boarddata 3.0.2__tar.gz → 4.0.0__tar.gz

{boarddata-3.0.2 → boarddata-4.0.0}/CLAUDE.md

@@ -10,7 +10,7 @@ compensations, assemblies, resolutions, ESG data, and sentinel analyses.
 
 - **Mixin-based**: Each domain is a mixin class in `_companies.py`, `_persons.py`, etc.
 - **Single facade**: `BoardDataClient` in `client.py` composes all mixins via multiple inheritance.
-- **Base class**: `_base.py` provides Auth0 authentication and HTTP transport (`_get`, `_post`, `_patch`, `_delete`).
+- **Base class**: `_base.py` provides OAuth2 Client Credentials authentication and HTTP transport (`_get`, `_post`, `_patch`, `_delete`).
 - **Types**: `types/` contains TypedDict definitions for all API request/response shapes.
 
 ## Key Patterns

{boarddata-3.0.2 → boarddata-4.0.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: boarddata
-Version: 3.0.2
+Version: 4.0.0
 Summary: Python SDK for the BoardData V2 REST API
 License: MIT
 Classifier: Development Status :: 4 - Beta
@@ -43,7 +43,6 @@ client = BoardDataClient.from_env()
 # Or explicit configuration
 client = BoardDataClient(
     base_url="https://api.boarddata.scalens.com",
-    auth0_domain="your-tenant.auth0.com",
     client_id="your-client-id",
     client_secret="your-client-secret",
 )
@@ -65,9 +64,8 @@ print(result["id"])      # company UUID
 | Variable | Description |
 |---|---|
 | `BOARDDATA_BACKEND_URL` | Base URL of the BoardData API |
-| `BOARDDATA_AUTH0_DOMAIN` | Auth0 tenant domain |
-| `BOARDDATA_AUTH0_CLIENT_ID` | Auth0 client ID |
-| `BOARDDATA_AUTH0_CLIENT_SECRET` | Auth0 client secret |
+| `BOARDDATA_CLIENT_ID` | OAuth2 client ID (from Django admin) |
+| `BOARDDATA_CLIENT_SECRET` | OAuth2 client secret (from Django admin) |
 
 ## Token Caching
 

{boarddata-3.0.2 → boarddata-4.0.0}/README.md

@@ -19,7 +19,6 @@ client = BoardDataClient.from_env()
 # Or explicit configuration
 client = BoardDataClient(
     base_url="https://api.boarddata.scalens.com",
-    auth0_domain="your-tenant.auth0.com",
     client_id="your-client-id",
     client_secret="your-client-secret",
 )
@@ -41,9 +40,8 @@ print(result["id"])      # company UUID
 | Variable | Description |
 |---|---|
 | `BOARDDATA_BACKEND_URL` | Base URL of the BoardData API |
-| `BOARDDATA_AUTH0_DOMAIN` | Auth0 tenant domain |
-| `BOARDDATA_AUTH0_CLIENT_ID` | Auth0 client ID |
-| `BOARDDATA_AUTH0_CLIENT_SECRET` | Auth0 client secret |
+| `BOARDDATA_CLIENT_ID` | OAuth2 client ID (from Django admin) |
+| `BOARDDATA_CLIENT_SECRET` | OAuth2 client secret (from Django admin) |
 
 ## Token Caching
 

{boarddata-3.0.2 → boarddata-4.0.0}/__init__.py

@@ -1,18 +1,19 @@
 """BoardData API Python SDK."""
 
-from .cache import FileTokenCache
+from .cache import FileTokenCache, ScalewaySecretTokenCache
 from ._base import Base, TokenCache
 from .client import BoardDataClient
 from .errors import BoardDataError
 
 from . import types as types  # noqa: F401 — makes types accessible as boarddata.types
 
-__version__ = "3.0.2"
+__version__ = "4.0.0"
 __all__ = [
     "Base",
     "BoardDataClient",
     "BoardDataError",
     "FileTokenCache",
+    "ScalewaySecretTokenCache",
     "TokenCache",
     "__version__",
 ]

{boarddata-3.0.2 → boarddata-4.0.0}/_base.py

@@ -1,4 +1,4 @@
-"""Auth, HTTP transport, and shared helpers for BoardDataClient."""
+"""OAuth2, HTTP transport, and shared helpers for BoardDataClient."""
 
 from __future__ import annotations
 
@@ -27,33 +27,35 @@ class TokenCache(Protocol):
 
 
 class Base:
-    """Auth0 M2M authentication and HTTP transport layer.
+    """OAuth2 Client Credentials authentication and HTTP transport layer.
 
     All domain mixins inherit from this class and use ``self._get()``,
     ``self._post()``, ``self._patch()``, ``self._put()``, ``self._delete()``.
     """
 
-    DEFAULT_AUDIENCE = "https://api.boarddata.scalens.com"
+    _DEFAULT_CACHE = object()  # sentinel for auto-detection
 
     @classmethod
     def from_env(
         cls,
         *,
-        token_cache: TokenCache | str | None = None,
+        token_cache: TokenCache | str | None | object = _DEFAULT_CACHE,
         timeout: int = 30,
     ) -> Base:
         """Create a client from environment variables.
 
         Reads:
             BOARDDATA_BACKEND_URL: Base URL of the BoardData API.
-            BOARDDATA_AUTH0_DOMAIN: Auth0 tenant domain.
-            BOARDDATA_AUTH0_CLIENT_ID: Auth0 client ID.
-            BOARDDATA_AUTH0_CLIENT_SECRET: Auth0 client secret.
+            BOARDDATA_CLIENT_ID: OAuth2 client ID.
+            BOARDDATA_CLIENT_SECRET: OAuth2 client secret.
 
         Args:
             token_cache: File path string (e.g. ``"~/.boarddata/token.json"``)
                 or a ``TokenCache`` instance. When a string is passed, a
-                ``FileTokenCache`` is created automatically.
+                ``FileTokenCache`` is created automatically. Defaults to
+                auto-detection: uses Scaleway Secret Manager if ``SCW_SECRET_KEY``
+                and ``SCW_PROJECT_ID`` are set, otherwise a local file cache at
+                ``/tmp/boarddata_token.json``. Pass ``None`` to disable caching.
             timeout: HTTP request timeout in seconds.
 
         Returns:
@@ -64,13 +66,12 @@ class Base:
         """
         import os
 
-        from .cache import FileTokenCache
+        from .cache import FileTokenCache, ScalewaySecretTokenCache
 
         env_vars = {
             "BOARDDATA_BACKEND_URL": "base_url",
-            "BOARDDATA_AUTH0_DOMAIN": "auth0_domain",
-            "BOARDDATA_AUTH0_CLIENT_ID": "client_id",
-            "BOARDDATA_AUTH0_CLIENT_SECRET": "client_secret",
+            "BOARDDATA_CLIENT_ID": "client_id",
+            "BOARDDATA_CLIENT_SECRET": "client_secret",
         }
         kwargs: dict[str, str] = {}
         for env_key, param_name in env_vars.items():
@@ -80,7 +81,15 @@ class Base:
                 raise ValueError(msg)
             kwargs[param_name] = value
 
-        cache = FileTokenCache(token_cache) if isinstance(token_cache, str) else token_cache
+        if token_cache is cls._DEFAULT_CACHE:
+            if os.environ.get("SCW_SECRET_KEY") and os.environ.get("SCW_PROJECT_ID"):
+                cache: TokenCache | None = ScalewaySecretTokenCache()
+            else:
+                cache = FileTokenCache("/tmp/boarddata_token.json")
+        elif isinstance(token_cache, str):
+            cache = FileTokenCache(token_cache)
+        else:
+            cache = token_cache  # type: ignore[assignment]
 
         return cls(
             **kwargs,
@@ -91,18 +100,14 @@ class Base:
     def __init__(
         self,
         base_url: str,
-        auth0_domain: str,
         client_id: str,
         client_secret: str,
-        audience: str = DEFAULT_AUDIENCE,
         timeout: int = 30,
         token_cache: TokenCache | None = None,
     ) -> None:
         self.base_url = base_url.rstrip("/")
-        self.auth0_domain = auth0_domain
         self.client_id = client_id
         self.client_secret = client_secret
-        self.audience = audience
         self.timeout = timeout
         self._token_cache = token_cache
 
@@ -114,7 +119,7 @@ class Base:
     # ------------------------------------------------------------------
 
     def _get_token(self) -> str:
-        """Obtain or return a cached Auth0 access token."""
+        """Obtain or return a cached OAuth2 access token."""
         if self._token and time.time() < self._token_expires_at:
             return self._token
 
@@ -124,18 +129,18 @@ class Base:
                 if cached and cached.get("access_token") and time.time() < cached.get("expires_at", 0):
                     self._token = cached["access_token"]
                     self._token_expires_at = cached["expires_at"]
-                    logger.debug("Loaded cached Auth0 token from storage")
+                    logger.debug("Loaded cached OAuth2 token from storage")
                     return self._token
             except Exception:
                 logger.debug("Could not read token from cache")
 
         resp = requests.post(
-            f"https://{self.auth0_domain}/oauth/token",
-            json={
+            f"{self.base_url}/api/oauth/token/",
+            data={
                 "client_id": self.client_id,
                 "client_secret": self.client_secret,
-                "audience": self.audience,
                 "grant_type": "client_credentials",
+                "scope": "read write",
             },
             timeout=self.timeout,
         )
@@ -150,7 +155,7 @@ class Base:
                     "access_token": self._token,
                     "expires_at": self._token_expires_at,
                 })
-                logger.debug("Persisted Auth0 token to storage")
+                logger.debug("Persisted OAuth2 token to storage")
             except Exception:
                 logger.debug("Could not persist token to cache")
 

{boarddata-3.0.2 → boarddata-4.0.0}/boarddata.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: boarddata
-Version: 3.0.2
+Version: 4.0.0
 Summary: Python SDK for the BoardData V2 REST API
 License: MIT
 Classifier: Development Status :: 4 - Beta
@@ -43,7 +43,6 @@ client = BoardDataClient.from_env()
 # Or explicit configuration
 client = BoardDataClient(
     base_url="https://api.boarddata.scalens.com",
-    auth0_domain="your-tenant.auth0.com",
     client_id="your-client-id",
     client_secret="your-client-secret",
 )
@@ -65,9 +64,8 @@ print(result["id"])      # company UUID
 | Variable | Description |
 |---|---|
 | `BOARDDATA_BACKEND_URL` | Base URL of the BoardData API |
-| `BOARDDATA_AUTH0_DOMAIN` | Auth0 tenant domain |
-| `BOARDDATA_AUTH0_CLIENT_ID` | Auth0 client ID |
-| `BOARDDATA_AUTH0_CLIENT_SECRET` | Auth0 client secret |
+| `BOARDDATA_CLIENT_ID` | OAuth2 client ID (from Django admin) |
+| `BOARDDATA_CLIENT_SECRET` | OAuth2 client secret (from Django admin) |
 
 ## Token Caching
 

boarddata-4.0.0/cache.py

@@ -0,0 +1,167 @@
+"""Token cache implementations."""
+
+from __future__ import annotations
+
+import json
+import logging
+from pathlib import Path
+from typing import Any
+
+logger = logging.getLogger("boarddata")
+
+
+class FileTokenCache:
+    """Persists Auth0 tokens to a local JSON file.
+
+    Creates parent directories automatically. Reads return None
+    if the file is missing or contains invalid JSON.
+
+    Usage::
+
+        cache = FileTokenCache("~/.boarddata/token.json")
+        bd = BoardDataClient.from_env(token_cache=cache)
+    """
+
+    def __init__(self, path: str) -> None:
+        self._path = str(Path(path).expanduser().resolve())
+
+    def read(self) -> dict[str, Any] | None:
+        """Return cached token data or None."""
+        try:
+            return json.loads(Path(self._path).read_text())  # type: ignore[no-any-return]
+        except (FileNotFoundError, json.JSONDecodeError):
+            return None
+
+    def write(self, data: dict[str, Any]) -> None:
+        """Persist token data."""
+        p = Path(self._path)
+        p.parent.mkdir(parents=True, exist_ok=True)
+        p.write_text(json.dumps(data))
+
+
+class ScalewaySecretTokenCache:
+    """Persists Auth0 tokens to Scaleway Secret Manager.
+
+    Shares a single cached token across all job runs, so only one
+    Auth0 M2M token request is made per token lifetime.
+
+    Requires ``SCW_SECRET_KEY`` and ``SCW_PROJECT_ID`` env vars (already
+    available in Scaleway Job containers).
+
+    Usage::
+
+        cache = ScalewaySecretTokenCache(secret_name="boarddata-m2m-token")
+        bd = BoardDataClient.from_env(token_cache=cache)
+    """
+
+    _API_BASE = "https://api.scaleway.com/secret-manager/v1beta1/regions/{region}"
+
+    def __init__(
+        self,
+        secret_name: str = "boarddata-m2m-token",
+        region: str | None = None,
+    ) -> None:
+        import os
+
+        self._secret_name = secret_name
+        self._region = region or os.environ.get("SCW_REGION", "fr-par")
+        self._base_url = self._API_BASE.format(region=self._region)
+
+    def _headers(self) -> dict[str, str]:
+        import os
+
+        secret_key = os.environ.get("SCW_SECRET_KEY", "")
+        return {"X-Auth-Token": secret_key}
+
+    def _project_id(self) -> str:
+        import os
+
+        return os.environ.get("SCW_PROJECT_ID", "")
+
+    def _find_secret_id(self) -> str | None:
+        """Find the secret ID by name, or None if it doesn't exist."""
+        import requests as _requests
+
+        try:
+            resp = _requests.get(
+                f"{self._base_url}/secrets",
+                headers=self._headers(),
+                params={"name": self._secret_name, "project_id": self._project_id()},
+                timeout=10,
+            )
+            if not resp.ok:
+                return None
+            secrets = resp.json().get("secrets", [])
+            return secrets[0]["id"] if secrets else None
+        except Exception:
+            logger.debug("Failed to look up secret %s", self._secret_name)
+            return None
+
+    def _create_secret(self) -> str | None:
+        """Create the secret and return its ID."""
+        import requests as _requests
+
+        try:
+            resp = _requests.post(
+                f"{self._base_url}/secrets",
+                headers=self._headers(),
+                json={
+                    "name": self._secret_name,
+                    "project_id": self._project_id(),
+                    "description": "Cached Auth0 M2M token for BoardData client",
+                },
+                timeout=10,
+            )
+            if not resp.ok:
+                return None
+            return resp.json().get("id")
+        except Exception:
+            logger.debug("Failed to create secret %s", self._secret_name)
+            return None
+
+    def read(self) -> dict[str, Any] | None:
+        """Read the latest secret version from Scaleway Secret Manager."""
+        import base64
+
+        import requests as _requests
+
+        secret_id = self._find_secret_id()
+        if not secret_id:
+            return None
+
+        try:
+            resp = _requests.get(
+                f"{self._base_url}/secrets/{secret_id}/versions/latest/access",
+                headers=self._headers(),
+                timeout=10,
+            )
+            if not resp.ok:
+                return None
+            raw = base64.b64decode(resp.json()["data"]).decode()
+            return json.loads(raw)  # type: ignore[no-any-return]
+        except Exception:
+            logger.debug("Failed to read token from Scaleway Secret Manager")
+            return None
+
+    def write(self, data: dict[str, Any]) -> None:
+        """Write a new secret version to Scaleway Secret Manager."""
+        import base64
+
+        import requests as _requests
+
+        secret_id = self._find_secret_id()
+        if not secret_id:
+            secret_id = self._create_secret()
+        if not secret_id:
+            return
+
+        try:
+            encoded = base64.b64encode(json.dumps(data).encode()).decode()
+            _requests.post(
+                f"{self._base_url}/secrets/{secret_id}/versions",
+                headers=self._headers(),
+                json={"data": encoded},
+                timeout=10,
+            )
+        except Exception:
+            logger.debug("Failed to write token to Scaleway Secret Manager")

{boarddata-3.0.2 → boarddata-4.0.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "boarddata"
-version = "3.0.2"
+version = "4.0.0"
 description = "Python SDK for the BoardData V2 REST API"
 readme = "README.md"
 license = {text = "MIT"}

{boarddata-3.0.2 → boarddata-4.0.0}/tests/test_config.py

@@ -10,9 +10,8 @@ from boarddata.client import BoardDataClient
 
 ENV = {
     "BOARDDATA_BACKEND_URL": "https://api.example.com",
-    "BOARDDATA_AUTH0_DOMAIN": "tenant.eu.auth0.com",
-    "BOARDDATA_AUTH0_CLIENT_ID": "cid",
-    "BOARDDATA_AUTH0_CLIENT_SECRET": "csecret",
+    "BOARDDATA_CLIENT_ID": "cid",
+    "BOARDDATA_CLIENT_SECRET": "csecret",
 }
 
 
@@ -21,7 +20,6 @@ class TestFromEnv:
     def test_creates_client_from_env(self) -> None:
         client = BoardDataClient.from_env()
         assert client.base_url == "https://api.example.com"
-        assert client.auth0_domain == "tenant.eu.auth0.com"
         assert client.client_id == "cid"
         assert client.client_secret == "csecret"
 

boarddata-3.0.2/cache.py

@@ -1,39 +0,0 @@
-"""Token cache implementations."""
-
-from __future__ import annotations
-
-import json
-import logging
-from pathlib import Path
-from typing import Any
-
-logger = logging.getLogger("boarddata")
-
-
-class FileTokenCache:
-    """Persists Auth0 tokens to a local JSON file.
-
-    Creates parent directories automatically. Reads return None
-    if the file is missing or contains invalid JSON.
-
-    Usage::
-
-        cache = FileTokenCache("~/.boarddata/token.json")
-        bd = BoardDataClient.from_env(token_cache=cache)
-    """
-
-    def __init__(self, path: str) -> None:
-        self._path = str(Path(path).expanduser().resolve())
-
-    def read(self) -> dict[str, Any] | None:
-        """Return cached token data or None."""
-        try:
-            return json.loads(Path(self._path).read_text())  # type: ignore[no-any-return]
-        except (FileNotFoundError, json.JSONDecodeError):
-            return None
-
-    def write(self, data: dict[str, Any]) -> None:
-        """Persist token data."""
-        p = Path(self._path)
-        p.parent.mkdir(parents=True, exist_ok=True)
-        p.write_text(json.dumps(data))