PyPI - kinde-python-sdk - Versions diffs - 2.2.0__py3-none-any.whl → 2.3.0__py3-none-any.whl - Mend

kinde-python-sdk 2.2.0py3-none-any.whl → 2.3.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

kinde_fastapi/examples/example_app.py CHANGED Viewed

@@ -1,304 +1,143 @@
 """
-SmartOAuth FastAPI Example Application
+Kinde FastAPI Example Application
-This example demonstrates how to use the new SmartOAuth client in a FastAPI application.
-SmartOAuth automatically detects the execution context (sync vs async) and uses the
-appropriate methods, providing a consistent API across different frameworks.
+This example demonstrates how to use the Kinde OAuth client in a FastAPI application.
+The OAuth class automatically registers authentication routes and handles the OAuth flow.
 Key Features Demonstrated:
-- Automatic context detection (async in FastAPI)
-- Both sync and async method usage
-- Warning system for suboptimal usage
-- Integration with auth modules (sync and async)
-- Factory function usage
-- Real-world authentication flow
+- Simple OAuth setup with FastAPI
+- Automatic route registration (/login, /logout, /callback, /register, /user)
+- Authentication status checking
+- User information retrieval
 Usage:
-1. Set up your environment variables (see .env.example)
-2. Run: python -m uvicorn kinde_fastapi.examples.example_app:app --reload
-3. Visit http://localhost:5000
+1. Set up your environment variables in a .env file:
+   - KINDE_CLIENT_ID=your_client_id
+   - KINDE_CLIENT_SECRET=your_client_secret
+   - KINDE_REDIRECT_URI=http://localhost:8000/callback
+   - KINDE_HOST=https://your-domain.kinde.com
+2. Run from the SDK root directory:
+   python -m uvicorn kinde_fastapi.examples.example_app:app --reload --port 8000
+3. Visit http://localhost:8000
+Available Routes (automatically registered):
+- /login - Redirects to Kinde login
+- /logout - Logs out the user
+- /callback - Handles OAuth callback
+- /register - Redirects to Kinde registration
+- /user - Returns user information (redirects to login if not authenticated)
 """
-from fastapi import FastAPI, Request
-from fastapi.responses import HTMLResponse
-from starlette.middleware.sessions import SessionMiddleware
+from fastapi import FastAPI
+from fastapi.responses import HTMLResponse, RedirectResponse
 from .session import InMemorySessionMiddleware
-from pathlib import Path
 import os
+import html
 from dotenv import load_dotenv
 import logging
-from kinde_sdk import SmartOAuth, create_oauth_client
-from kinde_sdk.auth import claims, feature_flags, permissions, tokens, async_claims
-from kinde_sdk.management import ManagementClient;
-from kinde_sdk.management.management_token_manager import ManagementTokenManager
-import requests
+from kinde_sdk.auth.oauth import OAuth
 logger = logging.getLogger(__name__)
-# Load environment variables from .env file
-load_dotenv()
+# Load environment variables from .env file located alongside this script
+load_dotenv(os.path.join(os.path.dirname(__file__), ".env"))
 # Initialize FastAPI app
 app = FastAPI(title="Kinde FastAPI Example")
 # Add session middleware with proper configuration
+# This is required for storing session data between requests
 app.add_middleware(
     InMemorySessionMiddleware,
     max_age=3600,  # 1 hour
     https_only=False
 )
-# Initialize Kinde SmartOAuth with FastAPI framework
-# SmartOAuth automatically detects the async context and uses the appropriate methods
-kinde_oauth = SmartOAuth(
+# Initialize Kinde OAuth with FastAPI framework
+# This automatically registers /login, /logout, /callback, /register, /user routes
+kinde_oauth = OAuth(
     framework="fastapi",
     app=app
 )
-# Alternative: You can also use the factory function
-# kinde_oauth = create_oauth_client(
-#     async_mode=None,  # None means auto-detect (SmartOAuth)
-#     framework="fastapi",
-#     app=app
-# )
 # Example home route
 @app.get("/", response_class=HTMLResponse)
-async def home(request: Request):
+def home():
     """
     Home page that shows different content based on authentication status.
     """
     if kinde_oauth.is_authenticated():
-        # In FastAPI (async context), SmartOAuth will use async methods automatically
-        # You can use either sync or async methods - SmartOAuth will handle the context
-        # Option 1: Use async methods (recommended in async context)
-        user_async = await kinde_oauth.get_user_info_async()
-        # Use the async version for better performance
-        user = user_async
-        # Validate environment variables
-        domain = os.getenv("KINDE_DOMAIN")
-        client_id = os.getenv("KINDE_MANAGEMENT_CLIENT_ID")
-        client_secret = os.getenv("KINDE_MANAGEMENT_CLIENT_SECRET")
-        if not all([domain, client_id, client_secret]):
-            return """
+        try:
+            user = kinde_oauth.get_user_info()
+        except Exception as e:
+            error_msg = html.escape(str(e))
+            logger.exception("Error getting user info")
+            return f"""
             <html>
                 <body>
-                    <h1>Configuration Error</h1>
-                    <p>Missing required environment variables for management client.</p>
+                    <h1>Error</h1>
+                    <p>Failed to get user information: {error_msg}</p>
                     <a href="/logout">Logout</a>
                 </body>
             </html>
             """
-        management_client = ManagementClient(
-            domain=domain,
-            client_id=client_id,
-            client_secret=client_secret
-        )
-        try:
-            api_response = management_client.get_users()
-            user_count = len(api_response.users) if hasattr(api_response, 'users') else 0
-        except Exception as e:
-            logger.error(f"Failed to fetch users: {e}")
-            user_count = 0
-        # Demonstrate both sync and async auth module usage
-        claims_sync = await claims.get_all_claims()
-        claims_async = await async_claims.get_all_claims()
-        feature_flags_data = await feature_flags.get_all_flags()
-        permissions_data = await permissions.get_permissions()
-        access_token = tokens.get_token_manager().get_access_token()
-        return f"""
-        <html>
-            <body>
-                <h1>Welcome, {user.get('email')}!</h1>
-                <h2>SmartOAuth Demo - FastAPI (Async Context)</h2>
-                <p><strong>User Info (async):</strong> {user.get('email')}</p>
-                <p><strong>Claims (sync):</strong> {claims_sync}</p>
-                <p><strong>Claims (async):</strong> {claims_async}</p>
-                <p><strong>Feature Flags:</strong> {feature_flags_data}</p>
-                <p><strong>Permissions:</strong> {permissions_data}</p>
-                <p><strong>Access Token:</strong> {access_token[:20]}...</p>
-                <p><strong>Management Users:</strong> {user_count} user(s) found</p>
-                <p><em>Note: SmartOAuth automatically detected the async context and used async methods.</em></p>
-                <p>You are logged in.</p>
-                <hr>
-                <h3>Demo Routes:</h3>
-                <ul>
-                    <li><a href="/demo_smart_oauth">SmartOAuth Demo (JSON)</a></li>
-                    <li><a href="/demo_auth_modules">Auth Modules Demo (JSON)</a></li>
-                    <li><a href="/call_management_users">Call Management Users</a></li>
-                </ul>
-                <hr>
-                <a href="/logout">Logout</a>
-            </body>
-        </html>
-        """
+        else:
+            email = html.escape(user.get('email', 'N/A'))
+            given_name = html.escape(user.get('given_name', ''))
+            family_name = html.escape(user.get('family_name', ''))
+            user_id = html.escape(user.get('sub', 'N/A'))
+            return f"""
+            <html>
+                <body>
+                    <h1>Welcome, {email}!</h1>
+                    <p>You are logged in.</p>
+                    <h3>User Information:</h3>
+                    <ul>
+                        <li><strong>Email:</strong> {email}</li>
+                        <li><strong>Name:</strong> {given_name} {family_name}</li>
+                        <li><strong>ID:</strong> {user_id}</li>
+                    </ul>
+                    <hr>
+                    <p><a href="/user">View Full User Info (JSON)</a></p>
+                    <p><a href="/logout">Logout</a></p>
+                </body>
+            </html>
+            """
     return """
     <html>
         <body>
-            <h1>Welcome to the SmartOAuth Example App</h1>
+            <h1>Welcome to the Kinde FastAPI Example</h1>
             <p>You are not logged in.</p>
-            <p>This example demonstrates SmartOAuth in a FastAPI application.</p>
-            <a href="/login">Login with SmartOAuth</a>
+            <p>This example demonstrates Kinde OAuth integration with FastAPI.</p>
+            <p><a href="/login">Login</a> | <a href="/register">Register</a></p>
         </body>
-            </html>
+    </html>
     """
-@app.get("/login")
-async def login():
-    """
-    Initiate login with SmartOAuth.
-    """
-    try:
-        # SmartOAuth will automatically use async methods in FastAPI context
-        login_url = await kinde_oauth.login()
-        return {"login_url": login_url}
-    except Exception as e:
-        logger.error(f"Login error: {e}")
-        return {"error": str(e)}
-@app.get("/logout")
-async def logout():
+@app.get("/protected")
+def protected_route():
     """
-    Logout using SmartOAuth.
+    Example of a protected route that requires authentication.
+    Redirects to login if not authenticated.
     """
-    try:
-        # SmartOAuth will automatically use async methods in FastAPI context
-        logout_url = await kinde_oauth.logout()
-        return {"logout_url": logout_url}
-    except Exception as e:
-        logger.error(f"Logout error: {e}")
-        return {"error": str(e)}
-@app.get("/call_management_users")
-async def call_management_users():
     if not kinde_oauth.is_authenticated():
-        return {"error": "Not authenticated"}
-    domain = os.getenv("KINDE_DOMAIN")
-    client_id = os.getenv("KINDE_MANAGEMENT_CLIENT_ID")
-    client_secret = os.getenv("KINDE_MANAGEMENT_CLIENT_SECRET")
-    if not all([domain, client_id, client_secret]):
-        return {"error": "Missing management credentials"}
+        return RedirectResponse("/login")
     try:
-        token_manager = ManagementTokenManager(
-            domain=domain,
-            client_id=client_id,
-            client_secret=client_secret
-        )
-        access_token = token_manager.get_access_token()
-        headers = {
-            "Authorization": f"Bearer {access_token}"
+        user = kinde_oauth.get_user_info()
+        return {
+            "message": "This is a protected route",
+            "user": user.get('email')
         }
-        response = requests.get("http://localhost:8000/management/users", headers=headers)
-        response.raise_for_status()
-        return response.json()
-    except Exception as e:
-        logger.error(f"Failed to call management users: {e}")
-        return {"error": str(e)}
+    except Exception:
+        logger.exception("Error getting user info in protected route")
+        return RedirectResponse("/login")
-@app.get("/demo_smart_oauth")
-async def demo_smart_oauth():
-    """
-    Demonstrate SmartOAuth features in FastAPI context.
-    """
-    if not kinde_oauth.is_authenticated():
-        return {"error": "Not authenticated"}
-    # Demonstrate different SmartOAuth usage patterns
-    results = {}
-    # 1. Async methods (recommended in async context)
-    try:
-        user_async = await kinde_oauth.get_user_info_async()
-        results["user_async"] = user_async.get('email')
-    except Exception as e:
-        results["user_async_error"] = str(e)
-    # 2. Sync methods (will show warning but still work)
-    try:
-        user_sync = kinde_oauth.get_user_info()
-        results["user_sync"] = user_sync.get('email')
-    except Exception as e:
-        results["user_sync_error"] = str(e)
-    # 3. Auth URL generation (async)
-    try:
-        auth_url = await kinde_oauth.generate_auth_url()
-        results["auth_url"] = auth_url
-    except Exception as e:
-        results["auth_url_error"] = str(e)
-    # 4. Token retrieval
-    try:
-        tokens_data = kinde_oauth.get_tokens(kinde_oauth._framework.get_user_id())
-        results["tokens"] = {
-            "has_access_token": bool(tokens_data.get('access_token')),
-            "has_refresh_token": bool(tokens_data.get('refresh_token'))
-        }
-    except Exception as e:
-        results["tokens_error"] = str(e)
-    # 5. Context detection
-    results["context_info"] = {
-        "is_async_context": kinde_oauth._is_async_context(),
-        "framework": "fastapi",
-        "authenticated": kinde_oauth.is_authenticated()
-    }
-    return {
-        "message": "SmartOAuth Demo Results",
-        "results": results,
-        "note": "SmartOAuth automatically detected the async context and used appropriate methods."
-    }
-@app.get("/demo_auth_modules")
-async def demo_auth_modules():
-    """
-    Demonstrate both sync and async auth modules.
-    """
-    if not kinde_oauth.is_authenticated():
-        return {"error": "Not authenticated"}
-    results = {}
-    # Sync auth modules
-    try:
-        results["claims_sync"] = await claims.get_all_claims()
-    except Exception as e:
-        results["claims_sync_error"] = str(e)
-    # Async auth modules
-    try:
-        results["claims_async"] = await async_claims.get_all_claims()
-    except Exception as e:
-        results["claims_async_error"] = str(e)
-    try:
-        results["feature_flags"] = await feature_flags.get_all_flags()
-    except Exception as e:
-        results["feature_flags_error"] = str(e)
-    try:
-        results["permissions"] = await permissions.get_permissions()
-    except Exception as e:
-        results["permissions_error"] = str(e)
-    return {
-        "message": "Auth Modules Demo",
-        "results": results,
-        "note": "Both sync and async auth modules work in FastAPI context."
-    }
 if __name__ == "__main__":
     import uvicorn
-    uvicorn.run(app, host="127.0.0.1", port=5000)
+    uvicorn.run(app, host="127.0.0.1", port=8000)

kinde_fastapi/framework/fastapi_framework.py CHANGED Viewed

@@ -1,5 +1,5 @@
-from typing import Optional, Dict, Any
-from fastapi import FastAPI, Request, Depends
+from typing import Optional
+from fastapi import FastAPI, Request
 from fastapi.responses import RedirectResponse, HTMLResponse
 from kinde_sdk.core.framework.framework_interface import FrameworkInterface
 from kinde_sdk.auth.oauth import OAuth
@@ -55,7 +55,6 @@ class FastAPIFramework(FrameworkInterface):
         """
         Start the framework.
         This method initializes any necessary FastAPI components and registers Kinde routes.
-        This method initializes any necessary FastAPI components and registers Kinde routes.
         """
         if not self._initialized:
             # Add framework middleware
@@ -119,11 +118,11 @@ class FastAPIFramework(FrameworkInterface):
         Register all Kinde-specific routes with the FastAPI application.
         """
         # Helper function to get current user
-        async def get_current_user(request: Request):
-            if not self._oauth.is_authenticated(request):
+        async def get_current_user():
+            if not self._oauth.is_authenticated():
                 return None
             try:
-                return self._oauth.get_user_info(request)
+                return self._oauth.get_user_info()
             except ValueError:
                 return None
@@ -131,7 +130,15 @@ class FastAPIFramework(FrameworkInterface):
         @self.app.get("/login")
         async def login(request: Request):
             """Redirect to Kinde login page."""
-            url=await self._oauth.login()
+            # Build login options from query parameters
+            login_options = {}
+            # Check for invitation_code in query parameters
+            invitation_code = request.query_params.get('invitation_code')
+            if invitation_code:
+                login_options['invitation_code'] = invitation_code
+            url = await self._oauth.login(login_options)
             self._logger.warning(f"[Login] Session is: {request.session}")
             return RedirectResponse(url=url)
@@ -219,17 +226,17 @@ class FastAPIFramework(FrameworkInterface):
         # Register route
         @self.app.get("/register")
-        async def register(request: Request):
+        async def register():
             """Redirect to Kinde registration page."""
             return RedirectResponse(url=await self._oauth.register())
         # User info route
         @self.app.get("/user")
-        async def get_user(request: Request):
+        async def get_user():
             """Get the current user's information."""
-            if not self._oauth.is_authenticated(request):
+            if not self._oauth.is_authenticated():
                 return RedirectResponse(url=await self._oauth.login())
-            return self._oauth.get_user_info(request)
+            return self._oauth.get_user_info()
     def can_auto_detect(self) -> bool:
         """
@@ -240,6 +247,7 @@ class FastAPIFramework(FrameworkInterface):
         """
         try:
             import fastapi
+            _ = fastapi  # Import check only
             return True
         except ImportError:
             return False

kinde_flask/examples/example_app.py CHANGED Viewed

@@ -4,8 +4,8 @@ from dotenv import load_dotenv
 from kinde_sdk.auth.oauth import OAuth
-# Load environment variables from .env file
-load_dotenv()
+# Load environment variables from .env file located alongside this script
+load_dotenv(os.path.join(os.path.dirname(__file__), ".env"))
 # Initialize Flask app
 app = Flask(__name__)

kinde_flask/framework/flask_framework.py CHANGED Viewed

@@ -1,19 +1,21 @@
-from typing import Optional, Dict, Any, TYPE_CHECKING
+from typing import Optional, TYPE_CHECKING
 from flask import Flask, request, redirect, session
+from flask_session import Session
 from kinde_sdk.core.framework.framework_interface import FrameworkInterface
 from kinde_sdk.auth.oauth import OAuth
 from ..middleware.framework_middleware import FrameworkMiddleware
 import os
 import uuid
 import asyncio
-import threading
 import logging
-import nest_asyncio
-from flask_session import Session
+import secrets
+import tempfile
 if TYPE_CHECKING:
     from flask import Request
+logger = logging.getLogger(__name__)
 class FlaskFramework(FrameworkInterface):
     """
     Flask framework implementation.
@@ -32,13 +34,35 @@ class FlaskFramework(FrameworkInterface):
         self._initialized = False
         self._oauth = None
-        # Configure Flask session
-        self.app.config['SECRET_KEY'] = os.getenv('SECRET_KEY', 'your-secret-key')
-        self.app.config['SESSION_TYPE'] = 'filesystem'
+        # Configure Flask session for server-side storage
+        # This is required because OAuth tokens can exceed cookie size limits (~4KB)
+        secret_key = os.getenv('SECRET_KEY')
+        if not secret_key:
+            secret_key = secrets.token_urlsafe(32)
+            logger.warning(
+                "SECRET_KEY not set. Generated a random key for this session. "
+                "Set SECRET_KEY environment variable for production use."
+            )
+        self.app.config['SECRET_KEY'] = secret_key
+        self.app.config['SESSION_TYPE'] = os.getenv('SESSION_TYPE', 'filesystem')
         self.app.config['SESSION_PERMANENT'] = False
-        # Enable nested event loops
-        nest_asyncio.apply()
+        session_file_dir = os.getenv('SESSION_FILE_DIR')
+        if not session_file_dir:
+            # Create a secure temporary directory with restrictive permissions (0700)
+            session_file_dir = tempfile.mkdtemp(prefix='kinde_flask_sessions_')
+            os.chmod(session_file_dir, 0o700)
+            logger.warning(
+                f"SESSION_FILE_DIR not set. Using temporary directory: {session_file_dir}. "
+                "Set SESSION_FILE_DIR environment variable for production use."
+            )
+        self.app.config['SESSION_FILE_DIR'] = session_file_dir
+        # Initialize Flask-Session extension
+        # Without this, SESSION_TYPE is ignored and Flask uses client-side cookie sessions
+        Session(self.app)
+        logger.debug("Flask-Session initialized with server-side storage")
     def get_name(self) -> str:
         """
@@ -121,6 +145,27 @@ class FlaskFramework(FrameworkInterface):
         """
         self._oauth = oauth
+    @staticmethod
+    def _run_async(coro):
+        """
+        Run an async coroutine in a new event loop, then close it.
+        This helper ensures consistent event loop handling across all routes.
+        Clears the event loop reference before closing to prevent use-after-close issues.
+        Args:
+            coro: The coroutine to run
+        Returns:
+            The result of the coroutine
+        """
+        loop = asyncio.new_event_loop()
+        try:
+            return loop.run_until_complete(coro)
+        finally:
+            asyncio.set_event_loop(None)
+            loop.close()
     def _register_kinde_routes(self) -> None:
         """
         Register all Kinde-specific routes with the Flask application.
@@ -129,8 +174,15 @@ class FlaskFramework(FrameworkInterface):
         @self.app.route('/login')
         def login():
             """Redirect to Kinde login page."""
-            loop = asyncio.get_event_loop()
-            login_url = loop.run_until_complete(self._oauth.login())
+            # Build login options from query parameters
+            login_options = {}
+            # Check for invitation_code in query parameters
+            invitation_code = request.args.get('invitation_code')
+            if invitation_code:
+                login_options['invitation_code'] = invitation_code
+            login_url = self._run_async(self._oauth.login(login_options))
             return redirect(login_url)
         # Callback route
@@ -198,10 +250,7 @@ class FlaskFramework(FrameworkInterface):
             # Handle async call to handle_redirect
             try:
-                loop = asyncio.new_event_loop()
-                asyncio.set_event_loop(loop)
-                loop.run_until_complete(self._oauth.handle_redirect(code, user_id, state))
-                loop.close()
+                self._run_async(self._oauth.handle_redirect(code, user_id, state))
             except Exception as e:
                 return f"Authentication failed: {str(e)}", 400
@@ -218,16 +267,14 @@ class FlaskFramework(FrameworkInterface):
             """Logout the user and redirect to Kinde logout page."""
             user_id = session.get('user_id')
             session.clear()
-            loop = asyncio.get_event_loop()
-            logout_url = loop.run_until_complete(self._oauth.logout(user_id))
+            logout_url = self._run_async(self._oauth.logout(user_id))
             return redirect(logout_url)
         # Register route
         @self.app.route('/register')
         def register():
             """Redirect to Kinde registration page."""
-            loop = asyncio.get_event_loop()
-            register_url = loop.run_until_complete(self._oauth.register())
+            register_url = self._run_async(self._oauth.register())
             return redirect(register_url)
         # User info route
@@ -235,16 +282,11 @@ class FlaskFramework(FrameworkInterface):
         def get_user():
             """Get the current user's information."""
             try:
-                if not self._oauth.is_authenticated(request):
-                    loop = asyncio.new_event_loop()
-                    asyncio.set_event_loop(loop)
-                    try:
-                        login_url = loop.run_until_complete(self._oauth.login())
-                        return redirect(login_url)
-                    finally:
-                        loop.close()
+                if not self._oauth.is_authenticated():
+                    login_url = self._run_async(self._oauth.login())
+                    return redirect(login_url)
-                return self._oauth.get_user_info(request)
+                return self._oauth.get_user_info()
             except Exception as e:
                 return f"Failed to get user info: {str(e)}", 400
@@ -257,6 +299,7 @@ class FlaskFramework(FrameworkInterface):
         """
         try:
             import flask
+            _ = flask  # Import check only
             return True
         except ImportError:
             return False

kinde-python-sdk 2.2.0__py3-none-any.whl → 2.3.0__py3-none-any.whl

kinde-python-sdk 2.2.0py3-none-any.whl → 2.3.0py3-none-any.whl