+    FederatedConnectionError as FederatedConnectionError,
+    FederatedConnectionInterrupt as FederatedConnectionInterrupt
+)
+
+from auth0_ai.authorizers.federated_connection_authorizer import get_credentials_for_connection as get_credentials_for_connection
 from .federated_connection_authorizer import FederatedConnectionAuthorizer as FederatedConnectionAuthorizer

auth0_ai_langchain/federated_connections/federated_connection_authorizer.py

@@ -1,52 +1,33 @@
 import copy
 from abc import ABC
 from auth0_ai.authorizers.federated_connection_authorizer import FederatedConnectionAuthorizerBase, FederatedConnectionAuthorizerParams
-from auth0_ai.authorizers.types import AuthorizerParams
+from auth0_ai.authorizers.types import Auth0ClientParams
 from auth0_ai.interrupts.federated_connection_interrupt import FederatedConnectionInterrupt
-from langchain_core.tools import BaseTool, tool
+from auth0_ai_langchain.utils.interrupt import to_graph_interrupt
+from auth0_ai_langchain.utils.tool_wrapper import tool_wrapper
+from langchain_core.tools import BaseTool
 from langchain_core.runnables import ensure_config
-from ..utils.interrupt import to_graph_interrupt
 
-async def get_refresh_token(*_args, **_kwargs) -> str | None:
+async def default_get_refresh_token(*_, **__) -> str | None:
     return ensure_config().get("configurable", {}).get("_credentials", {}).get("refresh_token")
 
 class FederatedConnectionAuthorizer(FederatedConnectionAuthorizerBase, ABC):
     def __init__(
         self, 
-        options: FederatedConnectionAuthorizerParams,
-        config: AuthorizerParams = None,
+        params: FederatedConnectionAuthorizerParams,
+        auth0: Auth0ClientParams = None,
     ):
-        if options.refresh_token.value is None:
-            options = copy.copy(options)
-            options.refresh_token.value = get_refresh_token
+        if params.refresh_token.value is None:
+            params = copy.copy(params)
+            params.refresh_token.value = default_get_refresh_token
 
-        super().__init__(options, config)
+        super().__init__(params, auth0)
     
     def _handle_authorization_interrupts(self, err: FederatedConnectionInterrupt) -> None:
         raise to_graph_interrupt(err)
     
     def authorizer(self):
-        def wrapped_tool(t: BaseTool) -> BaseTool:
-            async def execute_fn(*_args, **kwargs):
-                return await t.ainvoke(input=kwargs)
-
-            tool_fn = self.protect(
-                lambda *_args, **_kwargs: {
-                    "thread_id": ensure_config().get("configurable", {}).get("thread_id"),
-                    "checkpoint_ns": ensure_config().get("configurable", {}).get("checkpoint_ns"),
-                    "run_id": ensure_config().get("configurable", {}).get("run_id"),
-                    "tool_call_id": ensure_config().get("configurable", {}).get("tool_call_id"), # TODO: review this
-                },
-                execute_fn
-            )
-            tool_fn.__name__ = t.name
-            
-            return tool(
-                tool_fn,
-                description=t.description,
-                return_direct=t.return_direct,
-                args_schema=t.args_schema,
-                response_format=t.response_format,
-            )
+        def wrap_tool(tool: BaseTool) -> BaseTool:
+            return tool_wrapper(tool, self.protect)
         
-        return wrapped_tool
+        return wrap_tool

auth0_ai_langchain/fga/__init__.py

@@ -0,0 +1,4 @@
+from auth0_ai.authorizers.fga_authorizer import (
+    FGAAuthorizer as FGAAuthorizer,
+    FGAAuthorizerOptions as FGAAuthorizerOptions
+)

auth0_ai_langchain/utils/interrupt.py

@@ -1,13 +1,30 @@
+from typing import List
 from auth0_ai.interrupts.auth0_interrupt import Auth0Interrupt
 from langgraph.errors import GraphInterrupt
+from langgraph.types import Interrupt
+from langgraph_sdk.schema import Thread
 
 
 def to_graph_interrupt(interrupt: Auth0Interrupt) -> GraphInterrupt:
     return GraphInterrupt([
-        {
-            "value": interrupt,
-            "when": "during",
-            "resumable": True,
-            "ns": [f"auth0AI:{interrupt.__class__.__name__}:{interrupt.code}"]
-        }
+        Interrupt(
+            value=interrupt.to_json(),
+            when="during",
+            resumable=True,
+            ns=[f"auth0AI:{interrupt.name}:{interrupt.code}"]
+        )
     ])
+
+
+def get_auth0_interrupts(thread: Thread) -> List[Interrupt]:
+    result = []
+
+    if "interrupts" not in thread:
+        return result
+
+    for interrupt_list in thread["interrupts"].values():
+        for interrupt in interrupt_list:
+            if Auth0Interrupt.is_interrupt(interrupt["value"]):
+                result.append(interrupt)
+
+    return result

auth0_ai_langchain/utils/tool_wrapper.py

@@ -0,0 +1,34 @@
+from typing import Callable
+from typing_extensions import Annotated
+from pydantic import create_model
+from langchain_core.tools import BaseTool, tool as create_tool, InjectedToolCallId
+from langchain_core.runnables import RunnableConfig
+
+def tool_wrapper(tool: BaseTool, protect_fn: Callable) -> BaseTool:
+
+    # Workaround: extend existing args_schema to be able to get the tool_call_id value
+    args_schema = create_model(
+        tool.args_schema.__name__ + "Extended",
+        __base__=tool.args_schema,
+        **{"tool_call_id": (Annotated[str, InjectedToolCallId])}
+    )
+
+    @create_tool(
+        tool.name,
+        description=tool.description,
+        args_schema=args_schema
+    )
+    async def wrapped_tool(config: RunnableConfig, tool_call_id: Annotated[str, InjectedToolCallId], **input):
+        async def execute_fn(*_, **__):
+            return await tool.ainvoke(input, config)
+
+        return await protect_fn(
+            lambda *_, **__: {
+                "thread_id": config.get("configurable", {}).get("thread_id"),
+                "tool_call_id": tool_call_id,
+                "tool_name": tool.name,
+            },
+            execute_fn,
+        )(**input)
+
+    return wrapped_tool

{auth0_ai_langchain-0.1.2.dist-info → auth0_ai_langchain-1.0.0b1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: auth0-ai-langchain
-Version: 0.1.2
+Version: 1.0.0b1
 Summary: This package is an SDK for building secure AI-powered applications using Auth0, Okta FGA and LangChain.
 License: Apache-2.0
 Author: Auth0
@@ -11,12 +11,12 @@ Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
-Requires-Dist: auth0-ai (>=0.1.1,<0.2.0)
-Requires-Dist: langchain (>=0.3.20,<0.4.0)
-Requires-Dist: langchain-core (>=0.3.43,<0.4.0)
-Requires-Dist: langgraph (>=0.3.25,<0.4.0)
-Requires-Dist: langgraph-sdk (>=0.1.55,<0.2.0)
-Requires-Dist: openfga-sdk (>=0.9.0,<0.10.0)
+Requires-Dist: auth0-ai (>=1.0.0b1,<2.0.0)
+Requires-Dist: langchain (>=0.3.25,<0.4.0)
+Requires-Dist: langchain-core (>=0.3.59,<0.4.0)
+Requires-Dist: langgraph (>=0.4.3,<0.5.0)
+Requires-Dist: langgraph-sdk (>=0.1.66,<0.2.0)
+Requires-Dist: openfga-sdk (>=0.9.4,<0.10.0)
 Project-URL: Homepage, https://auth0.com
 Description-Content-Type: text/markdown
 
@@ -28,13 +28,58 @@ Description-Content-Type: text/markdown
 
 ## Installation
 
-> [!WARNING]
-> `auth0-ai-langchain` is currently under development and it is not intended to be used in production, and therefore has no official support.
+> ⚠️ **WARNING**: `auth0-ai-langchain` is currently under development and it is not intended to be used in production, and therefore has no official support.
 
 ```bash
 pip install auth0-ai-langchain
 ```
 
+## Async User Confirmation
+
+`Auth0AI` uses CIBA (Client-Initiated Backchannel Authentication) to handle user confirmation asynchronously. This is useful when you need to confirm a user action before proceeding with a tool execution.
+
+Full Example of [Async User Confirmation](https://github.com/auth0-lab/auth0-ai-python/tree/main/examples/async-user-confirmation/langchain-examples).
+
+1. Define a tool with the proper authorizer specifying a function to resolve the user id:
+
+```python
+from auth0_ai_langchain.auth0_ai import Auth0AI
+from auth0_ai_langchain.ciba import get_ciba_credentials
+from langchain_core.runnables import ensure_config
+from langchain_core.tools import StructuredTool
+
+# If not provided, Auth0 settings will be read from env variables: `AUTH0_DOMAIN`, `AUTH0_CLIENT_ID`, and `AUTH0_CLIENT_SECRET`
+auth0_ai = Auth0AI()
+
+with_async_user_confirmation = auth0_ai.with_async_user_confirmation(
+    scope="stock:trade",
+    audience=os.getenv("AUDIENCE"),
+    binding_message=lambda ticker, qty: f"Authorize the purchase of {qty} {ticker}",
+    user_id=lambda *_, **__: ensure_config().get("configurable", {}).get("user_id"),
+    # Optional:
+    # store=InMemoryStore()
+)
+
+def tool_function(ticker: str, qty: int) -> str:
+    credentials = get_ciba_credentials()
+    headers = {
+        "Authorization": f"{credentials["token_type"]} {credentials["access_token"]}",
+        # ...
+    }
+    # Call API
+
+trade_tool = with_async_user_confirmation(
+    StructuredTool(
+        name="trade_tool",
+        description="Use this function to trade a stock",
+        func=trade_tool_function,
+        # ...
+    )
+)
+```
+
+2. Handle interruptions properly. For example, if user is not enrolled to MFA, it will throw an interruption. See [Handling Interrupts](#handling-interrupts) section.
+
 ## Authorization for Tools
 
 The `FGAAuthorizer` can leverage Okta FGA to authorize tools executions. The `FGAAuthorizer.create` function can be used to create an authorizer that checks permissions before executing the tool.
@@ -44,19 +89,12 @@ Full example of [Authorization for Tools](https://github.com/auth0-lab/auth0-ai-
 1. Create an instance of FGA Authorizer:
 
 ```python
-from auth0_ai_langchain.fga.fga_authorizer import FGAAuthorizer, FGAAuthorizerOptions
+from auth0_ai_langchain.fga import FGAAuthorizer
 
+# If not provided, FGA settings will be read from env variables: `FGA_STORE_ID`, `FGA_CLIENT_ID`, `FGA_CLIENT_SECRET`, etc.
 fga = FGAAuthorizer.create()
 ```
 
-**Note**: Here, you can configure and specify your FGA credentials. By `default`, they are read from environment variables:
-
-```sh
-FGA_STORE_ID="<fga-store-id>"
-FGA_CLIENT_ID="<fga-client-id>"
-FGA_CLIENT_SECRET="<fga-client-secret>"
-```
-
 2. Define the FGA query (`build_query`) and, optionally, the `on_unauthorized` handler:
 
 ```python
@@ -74,10 +112,10 @@ async def build_fga_query(tool_input):
 def on_unauthorized(tool_input):
     return f"The user is not allowed to buy {tool_input["qty"]} shares of {tool_input["ticker"]}."
 
-use_fga = fga(FGAAuthorizerOptions(
+use_fga = fga(
     build_query=build_fga_query,
     on_unauthorized=on_unauthorized,
-))
+)
 ```
 
 **Note**: The parameters given to the `build_query` and `on_unauthorized` functions are the same as those provided to the tool function.
@@ -103,7 +141,7 @@ buy_tool = StructuredTool(
 
 ## Calling APIs On User's Behalf
 
-The `Auth0AI.with_federated_connection` function exchanges user's refresh token taken from the runnable configuration (`config.configurable._credentials.refresh_token`) for a Federated Connection API token.
+The `Auth0AI.with_federated_connection` function exchanges user's refresh token taken, by default, from the runnable configuration (`config.configurable._credentials.refresh_token`) for a Federated Connection API token.
 
 Full Example of [Calling APIs On User's Behalf](https://github.com/auth0-lab/auth0-ai-python/tree/main/examples/calling-apis/langchain-examples).
 
@@ -111,19 +149,23 @@ Full Example of [Calling APIs On User's Behalf](https://github.com/auth0-lab/aut
 
 ```python
 from auth0_ai_langchain.auth0_ai import Auth0AI
-from auth0_ai_langchain.federated_connections import get_access_token_for_connection
+from auth0_ai_langchain.federated_connections import get_credentials_for_connection
 from langchain_core.tools import StructuredTool
 
+# If not provided, Auth0 settings will be read from env variables: `AUTH0_DOMAIN`, `AUTH0_CLIENT_ID`, and `AUTH0_CLIENT_SECRET`
 auth0_ai = Auth0AI()
 
 with_google_calendar_access = auth0_ai.with_federated_connection(
     connection="google-oauth2",
-    scopes=["https://www.googleapis.com/auth/calendar.freebusy"]
+    scopes=["https://www.googleapis.com/auth/calendar.freebusy"],
+    # Optional:
+    # refresh_token=lambda *_, **__: ensure_config().get("configurable", {}).get("_credentials", {}).get("refresh_token"),
+    # store=InMemoryStore(),
 )
 
 def tool_function(date: datetime):
-    access_token = get_access_token_for_connection()
-    # Call Google API
+    credentials = get_credentials_for_connection()
+    # Call Google API using credentials["access_token"]
 
 check_calendar_tool = with_google_calendar_access(
     StructuredTool(
@@ -155,7 +197,7 @@ workflow = (
 )
 ```
 
-3. Handle interruptions properly. If the tool does not have access to user's Google Calendar, it will throw an interruption.
+3. Handle interruptions properly. For example, if the tool does not have access to user's Google Calendar, it will throw an interruption. See [Handling Interrupts](#handling-interrupts) section.
 
 ## RAG with FGA
 
@@ -185,7 +227,8 @@ vector_store = VectorStoreIndex.from_documents(documents)
 # Create a retriever:
 base_retriever = vector_store.as_retriever()
 
-# Create the FGA retriever wrapper:
+# Create the FGA retriever wrapper.
+# If not provided, FGA settings will be read from env variables: `FGA_STORE_ID`, `FGA_CLIENT_ID`, `FGA_CLIENT_SECRET`, etc.
 retriever = FGARetriever(
     base_retriever,
     build_query=lambda node: ClientCheckRequest(
@@ -207,6 +250,63 @@ response = query_engine.query("What is the forecast for ZEKO?")
 print(response)
 ```
 
+## Handling Interrupts
+
+`Auth0AI` uses interrupts extensively and will never block a graph. Whenever an authorizer requires user interaction, the graph throws a `GraphInterrupt` exception with data that allows the client to resume the flow.
+
+It is important to disable error handling in your tools node as follows:
+
+```python
+    .add_node(
+        "tools",
+        ToolNode(
+            [
+                # your authorizer-wrapped tools
+            ],
+            # Error handler should be disabled in order to trigger interruptions from within tools.
+            handle_tool_errors=False
+        )
+    )
+```
+
+From the client side of the graph you get the interrupts:
+
+```python
+from auth0_ai_langchain.utils.interrupt import get_auth0_interrupts
+
+# Get the langgraph thread:
+thread = await client.threads.get(thread_id)
+
+# Filter the auth0 interrupts:
+auth0_interrupts = get_auth0_interrupts(thread)
+```
+
+Then you can resume the thread by doing this:
+
+```python
+await client.runs.wait(thread_id, assistant_id)
+```
+
+For the specific case of **CIBA (Client-Initiated Backchannel Authorization)** you might attach a `GraphResumer` instance that watches for interrupted threads in the `"Authorization Pending"` state and attempts to resume them automatically, respecting Auth0's polling interval.
+
+```python
+import os
+from auth0_ai_langchain.ciba import GraphResumer
+from langgraph_sdk import get_client
+
+resumer = GraphResumer(
+    lang_graph=get_client(url=os.getenv("LANGGRAPH_API_URL")),
+    # optionally, you can filter by a specific graph:
+    filters={"graph_id": "conditional-trade"},
+)
+
+resumer \
+    .on_resume(lambda thread: print(f"Attempting to resume thread {thread['thread_id']} from interruption {thread['interruption_id']}")) \
+    .on_error(lambda err: print(f"Error in GraphResumer: {str(err)}"))
+
+resumer.start()
+```
+
 ---
 
 <p align="center">

auth0_ai_langchain-1.0.0b1.dist-info/RECORD

@@ -0,0 +1,15 @@
+auth0_ai_langchain/FGARetriever.py,sha256=SQwxo2aDtQhwQtYmszoKw3BH-U5QVnvPAgVw9EDzKVM,6002
+auth0_ai_langchain/__init__.py,sha256=I331Kz-q97ZU7TfXaOR5UBbJamGEJ15twbf2HP1iCHs,67
+auth0_ai_langchain/auth0_ai.py,sha256=J3fxYNZf0KMK2w085dCdGfCRyafQGWPAI19edcYpQi8,4732
+auth0_ai_langchain/ciba/__init__.py,sha256=X62HZB20XdhsgcaKld6rLm2BOSuiO5uU5v7ePQz27Mk,268
+auth0_ai_langchain/ciba/ciba_authorizer.py,sha256=GRAB3NBnmoxAECrRjPNdA9N9uQ4pCEzP6dF8RUwlysM,766
+auth0_ai_langchain/ciba/graph_resumer.py,sha256=EpdzzB_NccdggKA3x__Q3Yziejo7AJjR4aJ57TZmYPA,5474
+auth0_ai_langchain/federated_connections/__init__.py,sha256=kGpPN9ntsyvE-2m_lcdCVvPevadyILCk3NiAm4TN0QA,429
+auth0_ai_langchain/federated_connections/federated_connection_authorizer.py,sha256=o25oRGiTo9y5mpjDNEWWaFVAIFbhwaxC0pcRId-4oYE,1405
+auth0_ai_langchain/fga/__init__.py,sha256=rgqTD4Gvz28jNdqhxTG5udbgyeUMsyvRj83fHBJdt4s,137
+auth0_ai_langchain/utils/interrupt.py,sha256=DZ1b9OAkg3SQru9mSaQGBC6UY0ODz7QSskS9RlVyEGw,860
+auth0_ai_langchain/utils/tool_wrapper.py,sha256=dHjcqykT2aohdFOm0mLZ9U6bXB6NHjfABb3aXef5174,1210
+auth0_ai_langchain-1.0.0b1.dist-info/LICENSE,sha256=Lu_2YH0oK8b_VVisAhNQ2WIdtwY8pSU2PLbll-y6Cj8,9792
+auth0_ai_langchain-1.0.0b1.dist-info/METADATA,sha256=lyc_GI9ymhgIrQh2wM2fv-lYF_uWT9VXFanst8HowEs,11790
+auth0_ai_langchain-1.0.0b1.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
+auth0_ai_langchain-1.0.0b1.dist-info/RECORD,,

auth0_ai_langchain/ciba/ciba_graph/ciba_graph.py

@@ -1,109 +0,0 @@
-from typing import Awaitable, Hashable, List, Optional, Callable, Any, Union
-from langchain_core.tools import StructuredTool
-from langchain_core.tools.base import BaseTool
-from langgraph.graph import StateGraph, END, START
-from langchain_core.runnables import Runnable
-from auth0_ai.authorizers.types import AuthorizerParams
-from ..types import Auth0Nodes
-from .initialize_ciba import initialize_ciba
-from .initialize_hitl import initialize_hitl
-from .types import CIBAGraphOptions, CIBAOptions, ProtectedTool, BaseState
-
-class CIBAGraph():
-    def __init__(
-        self,
-        options: Optional[CIBAGraphOptions] = None,
-        authorizer_params: Optional[AuthorizerParams] = None,
-    ):
-        self.options = options
-        self.authorizer_params = authorizer_params
-        self.tools: List[ProtectedTool] = []
-        self.graph: Optional[StateGraph] = None
-
-    def get_tools(self) -> List[ProtectedTool]:
-        return self.tools
-
-    def get_graph(self) -> Optional[StateGraph]:
-        return self.graph
-
-    def get_options(self) -> Optional[CIBAGraphOptions]:
-        return self.options
-
-    def get_authorizer_params(self) -> Optional[AuthorizerParams]:
-        return self.authorizer_params
-
-    def register_nodes(
-        self,
-        graph: StateGraph,
-    ) -> StateGraph:
-        self.graph = graph
-
-        # Add CIBA HITL and CIBA nodes
-        self.graph.add_node(Auth0Nodes.AUTH0_CIBA_HITL.value, initialize_hitl(self))
-        self.graph.add_node(Auth0Nodes.AUTH0_CIBA.value, initialize_ciba(self))
-        self.graph.add_conditional_edges(
-            Auth0Nodes.AUTH0_CIBA.value,
-            lambda state: END if getattr(state, "auth0", {}).get("error") else Auth0Nodes.AUTH0_CIBA_HITL.value,
-        )
-
-        return graph
-
-    def protect_tool(
-        self,
-        tool: Union[BaseTool, Callable],
-        options: CIBAOptions,
-    ) -> StructuredTool:
-        """
-        Authorize Options to start CIBA flow.
-
-        Attributes:
-            tool (Union[BaseTool, Callable]): The tool to be protected.
-            options (CIBAOptions): The CIBA options.
-        """
-
-        # Merge default options with tool-specific options
-        merged_options = {**self.options, **options.__dict__} if isinstance(self.options, dict) else {**vars(self.options), **vars(options)}
-
-        if merged_options["on_approve_go_to"] is None:
-            raise ValueError(f"[{tool.name}] on_approve_go_to is required")
-
-        if merged_options["on_reject_go_to"] is None:
-            raise ValueError(f"[{tool.name}] on_reject_go_to is required")
-
-        self.tools.append(ProtectedTool(tool_name=tool.name, options=merged_options))
-
-        return tool
-
-    def with_auth(self, path: Union[
-            Callable[..., Union[Hashable, list[Hashable]]],
-            Callable[..., Awaitable[Union[Hashable, list[Hashable]]]],
-            Runnable[Any, Union[Hashable, list[Hashable]]],
-        ]):
-        """
-        A wrapper for the callable that determines the next node or nodes using a protected tool.
-
-        Attributes:
-            path (Union[Callable[..., Union[Hashable, list[Hashable]]], Callable[..., Awaitable[Union[Hashable, list[Hashable]]]], Runnable[Any, Union[Hashable, list[Hashable]]]])): The callable that determines the next node or nodes using a protected tool.
-        """
-        def wrapper(*args):
-            if not callable(path):
-                return START
-
-            state: BaseState = args[0]
-            messages = state.get("messages")
-            last_message = messages[-1] if messages else None
-
-            # Call default path if there are no tool calls
-            if not last_message or not hasattr(last_message, "tool_calls") or not last_message.tool_calls:
-                return path(*args)
-            
-            tool_name = last_message.tool_calls[0]["name"]
-            tool = next((t for t in self.tools if t.tool_name == tool_name), None)
-            
-            if tool:
-                return Auth0Nodes.AUTH0_CIBA.value
-
-            # Call default path if tool is not protected
-            return path(*args)
-
-        return wrapper

auth0_ai_langchain/ciba/ciba_graph/initialize_ciba.py

@@ -1,91 +0,0 @@
-import os
-from langgraph.types import Command
-from langgraph_sdk import get_client
-from langchain_core.runnables.config import RunnableConfig
-from auth0_ai.authorizers.ciba_authorizer import CIBAAuthorizer
-from ..types import Auth0Graphs, Auth0Nodes
-from .types import ICIBAGraph, BaseState
-from .utils import get_tool_definition
-
-def initialize_ciba(ciba_graph: ICIBAGraph):
-    async def handler(state: BaseState, config: RunnableConfig):
-        try:
-            ciba_params = ciba_graph.get_options()
-            tools = ciba_graph.get_tools()
-            tool_definition = get_tool_definition(state, tools)
-
-            if not tool_definition:
-                return Command(resume=True)
-
-            graph = ciba_graph.get_graph()
-            metadata, tool = tool_definition["metadata"], tool_definition["tool"]
-            ciba_options = metadata.options
-
-            langgraph = get_client(url=os.getenv("LANGGRAPH_API_URL", "http://localhost:54367"))
-
-            # Check if CIBA Poller Graph exists
-            search_result = await langgraph.assistants.search(graph_id=Auth0Graphs.CIBA_POLLER.value)
-            if not search_result:
-                raise ValueError(
-                    f"[{Auth0Nodes.AUTH0_CIBA}] \"{Auth0Graphs.CIBA_POLLER}\" does not exist. Make sure to register the graph in your \"langgraph.json\"."
-                )
-
-            if ciba_options["on_approve_go_to"] not in graph.nodes:
-                raise ValueError(f"[{Auth0Nodes.AUTH0_CIBA}] \"{ciba_options["on_approve_go_to"]}\" is not a valid node.")
-
-            if ciba_options["on_reject_go_to"] not in graph.nodes:
-                raise ValueError(f"[{Auth0Nodes.AUTH0_CIBA}] \"{ciba_options["on_reject_go_to"]}\" is not a valid node.")
-
-            scheduler = ciba_params.config["scheduler"]
-            on_resume_invoke = ciba_params.config["on_resume_invoke"]
-            audience = ciba_params.audience
-
-            if not scheduler:
-                raise ValueError(f"[{Auth0Nodes.AUTH0_CIBA}] \"scheduler\" must be a \"function\" or a \"string\".")
-
-            if not on_resume_invoke:
-                raise ValueError(f"[{Auth0Nodes.AUTH0_CIBA}] \"on_resume_invoke\" must be defined.")
-
-            user_id = config.get("configurable", {}).get("user_id")
-            thread_id = config.get("metadata", {}).get("thread_id")
-
-            ciba_response = await CIBAAuthorizer.start(
-                {
-                    "user_id": user_id,
-                    "scope": ciba_options["scope"] or "openid",
-                    "audience": audience,
-                    "binding_message": ciba_options["binding_message"],
-                },
-                ciba_graph.get_authorizer_params(),
-                tool["args"],
-            )
-
-            scheduler_params = {
-                "tool_id": tool["id"],
-                "user_id": user_id,
-                "ciba_graph_id": Auth0Graphs.CIBA_POLLER.value,
-                "thread_id": thread_id,
-                "ciba_response": ciba_response,
-                "on_resume_invoke": on_resume_invoke,
-            }
-
-            if callable(scheduler):
-                # Use Custom Scheduler
-                await scheduler(scheduler_params)
-            elif isinstance(scheduler, str):
-                # Use Langgraph SDK to schedule the task
-                await langgraph.crons.create_for_thread(
-                    thread_id,
-                    scheduler_params["ciba_graph_id"],
-                    schedule="*/1 * * * *", # Default to every minute
-                    input=scheduler_params,
-                )
-
-            print("CIBA Task Scheduled")
-        except Exception as e:
-            print(e)
-            state["auth0"] = {"error": str(e)}
-
-        return state
-
-    return handler

auth0_ai_langchain/ciba/ciba_graph/initialize_hitl.py

@@ -1,50 +0,0 @@
-from typing import Awaitable, Callable
-from langchain_core.messages import ToolMessage, AIMessage, ToolCall
-from langgraph.types import interrupt, Command
-from .types import ICIBAGraph, BaseState
-from .utils import get_tool_definition
-from auth0_ai.authorizers.ciba_authorizer import CibaAuthorizerCheckResponse
-
-def initialize_hitl(ciba_graph: ICIBAGraph) -> Callable[[BaseState], Awaitable[Command]]:
-    async def handler(state: BaseState) -> Command:
-        tools = ciba_graph.get_tools()
-        tool_definition = get_tool_definition(state, tools)
-
-        # if no tool calls, resume
-        if not tool_definition:
-            return Command(resume=True)
-
-        # wait for user approval
-        human_review = interrupt("A push notification has been sent to your device.")
-
-        metadata, tool, message = tool_definition["metadata"], tool_definition["tool"], tool_definition["message"]
-
-        if human_review["status"] == CibaAuthorizerCheckResponse.APPROVED.value:
-            updated_message = AIMessage(
-                id=message.id,
-                content="The user has approved the transaction",
-                tool_calls=[
-                    ToolCall(
-                        name=tool["name"],
-                        args=tool["args"],
-                        id=tool["id"],
-                    )
-                ],
-            )
-
-            return Command(
-                goto=metadata.options["on_approve_go_to"],
-                update={"messages": [updated_message]},
-            )
-        else:
-            tool_message = ToolMessage(
-                name=tool["name"],
-                content="The user has rejected the transaction.",
-                tool_call_id=tool["id"],
-            )
-            return Command(
-                goto=metadata.options["on_reject_go_to"],
-                update={"messages": [tool_message]},
-            )
-    
-    return handler

auth0_ai_langchain/ciba/ciba_graph/types.py

@@ -1,115 +0,0 @@
-from typing import Optional, List, Callable, Union, Awaitable, TypedDict
-from abc import ABC, abstractmethod
-from langgraph.graph import StateGraph
-from langchain_core.messages import AIMessage, ToolMessage
-from auth0_ai.authorizers.types import AuthorizerParams
-from auth0_ai.authorizers.ciba_authorizer import AuthorizeResponse
-
-class Auth0State(TypedDict):
-    error: str
-
-class BaseState(TypedDict):
-    task_id: str
-    messages: List[Union[AIMessage, ToolMessage]]
-    auth0: Optional[Auth0State] = None
-
-class SchedulerParams:
-    def __init__(
-        self,
-        user_id: str,
-        thread_id: str,
-        ciba_graph_id: str,
-        ciba_response: AuthorizeResponse,
-        tool_id: Optional[str] = None,
-        on_resume_invoke: str = "",
-    ):
-        self.user_id = user_id
-        self.thread_id = thread_id
-        self.tool_id = tool_id
-        self.on_resume_invoke = on_resume_invoke
-        self.ciba_graph_id = ciba_graph_id
-        self.ciba_response = ciba_response
-
-class CIBAOptions():
-    """
-    The CIBA options.
-
-    Attributes:
-        binding_message (Union[str, Callable[..., Awaitable[str]]]): A human-readable string to display to the user, or a function that resolves it.
-        scope (Optional[str]): Space-separated list of OIDC and custom API scopes.
-        on_approve_go_to (Optional[str]): A node name to redirect the flow after user approval.
-        on_reject_go_to (Optional[str]): A node name to redirect the flow after user rejection.
-        audience (Optional[str]): Unique identifier of the audience for an issued token.
-        request_expiry (Optional[int]): To configure a custom expiry time in seconds for CIBA request, pass a number between 1 and 300.
-    """
-    def __init__(
-        self,
-        binding_message: Union[str, Callable[..., Awaitable[str]]],
-        scope: Optional[str] = None,
-        on_approve_go_to: Optional[str] = None,
-        on_reject_go_to: Optional[str] = None,
-        audience: Optional[str] = None,
-        request_expiry: Optional[int] = None,
-    ):
-        self.binding_message = binding_message
-        self.scope = scope
-        self.on_approve_go_to = on_approve_go_to
-        self.on_reject_go_to = on_reject_go_to
-        self.audience = audience
-        self.request_expiry = request_expiry
-
-class ProtectedTool():
-    def __init__(self, tool_name: str, options: CIBAOptions):
-        self.tool_name = tool_name
-        self.options = options
-
-class CIBAGraphOptionsConfig:
-    def __init__(self, on_resume_invoke: str, scheduler: Union[str, Callable[[SchedulerParams], Awaitable[None]]]):
-        self.on_resume_invoke = on_resume_invoke
-        self.scheduler = scheduler
-
-class CIBAGraphOptions():
-    """
-    The base CIBA options.
-
-    Attributes:
-        config (CIBAGraphOptionsConfig): Configuration options.
-        scope (Optional[str]): Space-separated list of OIDC and custom API scopes.
-        on_approve_go_to (Optional[str]): A node name to redirect the flow after user approval.
-        on_reject_go_to (Optional[str]): A node name to redirect the flow after user rejection.
-        audience (Optional[str]): Unique identifier of the audience for an issued token.
-        request_expiry (Optional[int]): To configure a custom expiry time in seconds for CIBA request, pass a number between 1 and 300.
-    """
-    def __init__(
-        self,
-        config: CIBAGraphOptionsConfig,
-        scope: Optional[str] = None,
-        on_approve_go_to: Optional[str] = None,
-        on_reject_go_to: Optional[str] = None,
-        audience: Optional[str] = None,
-        request_expiry: Optional[int] = None,
-        
-    ):
-        self.config = config
-        self.scope = scope
-        self.on_approve_go_to = on_approve_go_to
-        self.on_reject_go_to = on_reject_go_to
-        self.audience = audience
-        self.request_expiry = request_expiry
-
-class ICIBAGraph(ABC):
-    @abstractmethod
-    def get_tools(self) -> List[ProtectedTool]:
-        pass
-
-    @abstractmethod
-    def get_graph(self) -> StateGraph:
-        pass
-
-    @abstractmethod
-    def get_authorizer_params(self) -> Optional[AuthorizerParams]:
-        pass
-
-    @abstractmethod
-    def get_options(self) -> Optional[CIBAGraphOptions]:
-        pass

auth0_ai_langchain/ciba/ciba_graph/utils.py

@@ -1,17 +0,0 @@
-from typing import Optional, List
-from .types import ProtectedTool, BaseState
-
-def get_tool_definition(state: BaseState, tools: List[ProtectedTool]) -> Optional[dict]:
-    message = state["messages"][-1]
-    
-    if not hasattr(message, "tool_calls") or not message.tool_calls:
-        return None
-    
-    tool_calls = message.tool_calls
-    tool = tool_calls[-1]
-    metadata = next((t for t in tools if t.tool_name == tool["name"]), None)
-    
-    if not metadata:
-        return None
-    
-    return {"metadata": metadata, "tool": tool, "message": message}

auth0_ai_langchain/ciba/ciba_poller_graph.py

@@ -1,105 +0,0 @@
-import os
-from typing import Awaitable, Callable, Optional, TypedDict, Union
-
-from auth0_ai.authorizers.ciba_authorizer import (
-    AuthorizeResponse,
-    CIBAAuthorizer,
-    CibaAuthorizerCheckResponse,
-)
-from auth0_ai.credentials import Credentials
-from auth0_ai.token_response import TokenResponse
-from langgraph.graph import END, START, StateGraph
-from langgraph_sdk import get_client
-from langgraph_sdk.schema import Command
-
-from auth0_ai_langchain.ciba.types import Auth0Graphs
-
-
-class State(TypedDict):
-    ciba_response: AuthorizeResponse
-    on_resume_invoke: str
-    thread_id: str
-    user_id: str
-
-    # Internal
-    task_id: str
-    tool_id: str
-    status: CibaAuthorizerCheckResponse
-    token_response: Optional[TokenResponse]
-
-
-def ciba_poller_graph(on_stop_scheduler: Union[str, Callable[[State], Awaitable[None]]]):
-    """
-    A LangGraph graph to monitor the status of a CIBA transaction.
-
-    Attributes:
-        on_stop_scheduler (Union[str, Callable[[State], Awaitable[None]]]): A graph name to redirect the flow, or a function to execute when the CIBA transaction expires.
-    """
-    async def check_status(state: State):
-        try:
-            res = await CIBAAuthorizer.check(state["ciba_response"]["auth_req_id"])
-            state["token_response"] = res.get("token")
-            state["status"] = res.get("status")
-        except Exception as e:
-            print(f"Error in check_status: {e}")
-        return state
-
-    async def stop_scheduler(state: State):
-        try:
-            if isinstance(on_stop_scheduler, str):
-                langgraph = get_client(url=os.getenv(
-                    "LANGGRAPH_API_URL", "http://localhost:54367"))
-                await langgraph.crons.create_for_thread(state.thread_id, Auth0Graphs.CIBA_POLLER.value)
-            elif callable(on_stop_scheduler):
-                await on_stop_scheduler(state)
-        except Exception as e:
-            print(f"Error in stop_scheduler: {e}")
-        return state
-
-    async def resume_agent(state: State):
-        langgraph = get_client(url=os.getenv(
-            "LANGGRAPH_API_URL", "http://localhost:54367"))
-        _credentials: Credentials = None
-
-        try:
-            if state["status"] == CibaAuthorizerCheckResponse.APPROVED:
-                _credentials = {
-                    "access_token": {
-                        "type": state["token_response"].get("token_type", "Bearer"),
-                        "value": state["token_response"].get("access_token"),
-                    }
-                }
-
-            await langgraph.runs.wait(
-                state["thread_id"],
-                state["on_resume_invoke"],
-                config={
-                    # this is only for this run / thread_id
-                    "configurable": {"_credentials": _credentials}
-                },
-                command=Command(resume={"status": state["status"]})
-            )
-        except Exception as e:
-            print(f"Error in resume_agent: {e}")
-
-        return state
-
-    async def should_continue(state: State):
-        status = state.get("status")
-        if status == CibaAuthorizerCheckResponse.PENDING:
-            return END
-        elif status == CibaAuthorizerCheckResponse.EXPIRED:
-            return "stop_scheduler"
-        elif status in [CibaAuthorizerCheckResponse.APPROVED, CibaAuthorizerCheckResponse.REJECTED]:
-            return "resume_agent"
-        return END
-
-    state_graph = StateGraph(State)
-    state_graph.add_node("check_status", check_status)
-    state_graph.add_node("stop_scheduler", stop_scheduler)
-    state_graph.add_node("resume_agent", resume_agent)
-    state_graph.add_edge(START, "check_status")
-    state_graph.add_edge("resume_agent", "stop_scheduler")
-    state_graph.add_conditional_edges("check_status", should_continue)
-
-    return state_graph

auth0_ai_langchain/ciba/types.py

@@ -1,8 +0,0 @@
-from enum import Enum
-
-class Auth0Nodes(Enum):
-  AUTH0_CIBA_HITL = "AUTH0_CIBA_HITL"
-  AUTH0_CIBA = "AUTH0_CIBA"
-
-class Auth0Graphs(Enum):
-    CIBA_POLLER = "AUTH0_CIBA_POLLER"

auth0_ai_langchain/fga/fga_authorizer.py

@@ -1,3 +0,0 @@
-from auth0_ai.authorizers.fga_authorizer import FGAAuthorizer, FGAAuthorizerOptions
-
-__all__ = ["FGAAuthorizer", "FGAAuthorizerOptions"]

auth0_ai_langchain-0.1.2.dist-info/RECORD

@@ -1,19 +0,0 @@
-auth0_ai_langchain/FGARetriever.py,sha256=6nQXRkbDLHZt9zYZJsS5iQljrogQVLW0aVwDIf6Mpac,6002
-auth0_ai_langchain/__init__.py,sha256=I331Kz-q97ZU7TfXaOR5UBbJamGEJ15twbf2HP1iCHs,67
-auth0_ai_langchain/auth0_ai.py,sha256=8NUV_80SxR8qQt_3RQGf0Oga178kChuROHuhz7rfOyU,1919
-auth0_ai_langchain/ciba/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-auth0_ai_langchain/ciba/ciba_graph/ciba_graph.py,sha256=Wi7qXSMzvcfqdO8WsUJejmQzOVM469TFJCkH7eRlaR8,4115
-auth0_ai_langchain/ciba/ciba_graph/initialize_ciba.py,sha256=a41KedBzxfLqG2AhvkFnemcEqWwQWVh1r-Oro-qJX-M,3752
-auth0_ai_langchain/ciba/ciba_graph/initialize_hitl.py,sha256=CR3jMolZYYOBHx1AXb6yERBaZThMg677qGGo_vRy6I8,1901
-auth0_ai_langchain/ciba/ciba_graph/types.py,sha256=NZS99vPOgJRc2O7mO5MWj6nAa4RSG1R5oSvzYhkz0RA,4234
-auth0_ai_langchain/ciba/ciba_graph/utils.py,sha256=ZPAh0Gs7Hj59_xngg8M7yx1v52dTn2pNpMNRpFKCSII,560
-auth0_ai_langchain/ciba/ciba_poller_graph.py,sha256=rjlxsTheJrN2J6E5BCE9aVyDO8V7UFhdKyX4KT_hB8k,3828
-auth0_ai_langchain/ciba/types.py,sha256=gybqYEprklZwcMBgaWFooBsJ1GcNUK8ZWRvAX5PZWdE,177
-auth0_ai_langchain/federated_connections/__init__.py,sha256=OJCWTnxYuaWjn8FyFGjCAF7m5Y4Eigkzx7a59atFFFg,356
-auth0_ai_langchain/federated_connections/federated_connection_authorizer.py,sha256=ZLF4p7fPTrODOeHWIShfBTsReSy27u73rIp0L_Umhjg,2218
-auth0_ai_langchain/fga/fga_authorizer.py,sha256=uDaGDSXaxQd1X-2w2zTvnfizMB-DtQ-1G6SIaDNBrho,137
-auth0_ai_langchain/utils/interrupt.py,sha256=JoYJkigDEAPRHZtjo6gw6k3439E4i1O7F4_0ExkL_RE,405
-auth0_ai_langchain-0.1.2.dist-info/LICENSE,sha256=Lu_2YH0oK8b_VVisAhNQ2WIdtwY8pSU2PLbll-y6Cj8,9792
-auth0_ai_langchain-0.1.2.dist-info/METADATA,sha256=synK995x8fRtUFH2yR0oyh5vwGzZTEdC2zUJygtzAwQ,7786
-auth0_ai_langchain-0.1.2.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
-auth0_ai_langchain-0.1.2.dist-info/RECORD,,