PyPI - py-identity-model - Versions diffs - 0.0.0__tar.gz - Mend

py-identity-model 0.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

py_identity_model-0.0.0/PKG-INFO ADDED Viewed

@@ -0,0 +1,191 @@
+Metadata-Version: 2.3
+Name: py-identity-model
+Version: 0.0.0
+Summary: OAuth2.0 and OpenID Connect Client Library
+Author: jamescrowley321
+Author-email: jamescrowley321 <jamescrowley151@gmail.com>
+Classifier: License :: OSI Approved :: Apache Software License
+Requires-Dist: pyjwt>=2.9.0,<3
+Requires-Dist: requests>=2.32.3,<3
+Requires-Dist: cryptography>=45.0.2,<46
+Requires-Python: ~=3.12
+Description-Content-Type: text/markdown
+# py-identity-model
+![Build](https://github.com/jamescrowley321/py-identity-model/workflows/Build/badge.svg)
+![License](https://img.shields.io/pypi/l/py-identity-model)
+OIDC/OAuth2.0 helper library for decoding JWTs and creating JWTs utilizing the `client_credentials` grant. This project is very limited in functionality, but it has been used in production for years as the foundation of Flask/FastAPI middleware implementations.
+The use case for the library in its current form is limited to the following
+* Discovery endpoint is utilized
+* JWKS endpoint is utilized
+* Authorization servers with multiple active keys
+While you can manually construct the validation configs required to manually bypass automated discovery, the library does not currently test those scenarios.
+For more information on the lower level configuration options for token validation, refer to the official [PyJWT Docs](https://pyjwt.readthedocs.io/en/stable/index.html)
+Does not currently support opaque tokens.
+This library inspired by [Duende.IdentityModel](https://github.com/DuendeSoftware/foss/tree/main/identity-model)
+From Duende.IdentityModel
+> It provides an object model to interact with the endpoints defined in the various OAuth and OpenId Connect specifications in the form of:
+> * types to represent the requests and responses
+> * extension methods to invoke requests
+> * constants defined in the specifications, such as standard scope, claim, and parameter names
+> * other convenience methods for performing common identity related operations
+This library aims to provide the same features in Python.
+## Examples
+### Discovery
+Only a subset of fields is currently mapped.
+```python
+import os
+from src.py_identity_model import DiscoveryDocumentRequest, get_discovery_document
+DISCO_ADDRESS = os.environ["DISCO_ADDRESS"]
+disco_doc_request = DiscoveryDocumentRequest(address=DISCO_ADDRESS)
+disco_doc_response = get_discovery_document(disco_doc_request)
+print(disco_doc_response)
+```
+### JWKs
+```python
+import os
+from src.py_identity_model import (
+    DiscoveryDocumentRequest,
+    get_discovery_document,
+    JwksRequest,
+    get_jwks,
+)
+DISCO_ADDRESS = os.environ["DISCO_ADDRESS"]
+disco_doc_request = DiscoveryDocumentRequest(address=DISCO_ADDRESS)
+disco_doc_response = get_discovery_document(disco_doc_request)
+jwks_request = JwksRequest(address=disco_doc_response.jwks_uri)
+jwks_response = get_jwks(jwks_request)
+print(jwks_response)
+```
+### Basic Token Validation
+Token validation validates the signature of a JWT against the values provided from an OIDC discovery document. The function will throw an exception if the token is expired or signature validation fails.
+Token validation utilizes [PyJWT](https://github.com/jpadilla/pyjwt) for work related to JWT validation. The configuration object is mapped to the input parameters of `jose.jwt.decode`.
+```python
+@dataclass
+class TokenValidationConfig:
+    perform_disco: bool
+    key: Optional[dict] = None
+    audience: Optional[str] = None
+    algorithms: Optional[List[str]] = None
+    issuer: Optional[str] = None
+    subject: Optional[str] = None
+    options: Optional[dict] = None
+    claims_validator: Optional[Callable] = None
+```
+```python
+import os
+from src.py_identity_model import PyIdentityModelException, validate_token
+DISCO_ADDRESS = os.environ["DISCO_ADDRESS"]
+token = get_token()  # Get the token in the manner best suited to your application
+validation_options = {
+    "verify_signature": True,
+    "verify_aud": True,
+    "verify_iat": True,
+    "verify_exp": True,
+    "verify_nbf": True,
+    "verify_iss": True,
+    "verify_sub": True,
+    "verify_jti": True,
+    "verify_at_hash": True,
+    "require_aud": False,
+    "require_iat": False,
+    "require_exp": False,
+    "require_nbf": False,
+    "require_iss": False,
+    "require_sub": False,
+    "require_jti": False,
+    "require_at_hash": False,
+    "leeway": 0,
+}
+validation_config = TokenValidationConfig(
+    perform_disco=True,
+    audience=TEST_AUDIENCE,
+    options=validation_options
+)
+claims = validate_token(jwt=token, disco_doc_address=DISCO_ADDRESS)
+print(claims)
+```
+### Token Generation
+The only current supported flow is the `client_credentials` flow. Load configuration parameters in the method your application supports. Environment variables are used here for demonstration purposes.
+Example:
+```python
+import os
+from src.py_identity_model import (
+    ClientCredentialsTokenRequest,
+    request_client_credentials_token,
+    get_discovery_document,
+    DiscoveryDocumentRequest,
+)
+DISCO_ADDRESS = os.environ["DISCO_ADDRESS"]
+CLIENT_ID = os.environ["CLIENT_ID"]
+CLIENT_SECRET = os.environ["CLIENT_SECRET"]
+SCOPE = os.environ["SCOPE"]
+disco_doc_response = get_discovery_document(
+    DiscoveryDocumentRequest(address=DISCO_ADDRESS)
+)
+client_creds_req = ClientCredentialsTokenRequest(
+    client_id=CLIENT_ID,
+    client_secret=CLIENT_SECRET,
+    address=disco_doc_response.token_endpoint,
+    scope=SCOPE,
+)
+client_creds_token = request_client_credentials_token(client_creds_req)
+print(client_creds_token)
+```
+## Roadmap
+These are in no particular order of importance. I am working on this project to bring a library as capable as IdentityModel to the Python ecosystem and will most likely focus on the needful and most used features first.
+* Protocol abstractions and constants
+* Discovery Endpoint
+* Token Endpoint
+* Token Introspection Endpoint
+* Token Revocation Endpoint
+* UserInfo Endpoint
+* Dynamic Client Registration
+* Device Authorization Endpoint
+* Token Validation
+* Example integrations with popular providers
+* Example middleware implementations for Flask and FastApi
+* async Support
+* Setup documentation
+* Opaque tokens

py_identity_model-0.0.0/README.md ADDED Viewed

@@ -0,0 +1,178 @@
+# py-identity-model
+![Build](https://github.com/jamescrowley321/py-identity-model/workflows/Build/badge.svg)
+![License](https://img.shields.io/pypi/l/py-identity-model)
+OIDC/OAuth2.0 helper library for decoding JWTs and creating JWTs utilizing the `client_credentials` grant. This project is very limited in functionality, but it has been used in production for years as the foundation of Flask/FastAPI middleware implementations.
+The use case for the library in its current form is limited to the following
+* Discovery endpoint is utilized
+* JWKS endpoint is utilized
+* Authorization servers with multiple active keys
+While you can manually construct the validation configs required to manually bypass automated discovery, the library does not currently test those scenarios.
+For more information on the lower level configuration options for token validation, refer to the official [PyJWT Docs](https://pyjwt.readthedocs.io/en/stable/index.html)
+Does not currently support opaque tokens.
+This library inspired by [Duende.IdentityModel](https://github.com/DuendeSoftware/foss/tree/main/identity-model)
+From Duende.IdentityModel
+> It provides an object model to interact with the endpoints defined in the various OAuth and OpenId Connect specifications in the form of:
+> * types to represent the requests and responses
+> * extension methods to invoke requests
+> * constants defined in the specifications, such as standard scope, claim, and parameter names
+> * other convenience methods for performing common identity related operations
+This library aims to provide the same features in Python.
+## Examples
+### Discovery
+Only a subset of fields is currently mapped.
+```python
+import os
+from src.py_identity_model import DiscoveryDocumentRequest, get_discovery_document
+DISCO_ADDRESS = os.environ["DISCO_ADDRESS"]
+disco_doc_request = DiscoveryDocumentRequest(address=DISCO_ADDRESS)
+disco_doc_response = get_discovery_document(disco_doc_request)
+print(disco_doc_response)
+```
+### JWKs
+```python
+import os
+from src.py_identity_model import (
+    DiscoveryDocumentRequest,
+    get_discovery_document,
+    JwksRequest,
+    get_jwks,
+)
+DISCO_ADDRESS = os.environ["DISCO_ADDRESS"]
+disco_doc_request = DiscoveryDocumentRequest(address=DISCO_ADDRESS)
+disco_doc_response = get_discovery_document(disco_doc_request)
+jwks_request = JwksRequest(address=disco_doc_response.jwks_uri)
+jwks_response = get_jwks(jwks_request)
+print(jwks_response)
+```
+### Basic Token Validation
+Token validation validates the signature of a JWT against the values provided from an OIDC discovery document. The function will throw an exception if the token is expired or signature validation fails.
+Token validation utilizes [PyJWT](https://github.com/jpadilla/pyjwt) for work related to JWT validation. The configuration object is mapped to the input parameters of `jose.jwt.decode`.
+```python
+@dataclass
+class TokenValidationConfig:
+    perform_disco: bool
+    key: Optional[dict] = None
+    audience: Optional[str] = None
+    algorithms: Optional[List[str]] = None
+    issuer: Optional[str] = None
+    subject: Optional[str] = None
+    options: Optional[dict] = None
+    claims_validator: Optional[Callable] = None
+```
+```python
+import os
+from src.py_identity_model import PyIdentityModelException, validate_token
+DISCO_ADDRESS = os.environ["DISCO_ADDRESS"]
+token = get_token()  # Get the token in the manner best suited to your application
+validation_options = {
+    "verify_signature": True,
+    "verify_aud": True,
+    "verify_iat": True,
+    "verify_exp": True,
+    "verify_nbf": True,
+    "verify_iss": True,
+    "verify_sub": True,
+    "verify_jti": True,
+    "verify_at_hash": True,
+    "require_aud": False,
+    "require_iat": False,
+    "require_exp": False,
+    "require_nbf": False,
+    "require_iss": False,
+    "require_sub": False,
+    "require_jti": False,
+    "require_at_hash": False,
+    "leeway": 0,
+}
+validation_config = TokenValidationConfig(
+    perform_disco=True,
+    audience=TEST_AUDIENCE,
+    options=validation_options
+)
+claims = validate_token(jwt=token, disco_doc_address=DISCO_ADDRESS)
+print(claims)
+```
+### Token Generation
+The only current supported flow is the `client_credentials` flow. Load configuration parameters in the method your application supports. Environment variables are used here for demonstration purposes.
+Example:
+```python
+import os
+from src.py_identity_model import (
+    ClientCredentialsTokenRequest,
+    request_client_credentials_token,
+    get_discovery_document,
+    DiscoveryDocumentRequest,
+)
+DISCO_ADDRESS = os.environ["DISCO_ADDRESS"]
+CLIENT_ID = os.environ["CLIENT_ID"]
+CLIENT_SECRET = os.environ["CLIENT_SECRET"]
+SCOPE = os.environ["SCOPE"]
+disco_doc_response = get_discovery_document(
+    DiscoveryDocumentRequest(address=DISCO_ADDRESS)
+)
+client_creds_req = ClientCredentialsTokenRequest(
+    client_id=CLIENT_ID,
+    client_secret=CLIENT_SECRET,
+    address=disco_doc_response.token_endpoint,
+    scope=SCOPE,
+)
+client_creds_token = request_client_credentials_token(client_creds_req)
+print(client_creds_token)
+```
+## Roadmap
+These are in no particular order of importance. I am working on this project to bring a library as capable as IdentityModel to the Python ecosystem and will most likely focus on the needful and most used features first.
+* Protocol abstractions and constants
+* Discovery Endpoint
+* Token Endpoint
+* Token Introspection Endpoint
+* Token Revocation Endpoint
+* UserInfo Endpoint
+* Dynamic Client Registration
+* Device Authorization Endpoint
+* Token Validation
+* Example integrations with popular providers
+* Example middleware implementations for Flask and FastApi
+* async Support
+* Setup documentation
+* Opaque tokens

py_identity_model-0.0.0/pyproject.toml ADDED Viewed

@@ -0,0 +1,84 @@
+[project]
+name = "py-identity-model"
+version = "0.0.0"
+description = "OAuth2.0 and OpenID Connect Client Library"
+authors = [{ name = "jamescrowley321", email = "jamescrowley151@gmail.com" }]
+requires-python = "~=3.12"
+readme = "README.md"
+classifiers = [
+    "License :: OSI Approved :: Apache Software License",
+]
+dependencies = [
+    "PyJWT>=2.9.0,<3",
+    "requests>=2.32.3,<3",
+    "cryptography>=45.0.2,<46",
+]
+[dependency-groups]
+dev = [
+    "pre-commit>=3.8.0,<4",
+    "python-dotenv>=1.0.1,<2",
+    "pytest>=8.3.2,<9",
+    "ruff>=0.11.12",
+]
+[build-system]
+requires = ["uv_build>=0.6,<0.7"]
+build-backend = "uv_build"
+[tool.semantic_release]
+assets = []
+commit_message = "{version}\n\nAutomatically generated by python-semantic-release"
+commit_parser = "angular"
+logging_use_named_masks = false
+major_on_zero = true
+tag_format = "{version}"
+build_command = "echo 1"
+version_toml = [
+    "pyproject.toml:tool.poetry.version",
+]
+commit_version_number = true
+[tool.semantic_release.branches.main]
+match = "main"
+[tool.semantic_release.branches.other]
+match = ".*"
+prerelease_token = "rc"
+prerelease = true
+[tool.semantic_release.changelog]
+changelog_file = "CHANGELOG.md"
+exclude_commit_patterns = []
+[tool.semantic_release.changelog.environment]
+block_start_string = "{%"
+block_end_string = "%}"
+variable_start_string = "{{"
+variable_end_string = "}}"
+comment_start_string = "{#"
+comment_end_string = "#}"
+trim_blocks = false
+lstrip_blocks = false
+newline_sequence = "\n"
+keep_trailing_newline = false
+extensions = []
+autoescape = true
+[tool.semantic_release.commit_author]
+env = "GIT_COMMIT_AUTHOR"
+default = "semantic-release <semantic-release>"
+[tool.semantic_release.commit_parser_options]
+allowed_tags = ["build", "chore", "ci", "docs", "feat", "fix", "perf", "style", "refactor", "test"]
+minor_tags = ["feat"]
+patch_tags = ["fix", "perf"]
+[tool.semantic_release.remote]
+name = "origin"
+type = "github"
+ignore_token_for_push = false
+[tool.semantic_release.publish]
+dist_glob_patterns = ["dist/*"]
+upload_to_vcs_release = true

py_identity_model-0.0.0/src/py_identity_model/__init__.py ADDED Viewed

@@ -0,0 +1,5 @@
+from .discovery import *  # NOQA: F403
+from .exceptions import *  # NOQA
+from .jwks import *  # NOQA
+from .token_client import *  # NOQA
+from .token_validation import *  # NOQA

py_identity_model-0.0.0/src/py_identity_model/discovery.py ADDED Viewed

@@ -0,0 +1,49 @@
+from dataclasses import dataclass
+from typing import Optional
+import requests
+@dataclass
+class DiscoveryDocumentRequest:
+    address: str
+# TODO: full disco doc support
+@dataclass
+class DiscoveryDocumentResponse:
+    is_successful: bool
+    issuer: Optional[str] = None
+    jwks_uri: Optional[str] = None
+    authorization_endpoint: Optional[str] = None
+    token_endpoint: Optional[str] = None
+    error: Optional[str] = None
+def get_discovery_document(
+    disco_doc_req: DiscoveryDocumentRequest,
+) -> DiscoveryDocumentResponse:
+    response = requests.get(disco_doc_req.address)
+    # TODO: raise for status and handle exceptions
+    if response.ok and "application/json" in response.headers.get("Content-Type", ""):
+        response_json = response.json()
+        return DiscoveryDocumentResponse(
+            issuer=response_json["issuer"],
+            jwks_uri=response_json["jwks_uri"],
+            authorization_endpoint=response_json["authorization_endpoint"],
+            token_endpoint=response_json["token_endpoint"],
+            is_successful=True,
+        )
+    else:
+        return DiscoveryDocumentResponse(
+            is_successful=False,
+            error=f"Discovery document request failed with status code: "
+            f"{response.status_code}. Response Content: {response.content}",
+        )
+__all__ = [
+    "DiscoveryDocumentRequest",
+    "DiscoveryDocumentResponse",
+    "get_discovery_document",
+]

py_identity_model-0.0.0/src/py_identity_model/exceptions.py ADDED Viewed

@@ -0,0 +1,5 @@
+class PyIdentityModelException(Exception):
+    """Raised due to an issue with the token verification process"""
+__all__ = ["PyIdentityModelException"]

py_identity_model-0.0.0/src/py_identity_model/jwks.py ADDED Viewed

@@ -0,0 +1,79 @@
+from dataclasses import dataclass
+from typing import List, Optional
+import requests
+@dataclass
+class JwksRequest:
+    address: str
+@dataclass
+class JsonWebKey:
+    kty: str
+    use: str
+    kid: str
+    n: str
+    e: str
+    x5t: str = None
+    x5c: List[str] = None
+    issuer: Optional[str] = None
+    alg: Optional[str] = None
+    def as_dict(self):
+        return {
+            "kty": self.kty,
+            "use": self.use,
+            "kid": self.kid,
+            "x5t": self.x5t,
+            "n": self.n,
+            "e": self.e,
+            "x5c": self.x5c,
+            "issuer": self.issuer,
+            "alg": self.alg,
+        }
+@dataclass
+class JwksResponse:
+    is_successful: bool
+    keys: Optional[List[JsonWebKey]] = None
+    error: Optional[str] = None
+def jwks_from_dict(keys_dict: dict) -> JsonWebKey:
+    return JsonWebKey(
+        kty=keys_dict.get("kty"),
+        use=keys_dict.get("use"),
+        kid=keys_dict.get("kid"),
+        x5c=keys_dict.get("x5c"),
+        x5t=keys_dict.get("x5t"),
+        n=keys_dict.get("n"),
+        e=keys_dict.get("e"),
+        issuer=keys_dict.get("issuer"),
+        alg=keys_dict.get("alg"),
+    )
+def get_jwks(jwks_request: JwksRequest) -> JwksResponse:
+    try:
+        response = requests.get(jwks_request.address)
+        if response.ok:
+            response_json = response.json()
+            keys = [jwks_from_dict(key) for key in response_json["keys"]]
+            return JwksResponse(is_successful=True, keys=keys)
+        else:
+            return JwksResponse(
+                is_successful=False,
+                error=f"JSON web keys request failed with status code: "
+                f"{response.status_code}. Response Content: {response.content}",
+            )
+    except Exception as e:
+        return JwksResponse(
+            is_successful=False,
+            error=f"Unhandled exception during JWKS request: {e}",
+        )
+__all__ = ["JwksRequest", "JwksResponse", "JsonWebKey", "get_jwks"]

py_identity_model-0.0.0/src/py_identity_model/token_client.py ADDED Viewed

@@ -0,0 +1,50 @@
+from dataclasses import dataclass
+from typing import Optional
+import requests
+@dataclass
+class ClientCredentialsTokenRequest:
+    address: str
+    client_id: str
+    client_secret: str
+    scope: str
+@dataclass
+class ClientCredentialsTokenResponse:
+    is_successful: bool
+    token: Optional[dict] = None
+    error: Optional[str] = None
+def request_client_credentials_token(
+    request: ClientCredentialsTokenRequest,
+) -> ClientCredentialsTokenResponse:
+    params = {"grant_type": "client_credentials", "scope": request.scope}
+    headers = {"Content-Type": "application/x-www-form-urlencoded"}
+    response = requests.post(
+        request.address,
+        data=params,
+        headers=headers,
+        auth=(request.client_id, request.client_secret),
+    )
+    if response.ok:
+        return ClientCredentialsTokenResponse(is_successful=True, token=response.json())
+    else:
+        return ClientCredentialsTokenResponse(
+            is_successful=False,
+            error=f"Token generation request failed with status code: "
+            f"{response.status_code}. Response Content: {response.content}",
+        )
+__all__ = [
+    "ClientCredentialsTokenRequest",
+    "ClientCredentialsTokenResponse",
+    "request_client_credentials_token",
+]

py_identity_model-0.0.0/src/py_identity_model/token_validation.py ADDED Viewed

@@ -0,0 +1,110 @@
+from dataclasses import dataclass
+from functools import lru_cache
+from typing import List, Optional, Callable
+from jwt import PyJWK, get_unverified_header, decode
+from .discovery import (
+    get_discovery_document,
+    DiscoveryDocumentRequest,
+    DiscoveryDocumentResponse,
+)
+from .exceptions import PyIdentityModelException
+from .jwks import get_jwks, JwksRequest, JsonWebKey, JwksResponse
+@dataclass
+class TokenValidationConfig:
+    perform_disco: bool
+    key: Optional[dict] = None
+    audience: Optional[str] = None
+    algorithms: Optional[List[str]] = None
+    issuer: Optional[str] = None
+    subject: Optional[str] = None
+    options: Optional[dict] = None
+    claims_validator: Optional[Callable] = None
+def _get_public_key_from_jwk(jwt: str, keys: List[JsonWebKey]) -> JsonWebKey:
+    # TODO: clean up flow to prevent multiple decodes
+    headers = get_unverified_header(jwt)
+    filtered_keys = list(filter(lambda x: x.kid == headers.get("kid", None), keys))
+    if not filtered_keys:
+        raise PyIdentityModelException("No matching kid found")
+    key = filtered_keys[0]
+    if not key.alg:
+        key.alg = headers["alg"]
+    return key
+def _validate_token_config(
+    token_validation_config: TokenValidationConfig,
+) -> bool:
+    if token_validation_config.perform_disco:
+        return True
+    if not token_validation_config.key and not token_validation_config.algorithms:
+        raise PyIdentityModelException(
+            "TokenValidationConfig.key and TokenValidationConfig.algorithms are required if perform_disco is False"
+        )
+@lru_cache
+def _get_disco_response(disco_doc_address: str) -> DiscoveryDocumentResponse:
+    return get_discovery_document(DiscoveryDocumentRequest(address=disco_doc_address))
+@lru_cache
+def _get_jwks_response(jwks_uri: str) -> JwksResponse:
+    return get_jwks(JwksRequest(address=jwks_uri))
+def validate_token(
+    jwt: str,
+    token_validation_config: TokenValidationConfig,
+    disco_doc_address: str = None,
+) -> dict:
+    _validate_token_config(token_validation_config)
+    if token_validation_config.perform_disco:
+        disco_doc_response = _get_disco_response(disco_doc_address)
+        if not disco_doc_response.is_successful:
+            raise PyIdentityModelException(disco_doc_response.error)
+        jwks_response = _get_jwks_response(disco_doc_response.jwks_uri)
+        if not jwks_response.is_successful:
+            raise PyIdentityModelException(jwks_response.error)
+        token_validation_config.key = _get_public_key_from_jwk(
+            jwt, jwks_response.keys
+        ).as_dict()
+        token_validation_config.algorithms = token_validation_config.key["alg"]
+        decoded_token = decode(
+            jwt,
+            PyJWK(token_validation_config.key, token_validation_config.algorithms),
+            audience=token_validation_config.audience,
+            algorithms=token_validation_config.algorithms,
+            issuer=disco_doc_response.issuer,
+            options=token_validation_config.options,
+        )
+    else:
+        decoded_token = decode(
+            jwt,
+            PyJWK(token_validation_config.key, token_validation_config.algorithms),
+            audience=token_validation_config.audience,
+            algorithms=token_validation_config.algorithms,
+            issuer=token_validation_config.issuer,
+            options=token_validation_config.options,
+        )
+    if token_validation_config.claims_validator:
+        token_validation_config.claims_validator(decoded_token)
+    return decoded_token
+__all__ = ["validate_token", "TokenValidationConfig"]

py_identity_model-0.0.0/src/py_identity_model/validation/__init__.py ADDED Viewed

File without changes

py_identity_model-0.0.0/src/py_identity_model/validation/state_validation_result.py ADDED Viewed

@@ -0,0 +1,13 @@
+from dataclasses import dataclass
+from typing import Optional
+from .validation_result import ValidationResult
+@dataclass
+class StateValidationResult:
+    access_token: str = ""
+    id_token: str = ""
+    auth_response_is_valid: bool = False
+    state: ValidationResult = ValidationResult.NotSet
+    decoded_id_token: Optional[dict] = None

py_identity_model-0.0.0/src/py_identity_model/validation/validation_result.py ADDED Viewed

@@ -0,0 +1,20 @@
+from enum import Enum
+class ValidationResult(Enum):
+    NotSet = ("NotSet",)
+    StatesDoNotMatch = ("StatesDoNotMatch",)
+    SignatureFailed = ("SignatureFailed",)
+    IncorrectNonce = ("IncorrectNonce",)
+    RequiredPropertyMissing = ("RequiredPropertyMissing",)
+    MaxOffsetExpired = ("MaxOffsetExpired",)
+    IssDoesNotMatchIssuer = ("IssDoesNotMatchIssuer",)
+    NoAuthWellKnownEndPoints = ("NoAuthWellKnownEndPoints",)
+    IncorrectAud = ("IncorrectAud",)
+    IncorrectIdTokenClaimsAfterRefresh = ("IncorrectIdTokenClaimsAfterRefresh",)
+    IncorrectAzp = ("IncorrectAzp",)
+    TokenExpired = ("TokenExpired",)
+    IncorrectAtHash = ("IncorrectAtHash",)
+    Ok = ("Ok",)
+    LoginRequired = ("LoginRequired",)
+    SecureTokenServerError = ("SecureTokenServerError",)