authentikate 2.1.2__tar.gz → 2.2.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. {authentikate-2.1.2 → authentikate-2.2.0}/PKG-INFO +3 -3
  2. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/__init__.py +1 -1
  3. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/base_models.py +2 -2
  4. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/provenance/__init__.py +1 -1
  5. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/provenance/decode.py +3 -2
  6. {authentikate-2.1.2 → authentikate-2.2.0}/pyproject.toml +4 -4
  7. {authentikate-2.1.2 → authentikate-2.2.0}/.gitignore +0 -0
  8. {authentikate-2.1.2 → authentikate-2.2.0}/LICENSE +0 -0
  9. {authentikate-2.1.2 → authentikate-2.2.0}/README.md +0 -0
  10. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/admin.py +0 -0
  11. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/apps.py +0 -0
  12. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/decode.py +0 -0
  13. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/errors.py +0 -0
  14. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/expand.py +0 -0
  15. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/migrations/0001_initial.py +0 -0
  16. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/migrations/0002_membership.py +0 -0
  17. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/migrations/0003_app_release_client_release.py +0 -0
  18. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/migrations/0004_device_client_device.py +0 -0
  19. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/migrations/0005_alter_client_client_id.py +0 -0
  20. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/migrations/__init__.py +0 -0
  21. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/models.py +0 -0
  22. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/protocols.py +0 -0
  23. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/provenance/canonical.py +0 -0
  24. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/provenance/models.py +0 -0
  25. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/provenance/verify.py +0 -0
  26. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/settings.py +0 -0
  27. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/strawberry/__init__.py +0 -0
  28. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/strawberry/directives.py +0 -0
  29. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/strawberry/extension.py +0 -0
  30. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/strawberry/info.py +0 -0
  31. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/strawberry/types.py +0 -0
  32. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/utils.py +0 -0
  33. {authentikate-2.1.2 → authentikate-2.2.0}/authentikate/vars.py +0 -0
{authentikate-2.1.2 → authentikate-2.2.0}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: authentikate
3
- Version: 2.1.2
3
+ Version: 2.2.0
4
4
  Author-email: jhnnsrs <jhnnsrs@gmail.com>
5
5
  License-Expression: MIT
6
6
  License-File: LICENSE
@@ -8,8 +8,8 @@ Requires-Python: <4.0,>=3.12
8
8
  Requires-Dist: django-guardian<3,>=2.4.0
9
9
  Requires-Dist: django>5
10
10
  Requires-Dist: httpx>=0.28.1
11
- Requires-Dist: joserfc>=1.0.4
12
- Requires-Dist: kante>=2
11
+ Requires-Dist: joserfc>=1.7.1
12
+ Requires-Dist: kante>=2.0.1
13
13
  Requires-Dist: pydantic<3,>2
14
14
  Description-Content-Type: text/markdown
15
15
 
{authentikate-2.1.2 → authentikate-2.2.0}/authentikate/__init__.py RENAMED
@@ -10,7 +10,7 @@ framework.
10
10
  Supported Token Types
11
11
  - JWT (JSON Web Tokens) (with client_id, user_id, scopes, and expiration)
12
12
  - Static tokens (for testing and pre-defined tokens)
13
- - Provenance tokens (EdDSA-signed attestations minted by Rekuest, verified on
13
+ - Provenance tokens (Ed25519-signed attestations minted by Rekuest, verified on
14
14
  the consuming/audience end via :mod:`authentikate.provenance`)
15
15
 
16
16
 
{authentikate-2.1.2 → authentikate-2.2.0}/authentikate/base_models.py RENAMED
@@ -509,7 +509,7 @@ class ProvenanceSettings(BaseModel):
509
509
  """Configuration for verifying inbound provenance tokens.
510
510
 
511
511
  Provenance tokens are an orthogonal trust domain to the auth token: a
512
- different issuer (Rekuest), a different signing algorithm (EdDSA), and a
512
+ different issuer (Rekuest), a different signing algorithm (Ed25519), and a
513
513
  different JWKS endpoint. This block scopes those issuers separately so a
514
514
  provenance token is never verified against an auth issuer and vice versa.
515
515
  """
@@ -525,7 +525,7 @@ class ProvenanceSettings(BaseModel):
525
525
  )
526
526
  """This service's identifier (e.g. "mikro"); checked against the token aud."""
527
527
  algorithms: list[str] = Field(
528
- default_factory=lambda: ["EdDSA"],
528
+ default_factory=lambda: ["Ed25519"],
529
529
  validation_alias=AliasChoices("algorithms", "ALGORITHMS"),
530
530
  )
531
531
  """The signature algorithms allowed for provenance tokens (alg is pinned)."""
{authentikate-2.1.2 → authentikate-2.2.0}/authentikate/provenance/__init__.py RENAMED
@@ -1,6 +1,6 @@
1
1
  """Provenance-token verification (consuming / audience end).
2
2
 
3
- Audience servers (e.g. Mikro / koherent) receive an EdDSA-signed provenance
3
+ Audience servers (e.g. Mikro / koherent) receive an Ed25519-signed provenance
4
4
  token minted by Rekuest alongside the cleartext args, and record a verified
5
5
  provenance fact offline against Rekuest's published JWKS. This subpackage
6
6
  provides that decode/verify path:
{authentikate-2.1.2 → authentikate-2.2.0}/authentikate/provenance/decode.py RENAMED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Mirrors ``authentikate.decode`` for the auth token, but resolves keys from the
4
4
  *provenance* issuer(s) — a separate trust domain with its own JWKS endpoint —
5
- and pins the signature algorithm (``EdDSA`` by default, never ``none``), as
5
+ and pins the signature algorithm (``Ed25519`` by default, never ``none``), as
6
6
  required by RFC 8725.
7
7
  """
8
8
 
@@ -44,7 +44,7 @@ def decode_provenance_token(
44
44
  ) -> ProvenanceToken:
45
45
  """Decode and verify a provenance token.
46
46
 
47
- Verifies the EdDSA signature against the configured provenance issuers,
47
+ Verifies the Ed25519 signature against the configured provenance issuers,
48
48
  validates the registered claims (expiry), and checks audience membership.
49
49
 
50
50
  Raises
@@ -113,4 +113,5 @@ async def adecode_provenance_token(
113
113
 
114
114
  built = _build_token(token, decoded.claims)
115
115
  _check_audience(built, provenance)
116
+ print("Built provenance token:", built)
116
117
  return built
{authentikate-2.1.2 → authentikate-2.2.0}/pyproject.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "authentikate"
3
- version = "2.1.2"
3
+ version = "2.2.0"
4
4
  description = ""
5
5
  authors = [{ name = "jhnnsrs", email = "jhnnsrs@gmail.com" }]
6
6
  requires-python = ">=3.12, <4.0"
@@ -10,8 +10,8 @@ dependencies = [
10
10
  "pydantic>2, <3",
11
11
  "django-guardian>=2.4.0,<3",
12
12
  "django>5",
13
- "kante>=2",
14
- "joserfc>=1.0.4",
13
+ "kante>=2.0.1",
14
+ "joserfc>=1.7.1",
15
15
  "httpx>=0.28.1",
16
16
  ]
17
17
 
@@ -20,7 +20,7 @@ dev-dependencies = [
20
20
  "pytest-django>=4.5.2,<5",
21
21
  "pytest>=7.4.0,<8",
22
22
  "pytest-cov>=4.1.0,<5",
23
- "cryptography>=41.0.3,<42",
23
+ "cryptography>=45.0.1",
24
24
  "ruff>=0.0.282,<0.0.283",
25
25
  "black>=22",
26
26
  "django-stubs>=4.2.7,<5",
{authentikate-2.1.2 → authentikate-2.2.0}/.gitignore RENAMED
File without changes
{authentikate-2.1.2 → authentikate-2.2.0}/LICENSE RENAMED
File without changes
{authentikate-2.1.2 → authentikate-2.2.0}/README.md RENAMED
File without changes