auth0-ai-langchain 0.2.0__py3-none-any.whl → 1.0.0b2__py3-none-any.whl

auth0_ai_langchain/ciba/ciba_graph/types.py

@@ -1,115 +0,0 @@
-from typing import Optional, List, Callable, Union, Awaitable, TypedDict
-from abc import ABC, abstractmethod
-from langgraph.graph import StateGraph
-from langchain_core.messages import AIMessage, ToolMessage
-from auth0_ai.authorizers.types import AuthorizerParams
-from auth0_ai.authorizers.ciba_authorizer import AuthorizeResponse
-
-class Auth0State(TypedDict):
-    error: str
-
-class BaseState(TypedDict):
-    task_id: str
-    messages: List[Union[AIMessage, ToolMessage]]
-    auth0: Optional[Auth0State] = None
-
-class SchedulerParams:
-    def __init__(
-        self,
-        user_id: str,
-        thread_id: str,
-        ciba_graph_id: str,
-        ciba_response: AuthorizeResponse,
-        tool_id: Optional[str] = None,
-        on_resume_invoke: str = "",
-    ):
-        self.user_id = user_id
-        self.thread_id = thread_id
-        self.tool_id = tool_id
-        self.on_resume_invoke = on_resume_invoke
-        self.ciba_graph_id = ciba_graph_id
-        self.ciba_response = ciba_response
-
-class CIBAOptions():
-    """
-    The CIBA options.
-
-    Attributes:
-        binding_message (Union[str, Callable[..., Awaitable[str]]]): A human-readable string to display to the user, or a function that resolves it.
-        scope (Optional[str]): Space-separated list of OIDC and custom API scopes.
-        on_approve_go_to (Optional[str]): A node name to redirect the flow after user approval.
-        on_reject_go_to (Optional[str]): A node name to redirect the flow after user rejection.
-        audience (Optional[str]): Unique identifier of the audience for an issued token.
-        request_expiry (Optional[int]): To configure a custom expiry time in seconds for CIBA request, pass a number between 1 and 300.
-    """
-    def __init__(
-        self,
-        binding_message: Union[str, Callable[..., Awaitable[str]]],
-        scope: Optional[str] = None,
-        on_approve_go_to: Optional[str] = None,
-        on_reject_go_to: Optional[str] = None,
-        audience: Optional[str] = None,
-        request_expiry: Optional[int] = None,
-    ):
-        self.binding_message = binding_message
-        self.scope = scope
-        self.on_approve_go_to = on_approve_go_to
-        self.on_reject_go_to = on_reject_go_to
-        self.audience = audience
-        self.request_expiry = request_expiry
-
-class ProtectedTool():
-    def __init__(self, tool_name: str, options: CIBAOptions):
-        self.tool_name = tool_name
-        self.options = options
-
-class CIBAGraphOptionsConfig:
-    def __init__(self, on_resume_invoke: str, scheduler: Union[str, Callable[[SchedulerParams], Awaitable[None]]]):
-        self.on_resume_invoke = on_resume_invoke
-        self.scheduler = scheduler
-
-class CIBAGraphOptions():
-    """
-    The base CIBA options.
-
-    Attributes:
-        config (CIBAGraphOptionsConfig): Configuration options.
-        scope (Optional[str]): Space-separated list of OIDC and custom API scopes.
-        on_approve_go_to (Optional[str]): A node name to redirect the flow after user approval.
-        on_reject_go_to (Optional[str]): A node name to redirect the flow after user rejection.
-        audience (Optional[str]): Unique identifier of the audience for an issued token.
-        request_expiry (Optional[int]): To configure a custom expiry time in seconds for CIBA request, pass a number between 1 and 300.
-    """
-    def __init__(
-        self,
-        config: CIBAGraphOptionsConfig,
-        scope: Optional[str] = None,
-        on_approve_go_to: Optional[str] = None,
-        on_reject_go_to: Optional[str] = None,
-        audience: Optional[str] = None,
-        request_expiry: Optional[int] = None,
-        
-    ):
-        self.config = config
-        self.scope = scope
-        self.on_approve_go_to = on_approve_go_to
-        self.on_reject_go_to = on_reject_go_to
-        self.audience = audience
-        self.request_expiry = request_expiry
-
-class ICIBAGraph(ABC):
-    @abstractmethod
-    def get_tools(self) -> List[ProtectedTool]:
-        pass
-
-    @abstractmethod
-    def get_graph(self) -> StateGraph:
-        pass
-
-    @abstractmethod
-    def get_authorizer_params(self) -> Optional[AuthorizerParams]:
-        pass
-
-    @abstractmethod
-    def get_options(self) -> Optional[CIBAGraphOptions]:
-        pass

auth0_ai_langchain/ciba/ciba_graph/utils.py

@@ -1,17 +0,0 @@
-from typing import Optional, List
-from .types import ProtectedTool, BaseState
-
-def get_tool_definition(state: BaseState, tools: List[ProtectedTool]) -> Optional[dict]:
-    message = state["messages"][-1]
-    
-    if not hasattr(message, "tool_calls") or not message.tool_calls:
-        return None
-    
-    tool_calls = message.tool_calls
-    tool = tool_calls[-1]
-    metadata = next((t for t in tools if t.tool_name == tool["name"]), None)
-    
-    if not metadata:
-        return None
-    
-    return {"metadata": metadata, "tool": tool, "message": message}

auth0_ai_langchain/ciba/ciba_poller_graph.py

@@ -1,105 +0,0 @@
-import os
-from typing import Awaitable, Callable, Optional, TypedDict, Union
-
-from auth0_ai.authorizers.ciba_authorizer import (
-    AuthorizeResponse,
-    CIBAAuthorizer,
-    CibaAuthorizerCheckResponse,
-)
-from auth0_ai.credentials import Credentials
-from auth0_ai.token_response import TokenResponse
-from langgraph.graph import END, START, StateGraph
-from langgraph_sdk import get_client
-from langgraph_sdk.schema import Command
-
-from auth0_ai_langchain.ciba.types import Auth0Graphs
-
-
-class State(TypedDict):
-    ciba_response: AuthorizeResponse
-    on_resume_invoke: str
-    thread_id: str
-    user_id: str
-
-    # Internal
-    task_id: str
-    tool_id: str
-    status: CibaAuthorizerCheckResponse
-    token_response: Optional[TokenResponse]
-
-
-def ciba_poller_graph(on_stop_scheduler: Union[str, Callable[[State], Awaitable[None]]]):
-    """
-    A LangGraph graph to monitor the status of a CIBA transaction.
-
-    Attributes:
-        on_stop_scheduler (Union[str, Callable[[State], Awaitable[None]]]): A graph name to redirect the flow, or a function to execute when the CIBA transaction expires.
-    """
-    async def check_status(state: State):
-        try:
-            res = await CIBAAuthorizer.check(state["ciba_response"]["auth_req_id"])
-            state["token_response"] = res.get("token")
-            state["status"] = res.get("status")
-        except Exception as e:
-            print(f"Error in check_status: {e}")
-        return state
-
-    async def stop_scheduler(state: State):
-        try:
-            if isinstance(on_stop_scheduler, str):
-                langgraph = get_client(url=os.getenv(
-                    "LANGGRAPH_API_URL", "http://localhost:54367"))
-                await langgraph.crons.create_for_thread(state.thread_id, Auth0Graphs.CIBA_POLLER.value)
-            elif callable(on_stop_scheduler):
-                await on_stop_scheduler(state)
-        except Exception as e:
-            print(f"Error in stop_scheduler: {e}")
-        return state
-
-    async def resume_agent(state: State):
-        langgraph = get_client(url=os.getenv(
-            "LANGGRAPH_API_URL", "http://localhost:54367"))
-        _credentials: Credentials = None
-
-        try:
-            if state["status"] == CibaAuthorizerCheckResponse.APPROVED:
-                _credentials = {
-                    "access_token": {
-                        "type": state["token_response"].get("token_type", "Bearer"),
-                        "value": state["token_response"].get("access_token"),
-                    }
-                }
-
-            await langgraph.runs.wait(
-                state["thread_id"],
-                state["on_resume_invoke"],
-                config={
-                    # this is only for this run / thread_id
-                    "configurable": {"_credentials": _credentials}
-                },
-                command=Command(resume={"status": state["status"]})
-            )
-        except Exception as e:
-            print(f"Error in resume_agent: {e}")
-
-        return state
-
-    async def should_continue(state: State):
-        status = state.get("status")
-        if status == CibaAuthorizerCheckResponse.PENDING:
-            return END
-        elif status == CibaAuthorizerCheckResponse.EXPIRED:
-            return "stop_scheduler"
-        elif status in [CibaAuthorizerCheckResponse.APPROVED, CibaAuthorizerCheckResponse.REJECTED]:
-            return "resume_agent"
-        return END
-
-    state_graph = StateGraph(State)
-    state_graph.add_node("check_status", check_status)
-    state_graph.add_node("stop_scheduler", stop_scheduler)
-    state_graph.add_node("resume_agent", resume_agent)
-    state_graph.add_edge(START, "check_status")
-    state_graph.add_edge("resume_agent", "stop_scheduler")
-    state_graph.add_conditional_edges("check_status", should_continue)
-
-    return state_graph

auth0_ai_langchain/ciba/types.py

@@ -1,8 +0,0 @@
-from enum import Enum
-
-class Auth0Nodes(Enum):
-  AUTH0_CIBA_HITL = "AUTH0_CIBA_HITL"
-  AUTH0_CIBA = "AUTH0_CIBA"
-
-class Auth0Graphs(Enum):
-    CIBA_POLLER = "AUTH0_CIBA_POLLER"

auth0_ai_langchain/fga/fga_authorizer.py

@@ -1,3 +0,0 @@
-from auth0_ai.authorizers.fga_authorizer import FGAAuthorizer, FGAAuthorizerOptions
-
-__all__ = ["FGAAuthorizer", "FGAAuthorizerOptions"]

auth0_ai_langchain-0.2.0.dist-info/METADATA

@@ -1,221 +0,0 @@
-Metadata-Version: 2.3
-Name: auth0-ai-langchain
-Version: 0.2.0
-Summary: This package is an SDK for building secure AI-powered applications using Auth0, Okta FGA and LangChain.
-License: Apache-2.0
-Author: Auth0
-Author-email: support@auth0.com
-Requires-Python: >=3.11,<4.0
-Classifier: License :: OSI Approved :: Apache Software License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Programming Language :: Python :: 3.13
-Requires-Dist: auth0-ai (>=0.2.0,<0.3.0)
-Requires-Dist: langchain (>=0.3.20,<0.4.0)
-Requires-Dist: langchain-core (>=0.3.43,<0.4.0)
-Requires-Dist: langgraph (>=0.3.25,<0.4.0)
-Requires-Dist: langgraph-sdk (>=0.1.55,<0.2.0)
-Requires-Dist: openfga-sdk (>=0.9.0,<0.10.0)
-Project-URL: Homepage, https://auth0.com
-Description-Content-Type: text/markdown
-
-# Auth0 AI for LangChain
-
-`auth0-ai-langchain` is an SDK for building secure AI-powered applications using [Auth0](https://www.auth0.ai/), [Okta FGA](https://docs.fga.dev/) and [LangChain](https://python.langchain.com/docs/tutorials/).
-
-![Release](https://img.shields.io/pypi/v/auth0-ai-langchain) ![Downloads](https://img.shields.io/pypi/dw/auth0-ai-langchain) [![License](https://img.shields.io/:license-APACHE%202.0-blue.svg?style=flat)](https://opensource.org/license/apache-2-0)
-
-## Installation
-
-> ⚠️ **WARNING**: `auth0-ai-langchain` is currently under development and it is not intended to be used in production, and therefore has no official support.
-
-```bash
-pip install auth0-ai-langchain
-```
-
-## Authorization for Tools
-
-The `FGAAuthorizer` can leverage Okta FGA to authorize tools executions. The `FGAAuthorizer.create` function can be used to create an authorizer that checks permissions before executing the tool.
-
-Full example of [Authorization for Tools](https://github.com/auth0-lab/auth0-ai-python/tree/main/examples/authorization-for-tools/langchain-examples).
-
-1. Create an instance of FGA Authorizer:
-
-```python
-from auth0_ai_langchain.fga.fga_authorizer import FGAAuthorizer, FGAAuthorizerOptions
-
-fga = FGAAuthorizer.create()
-```
-
-**Note**: Here, you can configure and specify your FGA credentials. By `default`, they are read from environment variables:
-
-```sh
-FGA_STORE_ID="<fga-store-id>"
-FGA_CLIENT_ID="<fga-client-id>"
-FGA_CLIENT_SECRET="<fga-client-secret>"
-```
-
-2. Define the FGA query (`build_query`) and, optionally, the `on_unauthorized` handler:
-
-```python
-from langchain_core.runnables import ensure_config
-
-async def build_fga_query(tool_input):
-    user_id = ensure_config().get("configurable",{}).get("user_id")
-    return {
-        "user": f"user:{user_id}",
-        "object": f"asset:{tool_input["ticker"]}",
-        "relation": "can_buy",
-        "context": {"current_time": datetime.now(timezone.utc).isoformat()}
-    }
-
-def on_unauthorized(tool_input):
-    return f"The user is not allowed to buy {tool_input["qty"]} shares of {tool_input["ticker"]}."
-
-use_fga = fga(FGAAuthorizerOptions(
-    build_query=build_fga_query,
-    on_unauthorized=on_unauthorized,
-))
-```
-
-**Note**: The parameters given to the `build_query` and `on_unauthorized` functions are the same as those provided to the tool function.
-
-3. Wrap the tool:
-
-```python
-from langchain_core.tools import StructuredTool
-
-async def buy_tool_function(ticker: str, qty: int) -> str:
-    # TODO: implement buy operation
-    return f"Purchased {qty} shares of {ticker}"
-
-func=use_fga(buy_tool_function)
-
-buy_tool = StructuredTool(
-    func=func,
-    coroutine=func,
-    name="buy",
-    description="Use this function to buy stocks",
-)
-```
-
-## Calling APIs On User's Behalf
-
-The `Auth0AI.with_federated_connection` function exchanges user's refresh token taken from the runnable configuration (`config.configurable._credentials.refresh_token`) for a Federated Connection API token.
-
-Full Example of [Calling APIs On User's Behalf](https://github.com/auth0-lab/auth0-ai-python/tree/main/examples/calling-apis/langchain-examples).
-
-1. Define a tool with the proper authorizer:
-
-```python
-from auth0_ai_langchain.auth0_ai import Auth0AI
-from auth0_ai_langchain.federated_connections import get_access_token_for_connection
-from langchain_core.tools import StructuredTool
-
-auth0_ai = Auth0AI()
-
-with_google_calendar_access = auth0_ai.with_federated_connection(
-    connection="google-oauth2",
-    scopes=["https://www.googleapis.com/auth/calendar.freebusy"]
-)
-
-def tool_function(date: datetime):
-    access_token = get_access_token_for_connection()
-    # Call Google API
-
-check_calendar_tool = with_google_calendar_access(
-    StructuredTool(
-        name="check_user_calendar",
-        description="Use this function to check if the user is available on a certain date and time",
-        func=tool_function,
-        # ...
-    )
-)
-```
-
-2. Add a node to your graph for your tools:
-
-```python
-workflow = (
-    StateGraph(State)
-        .add_node(
-            "tools",
-            ToolNode(
-                [
-                    check_calendar_tool,
-                    # ...
-                ],
-                # The error handler should be disabled to allow interruptions to be triggered from within tools.
-                handle_tool_errors=False
-            )
-        )
-        # ...
-)
-```
-
-3. Handle interruptions properly. If the tool does not have access to user's Google Calendar, it will throw an interruption.
-
-## RAG with FGA
-
-The `FGARetriever` can be used to filter documents based on access control checks defined in Okta FGA. This retriever performs batch checks on retrieved documents, returning only the ones that pass the specified access criteria.
-
-Full Example of [RAG Application](https://github.com/auth0-lab/auth0-ai-python/tree/main/examples/authorization-for-rag/langchain-examples).
-
-Create a retriever instance using the `FGARetriever` class.
-
-```python
-from langchain.vectorstores import VectorStoreIndex
-from langchain.schema import Document
-from auth0_ai_langchain import FGARetriever
-from openfga_sdk.client.models import ClientCheckRequest
-from openfga_sdk import ClientConfiguration
-from openfga_sdk.credentials import CredentialConfiguration, Credentials
-
-# Define some docs:
-documents = [
-    Document(page_content="This is a public doc", metadata={"doc_id": "public-doc"}),
-    Document(page_content="This is a private doc", metadata={"doc_id": "private-doc"}),
-]
-
-# Create a vector store:
-vector_store = VectorStoreIndex.from_documents(documents)
-
-# Create a retriever:
-base_retriever = vector_store.as_retriever()
-
-# Create the FGA retriever wrapper:
-retriever = FGARetriever(
-    base_retriever,
-    build_query=lambda node: ClientCheckRequest(
-        user=f'user:{user}',
-        object=f'doc:{node.metadata["doc_id"]}',
-        relation="viewer",
-    )
-)
-
-# Create a query engine:
-query_engine = RetrieverQueryEngine.from_args(
-    retriever=retriever,
-    llm=OpenAI()
-)
-
-# Query:
-response = query_engine.query("What is the forecast for ZEKO?")
-
-print(response)
-```
-
----
-
-<p align="center">
-  <picture>
-    <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png"   width="150">
-    <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
-    <img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
-  </picture>
-</p>
-<p align="center">Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout <a href="https://auth0.com/why-auth0">Why Auth0?</a></p>
-<p align="center">
-This project is licensed under the Apache 2.0 license. See the <a href="https://github.com/auth0-lab/auth0-ai-python/blob/main/LICENSE"> LICENSE</a> file for more info.</p>
-

auth0_ai_langchain-0.2.0.dist-info/RECORD

@@ -1,19 +0,0 @@
-auth0_ai_langchain/FGARetriever.py,sha256=6nQXRkbDLHZt9zYZJsS5iQljrogQVLW0aVwDIf6Mpac,6002
-auth0_ai_langchain/__init__.py,sha256=I331Kz-q97ZU7TfXaOR5UBbJamGEJ15twbf2HP1iCHs,67
-auth0_ai_langchain/auth0_ai.py,sha256=8NUV_80SxR8qQt_3RQGf0Oga178kChuROHuhz7rfOyU,1919
-auth0_ai_langchain/ciba/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-auth0_ai_langchain/ciba/ciba_graph/ciba_graph.py,sha256=Wi7qXSMzvcfqdO8WsUJejmQzOVM469TFJCkH7eRlaR8,4115
-auth0_ai_langchain/ciba/ciba_graph/initialize_ciba.py,sha256=a41KedBzxfLqG2AhvkFnemcEqWwQWVh1r-Oro-qJX-M,3752
-auth0_ai_langchain/ciba/ciba_graph/initialize_hitl.py,sha256=CR3jMolZYYOBHx1AXb6yERBaZThMg677qGGo_vRy6I8,1901
-auth0_ai_langchain/ciba/ciba_graph/types.py,sha256=NZS99vPOgJRc2O7mO5MWj6nAa4RSG1R5oSvzYhkz0RA,4234
-auth0_ai_langchain/ciba/ciba_graph/utils.py,sha256=ZPAh0Gs7Hj59_xngg8M7yx1v52dTn2pNpMNRpFKCSII,560
-auth0_ai_langchain/ciba/ciba_poller_graph.py,sha256=rjlxsTheJrN2J6E5BCE9aVyDO8V7UFhdKyX4KT_hB8k,3828
-auth0_ai_langchain/ciba/types.py,sha256=gybqYEprklZwcMBgaWFooBsJ1GcNUK8ZWRvAX5PZWdE,177
-auth0_ai_langchain/federated_connections/__init__.py,sha256=nWA0eZj88nkamiZz8Wx-KVZ9r1faNNjWBdQAYfrPO1A,480
-auth0_ai_langchain/federated_connections/federated_connection_authorizer.py,sha256=ZLF4p7fPTrODOeHWIShfBTsReSy27u73rIp0L_Umhjg,2218
-auth0_ai_langchain/fga/fga_authorizer.py,sha256=uDaGDSXaxQd1X-2w2zTvnfizMB-DtQ-1G6SIaDNBrho,137
-auth0_ai_langchain/utils/interrupt.py,sha256=HHmlwKwQR_sx8dsV_cZTCYLDo6n6JuiPyLJxbhiI84w,449
-auth0_ai_langchain-0.2.0.dist-info/LICENSE,sha256=Lu_2YH0oK8b_VVisAhNQ2WIdtwY8pSU2PLbll-y6Cj8,9792
-auth0_ai_langchain-0.2.0.dist-info/METADATA,sha256=Gn337MU0yUTAFP_DUyRhkyxj6j5jw4frYmVpJmPMqis,7793
-auth0_ai_langchain-0.2.0.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
-auth0_ai_langchain-0.2.0.dist-info/RECORD,,