flwr-nightly 1.15.0.dev20250124__py3-none-any.whl → 1.15.0.dev20250127__py3-none-any.whl

flwr/cli/auth_plugin/__init__.py

@@ -0,0 +1,31 @@
+# Copyright 2025 Flower Labs GmbH. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ==============================================================================
+"""Flower user auth plugins."""
+
+
+from flwr.common.auth_plugin import CliAuthPlugin
+from flwr.common.constant import AuthType
+
+from .oidc_cli_plugin import OidcCliPlugin
+
+
+def get_cli_auth_plugins() -> dict[str, type[CliAuthPlugin]]:
+    """Return all CLI authentication plugins."""
+    return {AuthType.OIDC: OidcCliPlugin}
+
+
+__all__ = [
+    "get_cli_auth_plugins",
+]

flwr/cli/auth_plugin/oidc_cli_plugin.py

@@ -0,0 +1,150 @@
+# Copyright 2025 Flower Labs GmbH. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ==============================================================================
+"""Flower CLI user auth plugin for OIDC."""
+
+
+import json
+import time
+from collections.abc import Sequence
+from pathlib import Path
+from typing import Any, Optional, Union
+
+import typer
+
+from flwr.common.auth_plugin import CliAuthPlugin
+from flwr.common.constant import (
+    ACCESS_TOKEN_KEY,
+    AUTH_TYPE_KEY,
+    REFRESH_TOKEN_KEY,
+    AuthType,
+)
+from flwr.common.typing import UserAuthCredentials, UserAuthLoginDetails
+from flwr.proto.exec_pb2 import (  # pylint: disable=E0611
+    GetAuthTokensRequest,
+    GetAuthTokensResponse,
+)
+from flwr.proto.exec_pb2_grpc import ExecStub
+
+
+class OidcCliPlugin(CliAuthPlugin):
+    """Flower OIDC auth plugin for CLI."""
+
+    def __init__(self, credentials_path: Path):
+        self.access_token: Optional[str] = None
+        self.refresh_token: Optional[str] = None
+        self.credentials_path = credentials_path
+
+    @staticmethod
+    def login(
+        login_details: UserAuthLoginDetails,
+        exec_stub: ExecStub,
+    ) -> UserAuthCredentials:
+        """Authenticate the user and retrieve authentication credentials."""
+        typer.secho(
+            "Please login with your user credentials here: "
+            f"{login_details.verification_uri_complete}",
+            fg=typer.colors.BLUE,
+        )
+        start_time = time.time()
+        time.sleep(login_details.interval)
+
+        while (time.time() - start_time) < login_details.expires_in:
+            res: GetAuthTokensResponse = exec_stub.GetAuthTokens(
+                GetAuthTokensRequest(device_code=login_details.device_code)
+            )
+
+            access_token = res.access_token
+            refresh_token = res.refresh_token
+
+            if access_token and refresh_token:
+                typer.secho(
+                    "✅ Login successful.",
+                    fg=typer.colors.GREEN,
+                    bold=False,
+                )
+                return UserAuthCredentials(
+                    access_token=access_token,
+                    refresh_token=refresh_token,
+                )
+
+            time.sleep(login_details.interval)
+
+        typer.secho(
+            "❌ Timeout, failed to sign in.",
+            fg=typer.colors.RED,
+            bold=True,
+        )
+        raise typer.Exit(code=1)
+
+    def store_tokens(self, credentials: UserAuthCredentials) -> None:
+        """Store authentication tokens to the `credentials_path`.
+
+        The credentials, including tokens, will be saved as a JSON file
+        at `credentials_path`.
+        """
+        self.access_token = credentials.access_token
+        self.refresh_token = credentials.refresh_token
+        json_dict = {
+            AUTH_TYPE_KEY: AuthType.OIDC,
+            ACCESS_TOKEN_KEY: credentials.access_token,
+            REFRESH_TOKEN_KEY: credentials.refresh_token,
+        }
+
+        with open(self.credentials_path, "w", encoding="utf-8") as file:
+            json.dump(json_dict, file, indent=4)
+
+    def load_tokens(self) -> None:
+        """Load authentication tokens from the `credentials_path`."""
+        with open(self.credentials_path, encoding="utf-8") as file:
+            json_dict: dict[str, Any] = json.load(file)
+            access_token = json_dict.get(ACCESS_TOKEN_KEY)
+            refresh_token = json_dict.get(REFRESH_TOKEN_KEY)
+
+        if isinstance(access_token, str) and isinstance(refresh_token, str):
+            self.access_token = access_token
+            self.refresh_token = refresh_token
+
+    def write_tokens_to_metadata(
+        self, metadata: Sequence[tuple[str, Union[str, bytes]]]
+    ) -> Sequence[tuple[str, Union[str, bytes]]]:
+        """Write authentication tokens to the provided metadata."""
+        if self.access_token is None or self.refresh_token is None:
+            typer.secho(
+                "❌ Missing authentication tokens. Please login first.",
+                fg=typer.colors.RED,
+                bold=True,
+            )
+            raise typer.Exit(code=1)
+
+        return list(metadata) + [
+            (ACCESS_TOKEN_KEY, self.access_token),
+            (REFRESH_TOKEN_KEY, self.refresh_token),
+        ]
+
+    def read_tokens_from_metadata(
+        self, metadata: Sequence[tuple[str, Union[str, bytes]]]
+    ) -> Optional[UserAuthCredentials]:
+        """Read authentication tokens from the provided metadata."""
+        metadata_dict = dict(metadata)
+        access_token = metadata_dict.get(ACCESS_TOKEN_KEY)
+        refresh_token = metadata_dict.get(REFRESH_TOKEN_KEY)
+
+        if isinstance(access_token, str) and isinstance(refresh_token, str):
+            return UserAuthCredentials(
+                access_token=access_token,
+                refresh_token=refresh_token,
+            )
+
+        return None

flwr/cli/login/login.py

@@ -34,7 +34,11 @@ from flwr.proto.exec_pb2 import (  # pylint: disable=E0611
 )
 from flwr.proto.exec_pb2_grpc import ExecStub
 
-from ..utils import init_channel, try_obtain_cli_auth_plugin
+from ..utils import (
+    init_channel,
+    try_obtain_cli_auth_plugin,
+    unauthenticated_exc_handler,
+)
 
 
 def login(  # pylint: disable=R0914
@@ -81,7 +85,8 @@ def login(  # pylint: disable=R0914
     stub = ExecStub(channel)
 
     login_request = GetLoginDetailsRequest()
-    login_response: GetLoginDetailsResponse = stub.GetLoginDetails(login_request)
+    with unauthenticated_exc_handler():
+        login_response: GetLoginDetailsResponse = stub.GetLoginDetails(login_request)
 
     # Get the auth plugin
     auth_type = login_response.auth_type
@@ -104,7 +109,8 @@ def login(  # pylint: disable=R0914
         expires_in=login_response.expires_in,
         interval=login_response.interval,
     )
-    credentials = auth_plugin.login(details, stub)
+    with unauthenticated_exc_handler():
+        credentials = auth_plugin.login(details, stub)
 
     # Store the tokens
     auth_plugin.store_tokens(credentials)

flwr/cli/utils.py

@@ -29,20 +29,13 @@ import typer
 
 from flwr.cli.cli_user_auth_interceptor import CliUserAuthInterceptor
 from flwr.common.auth_plugin import CliAuthPlugin
-from flwr.common.constant import AUTH_TYPE, CREDENTIALS_DIR, FLWR_DIR
+from flwr.common.constant import AUTH_TYPE_KEY, CREDENTIALS_DIR, FLWR_DIR
 from flwr.common.grpc import GRPC_MAX_MESSAGE_LENGTH, create_channel
 from flwr.common.logger import log
 
+from .auth_plugin import get_cli_auth_plugins
 from .config_utils import validate_certificate_in_federation_config
 
-try:
-    from flwr.ee import get_cli_auth_plugins
-except ImportError:
-
-    def get_cli_auth_plugins() -> dict[str, type[CliAuthPlugin]]:
-        """Return all CLI authentication plugins."""
-        raise NotImplementedError("No authentication plugins are currently supported.")
-
 
 def prompt_text(
     text: str,
@@ -244,7 +237,7 @@ def try_obtain_cli_auth_plugin(
         try:
             with config_path.open("r", encoding="utf-8") as file:
                 json_file = json.load(file)
-            auth_type = json_file[AUTH_TYPE]
+            auth_type = json_file[AUTH_TYPE_KEY]
         except (FileNotFoundError, KeyError):
             typer.secho(
                 "❌ Missing or invalid credentials for user authentication. "
@@ -308,12 +301,19 @@ def unauthenticated_exc_handler() -> Iterator[None]:
     try:
         yield
     except grpc.RpcError as e:
-        if e.code() != grpc.StatusCode.UNAUTHENTICATED:
-            raise
-        typer.secho(
-            "❌ Authentication failed. Please run `flwr login`"
-            " to authenticate and try again.",
-            fg=typer.colors.RED,
-            bold=True,
-        )
-        raise typer.Exit(code=1) from None
+        if e.code() == grpc.StatusCode.UNAUTHENTICATED:
+            typer.secho(
+                "❌ Authentication failed. Please run `flwr login`"
+                " to authenticate and try again.",
+                fg=typer.colors.RED,
+                bold=True,
+            )
+            raise typer.Exit(code=1) from None
+        if e.code() == grpc.StatusCode.UNIMPLEMENTED:
+            typer.secho(
+                "❌ User authentication is not enabled on this SuperLink.",
+                fg=typer.colors.RED,
+                bold=True,
+            )
+            raise typer.Exit(code=1) from None
+        raise

flwr/common/constant.py

@@ -108,7 +108,7 @@ MAX_RETRY_DELAY = 20  # Maximum delay duration between two consecutive retries.
 
 # Constants for user authentication
 CREDENTIALS_DIR = ".credentials"
-AUTH_TYPE = "auth_type"
+AUTH_TYPE_KEY = "auth_type"
 ACCESS_TOKEN_KEY = "access_token"
 REFRESH_TOKEN_KEY = "refresh_token"
 
@@ -200,3 +200,13 @@ class CliOutputFormat:
     def __new__(cls) -> CliOutputFormat:
         """Prevent instantiation."""
         raise TypeError(f"{cls.__name__} cannot be instantiated.")
+
+
+class AuthType:
+    """User authentication types."""
+
+    OIDC = "oidc"
+
+    def __new__(cls) -> AuthType:
+        """Prevent instantiation."""
+        raise TypeError(f"{cls.__name__} cannot be instantiated.")

flwr/common/logger.py

@@ -17,12 +17,13 @@
 
 import json as _json
 import logging
+import os
 import re
 import sys
 import threading
 import time
 from io import StringIO
-from logging import WARN, LogRecord
+from logging import ERROR, WARN, LogRecord
 from logging.handlers import HTTPHandler
 from queue import Empty, Queue
 from typing import TYPE_CHECKING, Any, Optional, TextIO, Union
@@ -42,6 +43,7 @@ from .constant import LOG_UPLOAD_INTERVAL
 LOGGER_NAME = "flwr"
 FLOWER_LOGGER = logging.getLogger(LOGGER_NAME)
 FLOWER_LOGGER.setLevel(logging.DEBUG)
+log = FLOWER_LOGGER.log  # pylint: disable=invalid-name
 
 LOG_COLORS = {
     "DEBUG": "\033[94m",  # Blue
@@ -101,7 +103,7 @@ class ConsoleHandler(StreamHandler):
 
 
 def update_console_handler(
-    level: Optional[int] = None,
+    level: Optional[Union[int, str]] = None,
     timestamps: Optional[bool] = None,
     colored: Optional[bool] = None,
 ) -> None:
@@ -125,6 +127,22 @@ console_handler = ConsoleHandler(
 console_handler.setLevel(logging.INFO)
 FLOWER_LOGGER.addHandler(console_handler)
 
+# Set log level via env var (show timestamps for `DEBUG`)
+if log_level := os.getenv("PYTHONLOGLEVEL"):
+    try:
+        use_time_stamps = log_level.upper() == "DEBUG"
+        update_console_handler(
+            level=log_level, timestamps=use_time_stamps, colored=True
+        )
+    except Exception:  # pylint: disable=broad-exception-caught
+        # Alert user but don't raise exception
+        log(
+            ERROR,
+            "Failed to set logging level %s. Using default level: %s",
+            log_level,
+            logging.getLevelName(console_handler.level),
+        )
+
 
 class CustomHTTPHandler(HTTPHandler):
     """Custom HTTPHandler which overrides the mapLogRecords method."""
@@ -185,10 +203,6 @@ def configure(
         FLOWER_LOGGER.addHandler(http_handler)
 
 
-logger = logging.getLogger(LOGGER_NAME)  # pylint: disable=invalid-name
-log = logger.log  # pylint: disable=invalid-name
-
-
 def warn_preview_feature(name: str) -> None:
     """Warn the user when they use a preview feature."""
     log(

flwr/server/app.py

@@ -31,12 +31,8 @@ from typing import Any, Optional
 
 import grpc
 import yaml
-from cryptography.exceptions import UnsupportedAlgorithm
 from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.hazmat.primitives.serialization import (
-    load_ssh_private_key,
-    load_ssh_public_key,
-)
+from cryptography.hazmat.primitives.serialization import load_ssh_public_key
 
 from flwr.common import GRPC_MAX_MESSAGE_LENGTH, EventType, event
 from flwr.common.address import parse_address
@@ -44,7 +40,7 @@ from flwr.common.args import try_obtain_server_certificates
 from flwr.common.auth_plugin import ExecAuthPlugin
 from flwr.common.config import get_flwr_dir, parse_config_args
 from flwr.common.constant import (
-    AUTH_TYPE,
+    AUTH_TYPE_KEY,
     CLIENT_OCTET,
     EXEC_API_DEFAULT_SERVER_ADDRESS,
     FLEET_API_GRPC_BIDI_DEFAULT_ADDRESS,
@@ -64,7 +60,6 @@ from flwr.common.exit_handlers import register_exit_handlers
 from flwr.common.grpc import generic_create_grpc_server
 from flwr.common.logger import log, warn_deprecated_feature
 from flwr.common.secure_aggregation.crypto.symmetric_encryption import (
-    private_key_to_bytes,
     public_key_to_bytes,
 )
 from flwr.proto.fleet_pb2_grpc import (  # pylint: disable=E0611
@@ -378,21 +373,12 @@ def run_superlink() -> None:
             fleet_thread.start()
             bckg_threads.append(fleet_thread)
         elif args.fleet_api_type == TRANSPORT_TYPE_GRPC_RERE:
-            maybe_keys = _try_setup_node_authentication(args, certificates)
+            node_public_keys = _try_load_public_keys_node_authentication(args)
             interceptors: Optional[Sequence[grpc.ServerInterceptor]] = None
-            if maybe_keys is not None:
-                (
-                    node_public_keys,
-                    server_private_key,
-                    server_public_key,
-                ) = maybe_keys
+            if node_public_keys is not None:
                 state = state_factory.state()
-                state.clear_supernode_auth_keys_and_credentials()
+                state.clear_supernode_auth_keys()
                 state.store_node_public_keys(node_public_keys)
-                state.store_server_private_public_key(
-                    private_key_to_bytes(server_private_key),
-                    public_key_to_bytes(server_public_key),
-                )
                 log(
                     INFO,
                     "Node authentication enabled with %d known public keys",
@@ -541,34 +527,20 @@ def _format_address(address: str) -> tuple[str, str, int]:
     return (f"[{host}]:{port}" if is_v6 else f"{host}:{port}", host, port)
 
 
-def _try_setup_node_authentication(
+def _try_load_public_keys_node_authentication(
     args: argparse.Namespace,
-    certificates: Optional[tuple[bytes, bytes, bytes]],
-) -> Optional[tuple[set[bytes], ec.EllipticCurvePrivateKey, ec.EllipticCurvePublicKey]]:
-    if (
-        not args.auth_list_public_keys
-        and not args.auth_superlink_private_key
-        and not args.auth_superlink_public_key
-    ):
-        return None
-
-    if (
-        not args.auth_list_public_keys
-        or not args.auth_superlink_private_key
-        or not args.auth_superlink_public_key
-    ):
-        sys.exit(
-            "Authentication requires providing file paths for "
-            "'--auth-list-public-keys', '--auth-superlink-private-key' and "
-            "'--auth-superlink-public-key'. Provide all three to enable authentication."
+) -> Optional[set[bytes]]:
+    """Return a set of node public keys."""
+    if args.auth_superlink_private_key or args.auth_superlink_public_key:
+        log(
+            WARN,
+            "The `--auth-superlink-private-key` and `--auth-superlink-public-key` "
+            "arguments are deprecated and will be removed in a future release. Node "
+            "authentication no longer requires these arguments.",
         )
 
-    if certificates is None:
-        sys.exit(
-            "Authentication requires secure connections. "
-            "Please provide certificate paths to `--ssl-certfile`, "
-            "`--ssl-keyfile`, and `—-ssl-ca-certfile` and try again."
-        )
+    if not args.auth_list_public_keys:
+        return None
 
     node_keys_file_path = Path(args.auth_list_public_keys)
     if not node_keys_file_path.exists():
@@ -581,35 +553,6 @@ def _try_setup_node_authentication(
 
     node_public_keys: set[bytes] = set()
 
-    try:
-        ssh_private_key = load_ssh_private_key(
-            Path(args.auth_superlink_private_key).read_bytes(),
-            None,
-        )
-        if not isinstance(ssh_private_key, ec.EllipticCurvePrivateKey):
-            raise ValueError()
-    except (ValueError, UnsupportedAlgorithm):
-        sys.exit(
-            "Error: Unable to parse the private key file in "
-            "'--auth-superlink-private-key'. Authentication requires elliptic "
-            "curve private and public key pair. Please ensure that the file "
-            "path points to a valid private key file and try again."
-        )
-
-    try:
-        ssh_public_key = load_ssh_public_key(
-            Path(args.auth_superlink_public_key).read_bytes()
-        )
-        if not isinstance(ssh_public_key, ec.EllipticCurvePublicKey):
-            raise ValueError()
-    except (ValueError, UnsupportedAlgorithm):
-        sys.exit(
-            "Error: Unable to parse the public key file in "
-            "'--auth-superlink-public-key'. Authentication requires elliptic "
-            "curve private and public key pair. Please ensure that the file "
-            "path points to a valid public key file and try again."
-        )
-
     with open(node_keys_file_path, newline="", encoding="utf-8") as csvfile:
         reader = csv.reader(csvfile)
         for row in reader:
@@ -623,11 +566,7 @@ def _try_setup_node_authentication(
                         "file. Please ensure that the CSV file path points to a valid "
                         "known SSH public keys files and try again."
                     )
-        return (
-            node_public_keys,
-            ssh_private_key,
-            ssh_public_key,
-        )
+    return node_public_keys
 
 
 def _try_obtain_exec_auth_plugin(
@@ -639,7 +578,7 @@ def _try_obtain_exec_auth_plugin(
 
     # Load authentication configuration
     auth_config: dict[str, Any] = config.get("authentication", {})
-    auth_type: str = auth_config.get(AUTH_TYPE, "")
+    auth_type: str = auth_config.get(AUTH_TYPE_KEY, "")
 
     # Load authentication plugin
     try:
@@ -840,12 +779,12 @@ def _add_args_common(parser: argparse.ArgumentParser) -> None:
     parser.add_argument(
         "--auth-superlink-private-key",
         type=str,
-        help="The SuperLink's private key (as a path str) to enable authentication.",
+        help="This argument is deprecated and will be removed in a future release.",
     )
     parser.add_argument(
         "--auth-superlink-public-key",
         type=str,
-        help="The SuperLink's public key (as a path str) to enable authentication.",
+        help="This argument is deprecated and will be removed in a future release.",
     )
 
 

flwr/server/superlink/linkstate/in_memory_linkstate.py

@@ -74,8 +74,6 @@ class InMemoryLinkState(LinkState):  # pylint: disable=R0902,R0904
         self.task_ins_id_to_task_res_id: dict[UUID, UUID] = {}
 
         self.node_public_keys: set[bytes] = set()
-        self.server_public_key: Optional[bytes] = None
-        self.server_private_key: Optional[bytes] = None
 
         self.lock = threading.RLock()
 
@@ -403,30 +401,9 @@ class InMemoryLinkState(LinkState):  # pylint: disable=R0902,R0904
         log(ERROR, "Unexpected run creation failure.")
         return 0
 
-    def store_server_private_public_key(
-        self, private_key: bytes, public_key: bytes
-    ) -> None:
-        """Store `server_private_key` and `server_public_key` in the link state."""
+    def clear_supernode_auth_keys(self) -> None:
+        """Clear stored `node_public_keys` in the link state if any."""
         with self.lock:
-            if self.server_private_key is None and self.server_public_key is None:
-                self.server_private_key = private_key
-                self.server_public_key = public_key
-            else:
-                raise RuntimeError("Server private and public key already set")
-
-    def get_server_private_key(self) -> Optional[bytes]:
-        """Retrieve `server_private_key` in urlsafe bytes."""
-        return self.server_private_key
-
-    def get_server_public_key(self) -> Optional[bytes]:
-        """Retrieve `server_public_key` in urlsafe bytes."""
-        return self.server_public_key
-
-    def clear_supernode_auth_keys_and_credentials(self) -> None:
-        """Clear stored `node_public_keys` and credentials in the link state if any."""
-        with self.lock:
-            self.server_private_key = None
-            self.server_public_key = None
             self.node_public_keys.clear()
 
     def store_node_public_keys(self, public_keys: set[bytes]) -> None:

flwr/server/superlink/linkstate/linkstate.py

@@ -264,22 +264,8 @@ class LinkState(abc.ABC):  # pylint: disable=R0904
         """
 
     @abc.abstractmethod
-    def store_server_private_public_key(
-        self, private_key: bytes, public_key: bytes
-    ) -> None:
-        """Store `server_private_key` and `server_public_key` in the link state."""
-
-    @abc.abstractmethod
-    def get_server_private_key(self) -> Optional[bytes]:
-        """Retrieve `server_private_key` in urlsafe bytes."""
-
-    @abc.abstractmethod
-    def get_server_public_key(self) -> Optional[bytes]:
-        """Retrieve `server_public_key` in urlsafe bytes."""
-
-    @abc.abstractmethod
-    def clear_supernode_auth_keys_and_credentials(self) -> None:
-        """Clear stored `node_public_keys` and credentials in the link state if any."""
+    def clear_supernode_auth_keys(self) -> None:
+        """Clear stored `node_public_keys` in the link state if any."""
 
     @abc.abstractmethod
     def store_node_public_keys(self, public_keys: set[bytes]) -> None:

flwr/server/superlink/linkstate/sqlite_linkstate.py

@@ -71,13 +71,6 @@ CREATE TABLE IF NOT EXISTS node(
 );
 """
 
-SQL_CREATE_TABLE_CREDENTIAL = """
-CREATE TABLE IF NOT EXISTS credential(
-    private_key     BLOB PRIMARY KEY,
-    public_key      BLOB
-);
-"""
-
 SQL_CREATE_TABLE_PUBLIC_KEY = """
 CREATE TABLE IF NOT EXISTS public_key(
     public_key      BLOB PRIMARY KEY
@@ -208,7 +201,6 @@ class SqliteLinkState(LinkState):  # pylint: disable=R0904
         cur.execute(SQL_CREATE_TABLE_TASK_INS)
         cur.execute(SQL_CREATE_TABLE_TASK_RES)
         cur.execute(SQL_CREATE_TABLE_NODE)
-        cur.execute(SQL_CREATE_TABLE_CREDENTIAL)
         cur.execute(SQL_CREATE_TABLE_PUBLIC_KEY)
         cur.execute(SQL_CREATE_INDEX_ONLINE_UNTIL)
         res = cur.execute("SELECT name FROM sqlite_schema;")
@@ -773,46 +765,9 @@ class SqliteLinkState(LinkState):  # pylint: disable=R0904
         log(ERROR, "Unexpected run creation failure.")
         return 0
 
-    def store_server_private_public_key(
-        self, private_key: bytes, public_key: bytes
-    ) -> None:
-        """Store `server_private_key` and `server_public_key` in the link state."""
-        query = "SELECT COUNT(*) FROM credential"
-        count = self.query(query)[0]["COUNT(*)"]
-        if count < 1:
-            query = (
-                "INSERT OR REPLACE INTO credential (private_key, public_key) "
-                "VALUES (:private_key, :public_key)"
-            )
-            self.query(query, {"private_key": private_key, "public_key": public_key})
-        else:
-            raise RuntimeError("Server private and public key already set")
-
-    def get_server_private_key(self) -> Optional[bytes]:
-        """Retrieve `server_private_key` in urlsafe bytes."""
-        query = "SELECT private_key FROM credential"
-        rows = self.query(query)
-        try:
-            private_key: Optional[bytes] = rows[0]["private_key"]
-        except IndexError:
-            private_key = None
-        return private_key
-
-    def get_server_public_key(self) -> Optional[bytes]:
-        """Retrieve `server_public_key` in urlsafe bytes."""
-        query = "SELECT public_key FROM credential"
-        rows = self.query(query)
-        try:
-            public_key: Optional[bytes] = rows[0]["public_key"]
-        except IndexError:
-            public_key = None
-        return public_key
-
-    def clear_supernode_auth_keys_and_credentials(self) -> None:
-        """Clear stored `node_public_keys` and credentials in the link state if any."""
-        queries = ["DELETE FROM public_key;", "DELETE FROM credential;"]
-        for query in queries:
-            self.query(query)
+    def clear_supernode_auth_keys(self) -> None:
+        """Clear stored `node_public_keys` in the link state if any."""
+        self.query("DELETE FROM public_key;")
 
     def store_node_public_keys(self, public_keys: set[bytes]) -> None:
         """Store a set of `node_public_keys` in the link state."""

{flwr_nightly-1.15.0.dev20250124.dist-info → flwr_nightly-1.15.0.dev20250127.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: flwr-nightly
-Version: 1.15.0.dev20250124
+Version: 1.15.0.dev20250127
 Summary: Flower: A Friendly Federated AI Framework
 Home-page: https://flower.ai
 License: Apache-2.0

{flwr_nightly-1.15.0.dev20250124.dist-info → flwr_nightly-1.15.0.dev20250127.dist-info}/RECORD

@@ -1,6 +1,8 @@
 flwr/__init__.py,sha256=VmBWedrCxqmt4QvUHBLqyVEH6p7zaFMD_oCHerXHSVw,937
 flwr/cli/__init__.py,sha256=cZJVgozlkC6Ni2Hd_FAIrqefrkCGOV18fikToq-6iLw,720
 flwr/cli/app.py,sha256=UeXrW5gxrUnFViDjAMIxGNZZKwu3a1oAj83v53IWIWM,1382
+flwr/cli/auth_plugin/__init__.py,sha256=FyaoqPzcxlBTFfJ2sBRC5USwQLmAhFr5KuBwfMO4bmo,1052
+flwr/cli/auth_plugin/oidc_cli_plugin.py,sha256=nooDDWO_3bWYqi_KBrsO3YteDIIuvTZD30XymbvRPlA,5374
 flwr/cli/build.py,sha256=4P70i_FnUs0P21aTwjTXtFQSAfY-C04hUDF-2npfJdo,6345
 flwr/cli/cli_user_auth_interceptor.py,sha256=aZepPA298s-HjGmkJGMvI_uZe72O5aLC3jri-ilG53o,3126
 flwr/cli/config_utils.py,sha256=LelRR960I36n1IPw7BIu79fKoOh0JePA58kAtoXSTH0,7518
@@ -9,7 +11,7 @@ flwr/cli/example.py,sha256=uk5CoD0ZITgpY_ffsTbEKf8XOOCSUzByjHPcMSPqV18,2216
 flwr/cli/install.py,sha256=-RnrYGejN_zyXXp_CoddSQwoQfRTWWyt9WYlxphJzyU,8180
 flwr/cli/log.py,sha256=vcO-r5EIc127mOQ26uxKVITX-w_Zib7AxSVuuN70_JY,6671
 flwr/cli/login/__init__.py,sha256=6_9zOzbPOAH72K2wX3-9dXTAbS7Mjpa5sEn2lA6eHHI,800
-flwr/cli/login/login.py,sha256=EOU1E-89VPn5Ns7ytaDdGNVVeOoC4ULFjtNPogjXGGQ,3783
+flwr/cli/login/login.py,sha256=iNnNF1bvV0n8Z-vNc89azFNA73JqKZlO1s5OF2atsTc,3917
 flwr/cli/ls.py,sha256=5KCHdctN5f5GkCAkbZSC1OuKdhmLzobINpltsdtDtQU,11383
 flwr/cli/new/__init__.py,sha256=pOQtPT9W4kCIttcKne5m-FtJbvTqdjTVJxzQ9AUYK8I,790
 flwr/cli/new/new.py,sha256=scyyKt8mzkc3El1bypgkHjKwVQEc2-q4I50PxriPFdI,9922
@@ -68,7 +70,7 @@ flwr/cli/new/templates/app/pyproject.tensorflow.toml.tpl,sha256=r0SZnvoR5a5mEWKJ
 flwr/cli/run/__init__.py,sha256=cCsKVB0SFzh2b3QmGba6BHckB85xlhjh3mh4pBpACtY,790
 flwr/cli/run/run.py,sha256=kEOYKin9qPJy8SODxcAvIWk-OskKPsxvcbvhDhf2VD4,8299
 flwr/cli/stop.py,sha256=DBCKg9AhB1WcJsyqfkHKR1_V_yT7D32zqa9QhmX9IAU,4926
-flwr/cli/utils.py,sha256=z5WFbh2RwMirFcv6QtV_4rJlK7ad2XrUJUsinNhqE28,11310
+flwr/cli/utils.py,sha256=D6XmroF6iu-AT02xbp2vWK6nGGgAPBLPRlJw9Cmx0SA,11390
 flwr/client/__init__.py,sha256=DGDoO0AEAfz-0CUFmLdyUUweAS64-07AOnmDfWUefK4,1192
 flwr/client/app.py,sha256=tNnef5wGVfqMiiGiWzAuULyy1QpvCKukiRmNi_a2cQc,34261
 flwr/client/client.py,sha256=8o58nd9o6ZFcMIaVYPGcV4MSjBG4H0oFgWiv8ZEO3oA,7895
@@ -115,7 +117,7 @@ flwr/common/args.py,sha256=bCvtG0hhh_hVjl9NoWsY_g7kLMIN3jCN7B883HvZ7hg,6223
 flwr/common/auth_plugin/__init__.py,sha256=1Y8Oj3iB49IHDu9tvDih1J74Ygu7k85V9s2A4WORPyA,887
 flwr/common/auth_plugin/auth_plugin.py,sha256=wgDorBUB4IkK6twQ8vNawRVz7BDPmKdXZBNLqhU9RSs,3871
 flwr/common/config.py,sha256=n6T5Vi6BUFul37GUpKp9Doqnz35phJqSud_G3ySWlIQ,13336
-flwr/common/constant.py,sha256=FLqav6UCcdCG61XZr31fmAFqOu4WRFG8zcbnwUyYJ4w,6202
+flwr/common/constant.py,sha256=mw2H-rTFI5Lwv8EK2dlW5RDAynQWeSawcwup2p0vLN4,6419
 flwr/common/context.py,sha256=uJ-mnoC_8y_udEb3kAX-r8CPphNTWM72z1AlsvQEu54,2403
 flwr/common/date.py,sha256=NHHpESce5wYqEwoDXf09gp9U9l_5Bmlh2BsOcwS-kDM,1554
 flwr/common/differential_privacy.py,sha256=XwcJ3rWr8S8BZUocc76vLSJAXIf6OHnWkBV6-xlIRuw,6106
@@ -126,7 +128,7 @@ flwr/common/exit/exit.py,sha256=DmZFyksp-w1sFDQekq5Z-qfnr-ivCAv78aQkqj-TDps,3458
 flwr/common/exit/exit_code.py,sha256=PNEnCrZfOILjfDAFu5m-2YWEJBrk97xglq4zCUlqV7E,3470
 flwr/common/exit_handlers.py,sha256=Dke87CC6d6b6kqkC2mF0I4JsP4mHhlQTFxkS4sKKgyw,3308
 flwr/common/grpc.py,sha256=GCdiTCppW-clhzOo7OIJbsKIWKnJ9pqNTsAKhj7y4So,9646
-flwr/common/logger.py,sha256=UPyI_98EDibqgf3epgWxFHxdXgYReSWtaKFf9Mj0hd0,12306
+flwr/common/logger.py,sha256=xgS-oEN6U54vEYoWdX0U0ymqMfndhK0-ePiGtmjHdmU,12852
 flwr/common/message.py,sha256=Zv4ID2BLQsbff0F03DI_MeFoHbSqVZAdDD9NcKYv6Zo,13832
 flwr/common/object_ref.py,sha256=fIXf8aP5mG6Nuni7dvcKK5Di3zRfRWGs4ljvqIXplds,10115
 flwr/common/parameter.py,sha256=-bFAUayToYDF50FZGrBC1hQYJCQDtB2bbr3ZuVLMtdE,2095
@@ -215,7 +217,7 @@ flwr/proto/transport_pb2_grpc.py,sha256=Nvn7oxzm1g1fPiGCGhyKxILDZHYG0CcgjySTzxq-
 flwr/proto/transport_pb2_grpc.pyi,sha256=AGXf8RiIiW2J5IKMlm_3qT3AzcDa4F3P5IqUjve_esA,766
 flwr/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 flwr/server/__init__.py,sha256=cEg1oecBu4cKB69iJCqWEylC8b5XW47bl7rQiJsdTvM,1528
-flwr/server/app.py,sha256=7Ru-udfJDLU3VHa47q_4ErdKROvuyRktjO6GWZMdvvg,32865
+flwr/server/app.py,sha256=ZHtoXbMzvTf82z96__WDv_ZaPqAYwVtCAZylwVXjOuE,30606
 flwr/server/client_manager.py,sha256=7Ese0tgrH-i-ms363feYZJKwB8gWnXSmg_hYF2Bju4U,6227
 flwr/server/client_proxy.py,sha256=4G-oTwhb45sfWLx2uZdcXD98IZwdTS6F88xe3akCdUg,2399
 flwr/server/compat/__init__.py,sha256=VxnJtJyOjNFQXMNi9hIuzNlZM5n0Hj1p3aq_Pm2udw4,892
@@ -289,10 +291,10 @@ flwr/server/superlink/fleet/vce/backend/backend.py,sha256=LBAQxnbfPAphVOVIvYMj0Q
 flwr/server/superlink/fleet/vce/backend/raybackend.py,sha256=jsUkFEVQTnrucK1jNQ_cUM8YwL7W4MQNA1GAf8ibRdg,7156
 flwr/server/superlink/fleet/vce/vce_api.py,sha256=WTnUILr1OHS8LfjXQUA3FyWJYdJgdqpFAybyJUD-1Xo,13025
 flwr/server/superlink/linkstate/__init__.py,sha256=v-2JyJlCB3qyhMNwMjmcNVOq4rkooqFU0LHH8Zo1jls,1064
-flwr/server/superlink/linkstate/in_memory_linkstate.py,sha256=v02iAvIlUqNnHodj_nERZh5lE5s-V3SxF3OiuoCnMXE,21561
-flwr/server/superlink/linkstate/linkstate.py,sha256=oHqOOgmsbi7V8zc0pbZeypcvXEtPXRckrp6cdGG52Qo,12694
+flwr/server/superlink/linkstate/in_memory_linkstate.py,sha256=4ahMj7TLe-GO2ctyeZ2BBRkviGv27s6x1NS_ETRJHP8,20514
+flwr/server/superlink/linkstate/linkstate.py,sha256=LWA5zRwN829GDAeSo5kmkzsMu0SkXa9qg4aG_0QN0uk,12159
 flwr/server/superlink/linkstate/linkstate_factory.py,sha256=ISSMjDlwuN7swxjOeYlTNpI_kuZ8PGkMcJnf1dbhUSE,2069
-flwr/server/superlink/linkstate/sqlite_linkstate.py,sha256=zk3V63_sgRqKOpXXX02TfqLZpHpcxUHrVAGfxPq0yvA,42101
+flwr/server/superlink/linkstate/sqlite_linkstate.py,sha256=E07w0_eCoOnZOBbdh3I3PN5k5tqt4LrEnYAuiMOF0I0,40398
 flwr/server/superlink/linkstate/utils.py,sha256=EpRehwI4NeEW3oINICPWP9STK49N0aszd5s5jtle7DQ,13602
 flwr/server/superlink/simulation/__init__.py,sha256=mg-oapC9dkzEfjXPQFior5lpWj4g9kwbLovptyYM_g0,718
 flwr/server/superlink/simulation/simulationio_grpc.py,sha256=8aUrZZLdvprKUfLLqFID4aItus9beU6m1qLQYIPB7k0,2224
@@ -325,8 +327,8 @@ flwr/superexec/exec_servicer.py,sha256=X10ILT-AoGMrB3IgI2mBe9i-QcIVUAl9bucuqVOPY
 flwr/superexec/exec_user_auth_interceptor.py,sha256=K06OU-l4LnYhTDg071hGJuOaQWEJbZsYi5qxUmmtiG0,3704
 flwr/superexec/executor.py,sha256=_B55WW2TD1fBINpabSSDRenVHXYmvlfhv-k8hJKU4lQ,3115
 flwr/superexec/simulation.py,sha256=WQDon15oqpMopAZnwRZoTICYCfHqtkvFSqiTQ2hLD_g,4088
-flwr_nightly-1.15.0.dev20250124.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
-flwr_nightly-1.15.0.dev20250124.dist-info/METADATA,sha256=tr-JyBTsXNIUah1qY_BnD7Uhtsukv8Ktq5edbetabJs,15864
-flwr_nightly-1.15.0.dev20250124.dist-info/WHEEL,sha256=FMvqSimYX_P7y0a7UY-_Mc83r5zkBZsCYPm7Lr0Bsq4,88
-flwr_nightly-1.15.0.dev20250124.dist-info/entry_points.txt,sha256=JlNxX3qhaV18_2yj5a3kJW1ESxm31cal9iS_N_pf1Rk,538
-flwr_nightly-1.15.0.dev20250124.dist-info/RECORD,,
+flwr_nightly-1.15.0.dev20250127.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+flwr_nightly-1.15.0.dev20250127.dist-info/METADATA,sha256=3hQe9KaV1UnCUP4MqYVnJR50-ki9SgS0a2m4Mv5E0oM,15864
+flwr_nightly-1.15.0.dev20250127.dist-info/WHEEL,sha256=FMvqSimYX_P7y0a7UY-_Mc83r5zkBZsCYPm7Lr0Bsq4,88
+flwr_nightly-1.15.0.dev20250127.dist-info/entry_points.txt,sha256=JlNxX3qhaV18_2yj5a3kJW1ESxm31cal9iS_N_pf1Rk,538
+flwr_nightly-1.15.0.dev20250127.dist-info/RECORD,,