python3-commons 0.18.22__tar.gz → 0.20.0__tar.gz

{python3_commons-0.18.22 → python3_commons-0.20.0}/.env_template

@@ -17,3 +17,9 @@ DB_DSN=postgresql+asyncpg://dev:dev@localhost:5432/fastapi-project-template
 API_AUTH_ENABLED=false
 OIDC_AUTHORITY_URL=https://oidc.provider.com/auth
 OIDC_CLIENT_ID=12345-54321
+
+TEST_OIDC_AUTHORITY_URL=https://oidc.provider.com/auth
+TEST_OIDC_CLIENT_ID=12345-54321
+TEST_OIDC_CLIENT_SECRET=
+TEST_OIDC_USERNAME=testuser
+TEST_OIDC_PASSWORD=

{python3_commons-0.18.22/src/python3_commons.egg-info → python3_commons-0.20.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python3-commons
-Version: 0.18.22
+Version: 0.20.0
 Summary: Re-usable Python3 code
 Author-email: Oleg Korsak <kamikaze.is.waiting.you@gmail.com>
 License-Expression: GPL-3.0
@@ -36,7 +36,7 @@ Provides-Extra: cache
 Requires-Dist: valkey[libvalkey]~=6.1.1; extra == "cache"
 Provides-Extra: database
 Requires-Dist: asyncpg~=0.31.0; extra == "database"
-Requires-Dist: SQLAlchemy[asyncio]~=2.0.49; extra == "database"
+Requires-Dist: SQLAlchemy[asyncio]~=2.0.50; extra == "database"
 Provides-Extra: object-storage
 Requires-Dist: aiobotocore~=3.7.0; extra == "object-storage"
 Requires-Dist: object-storage-client==0.0.30; extra == "object-storage"

{python3_commons-0.18.22 → python3_commons-0.20.0}/pyproject.toml

@@ -51,7 +51,7 @@ cache = [
 ]
 database = [
     "asyncpg~=0.31.0",
-    "SQLAlchemy[asyncio]~=2.0.49"
+    "SQLAlchemy[asyncio]~=2.0.50"
 ]
 object-storage = [
     "aiobotocore~=3.7.0",

python3_commons-0.20.0/src/python3_commons/auth.py

@@ -0,0 +1,258 @@
+import logging
+import threading
+from collections.abc import Mapping, Sequence
+from http import HTTPStatus
+from typing import Any, Self, TypeVar
+
+from pydantic import HttpUrl
+
+from python3_commons.helpers import replace_origin
+
+try:
+    import aiohttp
+except ImportError as e:
+    msg = 'Install python3-commons[authn] to use this feature'
+    raise RuntimeError(msg) from e
+
+import msgspec
+
+logger = logging.getLogger(__name__)
+_OIDC_LOCK = threading.Lock()
+
+
+class TokenData(msgspec.Struct):
+    exp: int
+    iat: int
+    iss: str
+    sub: str
+    aud: str | Sequence[str] | None = None
+    email: str | None = None
+    name: str | None = None
+    preferred_username: str | None = None
+    realm_access: dict[str, Sequence[str]] | None = None
+    resource_access: dict[str, dict[str, Sequence[str]]] | None = None
+
+    @property
+    def roles(self) -> list[str]:
+        roles_list = []
+
+        if self.realm_access:
+            roles_list.extend(self.realm_access.get('roles', []))
+
+        if self.resource_access:
+            for client in self.resource_access.values():
+                roles_list.extend(client.get('roles', []))
+
+        return list(set(roles_list))
+
+
+T = TypeVar('T', bound=TokenData)
+
+
+class OIDCTokenResponse(msgspec.Struct):
+    access_token: str
+    token_type: str
+    expires_in: int
+    refresh_token: str
+    scope: str
+    id_token: str
+    error: str | None = None
+    error_description: str | None = None
+
+
+class OIDCError(Exception):
+    pass
+
+
+class OIDCAuthError(OIDCError):
+    pass
+
+
+# TODO: use api_client
+class OIDCClient:
+    def __init__(
+        self,
+        authority_url: HttpUrl,
+        client_id: str,
+        client_secret: str | None = None,
+        *,
+        timeout: float = 10.0,
+        verify_ssl: bool = True,
+        connection_limit: int = 100,
+        authority_internal_host: HttpUrl | None = None,
+    ) -> None:
+        if authority_internal_host:
+            authority_url = replace_origin(authority_url, authority_internal_host)
+
+        self._authority_url = authority_url
+        self._authority_internal_host = authority_internal_host
+        self._client_id = client_id
+        self._client_secret = client_secret
+
+        self._connection_limit = connection_limit
+        self._session: aiohttp.ClientSession | None = None
+        self._timeout = timeout
+        self._verify_ssl = verify_ssl
+
+        self._config: Mapping[str, Any] | None = None
+        self._jwks: Mapping[str, Any] | None = None
+
+    def get_session(self) -> aiohttp.ClientSession:
+        if self._session:
+            return self._session
+
+        with _OIDC_LOCK:
+            if self._session:
+                return self._session
+
+            connector = aiohttp.TCPConnector(verify_ssl=self._verify_ssl, limit=self._connection_limit)
+            timeout = aiohttp.ClientTimeout(total=self._timeout)
+            session = aiohttp.ClientSession(connector=connector, timeout=timeout)
+            self._session = session
+
+            return session
+
+    async def __aenter__(self) -> Self:
+        self.get_session()
+
+        return self
+
+    async def __aexit__(self, *_: object) -> None:
+        if self._session:
+            await self._session.close()
+
+    async def _fetch_config(self) -> dict:
+        """
+        Fetch the OpenID configuration (including JWKS URI) from OIDC authority.
+        """
+        if self._session is None:
+            msg = 'ClientSession not initialized'
+            raise RuntimeError(msg)
+
+        oidc_config_url = f'{self._authority_url}/.well-known/openid-configuration'
+
+        logger.debug('Fetching OpenID configuration from: %s', oidc_config_url)
+
+        async with self._session.get(oidc_config_url) as response:
+            if response.status != HTTPStatus.OK:
+                _msg = 'Failed to fetch OpenID configuration'
+
+                raise RuntimeError(_msg)
+
+            return await response.json()
+
+    async def get_config(self) -> Mapping[str, Any]:
+        if self._config:
+            return self._config
+
+        with _OIDC_LOCK:
+            if self._config:
+                return self._config
+
+            config = await self._fetch_config()
+            self._config = config
+
+            return config
+
+    async def _fetch_jwks(self, jwks_uri: str) -> dict:
+        """
+        Fetch the JSON Web Key Set (JWKS) for validating the token's signature.
+        """
+        if self._session is None:
+            msg = 'ClientSession not initialized'
+            raise RuntimeError(msg)
+
+        if authority_internal_host := self._authority_internal_host:
+            logger.debug('Received jwks_uri: %s', jwks_uri)
+            logger.debug('Replacing OIDC authority host with: %s', authority_internal_host)
+            jwks_uri = str(replace_origin(HttpUrl(jwks_uri), authority_internal_host))
+            logger.debug('Modified jwks_uri: %s', jwks_uri)
+
+        async with self._session.get(jwks_uri) as response:
+            if response.status != HTTPStatus.OK:
+                _msg = 'Failed to fetch JWKS'
+
+                raise RuntimeError(_msg)
+
+            return await response.json()
+
+    async def get_jwks(self) -> Mapping[str, Any]:
+        if self._jwks:
+            return self._jwks
+
+        with _OIDC_LOCK:
+            if self._jwks:
+                return self._jwks
+
+            oidc_config = await self.get_config()
+
+            jwks = await self._fetch_jwks(oidc_config['jwks_uri'])
+            self._jwks = jwks
+
+            return jwks
+
+    async def fetch_token(
+        self,
+        *,
+        username: str,
+        password: str,
+        scope: str = 'openid profile email',
+    ) -> OIDCTokenResponse:
+        if self._session is None:
+            msg = 'ClientSession not initialized'
+            raise RuntimeError(msg)
+
+        data = {
+            'grant_type': 'password',
+            'username': username,
+            'password': password,
+            'client_id': self._client_id,
+            'scope': scope,
+        }
+
+        if self._client_secret:
+            data['client_secret'] = self._client_secret
+
+        openid_config = await self.get_config()
+
+        try:
+            async with self._session.post(
+                openid_config['token_endpoint'],
+                data=data,
+                headers={'Content-Type': 'application/x-www-form-urlencoded'},
+            ) as response:
+                payload = await response.read()
+
+                try:
+                    body = msgspec.json.decode(payload)
+                except Exception as e:
+                    msg = f'Non-JSON response from OIDC provider: {payload[:300]!r}'
+                    raise OIDCError(msg) from e
+
+                if response.status >= 400:
+                    error = None
+                    description = None
+
+                    if isinstance(body, dict):
+                        error = body.get('error') or body.get('code')
+                        description = body.get('error_description') or body.get('message') or ''
+
+                    error = error or f'http_{response.status}'
+
+                    if error in {'invalid_grant', 'invalid_client'}:
+                        msg = f'{error}: {description}'
+                        raise OIDCAuthError(msg)
+
+                    msg = f'{error}: {description}'
+                    raise OIDCError(msg)
+
+                decoder = msgspec.json.Decoder(OIDCTokenResponse)
+
+                return decoder.decode(payload)
+
+        except TimeoutError as e:
+            msg = 'OIDC request timed out'
+            raise OIDCError(msg) from e
+        except aiohttp.ClientError as e:
+            msg = 'OIDC transport error'
+            raise OIDCError(msg) from e

{python3_commons-0.18.22 → python3_commons-0.20.0/src/python3_commons.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python3-commons
-Version: 0.18.22
+Version: 0.20.0
 Summary: Re-usable Python3 code
 Author-email: Oleg Korsak <kamikaze.is.waiting.you@gmail.com>
 License-Expression: GPL-3.0
@@ -36,7 +36,7 @@ Provides-Extra: cache
 Requires-Dist: valkey[libvalkey]~=6.1.1; extra == "cache"
 Provides-Extra: database
 Requires-Dist: asyncpg~=0.31.0; extra == "database"
-Requires-Dist: SQLAlchemy[asyncio]~=2.0.49; extra == "database"
+Requires-Dist: SQLAlchemy[asyncio]~=2.0.50; extra == "database"
 Provides-Extra: object-storage
 Requires-Dist: aiobotocore~=3.7.0; extra == "object-storage"
 Requires-Dist: object-storage-client==0.0.30; extra == "object-storage"

{python3_commons-0.18.22 → python3_commons-0.20.0}/src/python3_commons.egg-info/SOURCES.txt

@@ -59,6 +59,8 @@ src/python3_commons/serializers/msgpack.py
 src/python3_commons/serializers/msgspec.py
 tests/__init__.py
 tests/integration/__init__.py
+tests/integration/conftest.py
+tests/integration/test_auth.py
 tests/integration/test_cache.py
 tests/integration/test_osc.py
 tests/unit/__init__.py

{python3_commons-0.18.22 → python3_commons-0.20.0}/src/python3_commons.egg-info/requires.txt

@@ -29,7 +29,7 @@ valkey[libvalkey]~=6.1.1
 
 [database]
 asyncpg~=0.31.0
-SQLAlchemy[asyncio]~=2.0.49
+SQLAlchemy[asyncio]~=2.0.50
 
 [object-storage]
 aiobotocore~=3.7.0

python3_commons-0.20.0/tests/integration/conftest.py

@@ -0,0 +1,29 @@
+from os import getenv
+
+import pytest
+from pydantic import HttpUrl
+
+
+@pytest.fixture(scope='session')
+def authority_url() -> HttpUrl:
+    return HttpUrl(getenv('TEST_OIDC_AUTHORITY_URL', ''))
+
+
+@pytest.fixture(scope='session')
+def client_id() -> str:
+    return getenv('TEST_OIDC_CLIENT_ID', '')
+
+
+@pytest.fixture(scope='session')
+def client_secret() -> str:
+    return getenv('TEST_OIDC_CLIENT_SECRET', '')
+
+
+@pytest.fixture(scope='session')
+def oidc_username() -> str:
+    return getenv('TEST_OIDC_USERNAME', '')
+
+
+@pytest.fixture(scope='session')
+def oidc_password() -> str:
+    return getenv('TEST_OIDC_PASSWORD', '')

python3_commons-0.20.0/tests/integration/test_auth.py

@@ -0,0 +1,29 @@
+from typing import TYPE_CHECKING
+
+import pytest
+
+if TYPE_CHECKING:
+    from pydantic import HttpUrl
+
+from python3_commons.auth import OIDCClient
+
+
+@pytest.mark.asyncio
+async def test_get_token_cognito(
+    authority_url: HttpUrl, client_id: str, client_secret: str, oidc_username: str, oidc_password: str
+) -> None:
+    async with (
+        OIDCClient(
+            authority_url=authority_url,
+            client_id=client_id,
+            client_secret=client_secret,
+            verify_ssl=False,
+            timeout=10,
+        ) as client,
+    ):
+        token = await client.fetch_token(
+            username=oidc_username,
+            password=oidc_password,
+        )
+
+        assert token.access_token

{python3_commons-0.18.22 → python3_commons-0.20.0}/uv.lock

@@ -1171,7 +1171,7 @@ requires-dist = [
     { name = "python3-commons", extras = ["database"], marker = "extra == 'authz'" },
     { name = "python3-commons", extras = ["object-storage"], marker = "extra == 'audit'" },
     { name = "requests", marker = "extra == 'soap-client'", specifier = "~=2.34.2" },
-    { name = "sqlalchemy", extras = ["asyncio"], marker = "extra == 'database'", specifier = "~=2.0.49" },
+    { name = "sqlalchemy", extras = ["asyncio"], marker = "extra == 'database'", specifier = "~=2.0.50" },
     { name = "valkey", extras = ["libvalkey"], marker = "extra == 'cache'", specifier = "~=6.1.1" },
     { name = "zeep", extras = ["async"], marker = "extra == 'audit'", specifier = "~=4.3.2" },
     { name = "zeep", extras = ["async"], marker = "extra == 'soap-client'", specifier = "~=4.3.2" },
@@ -1331,28 +1331,29 @@ wheels = [
 
 [[package]]
 name = "sqlalchemy"
-version = "2.0.49"
+version = "2.0.50"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "greenlet", marker = "platform_machine == 'AMD64' or platform_machine == 'WIN32' or platform_machine == 'aarch64' or platform_machine == 'amd64' or platform_machine == 'ppc64le' or platform_machine == 'win32' or platform_machine == 'x86_64'" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/09/45/461788f35e0364a8da7bda51a1fe1b09762d0c32f12f63727998d85a873b/sqlalchemy-2.0.49.tar.gz", hash = "sha256:d15950a57a210e36dd4cec1aac22787e2a4d57ba9318233e2ef8b2daf9ff2d5f", size = 9898221, upload-time = "2026-04-03T16:38:11.704Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/55/33/bf28f618c0a9597d14e0b9ee7d1e0622faff738d44fe986ee287cdf1b8d0/sqlalchemy-2.0.49-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:233088b4b99ebcbc5258c755a097aa52fbf90727a03a5a80781c4b9c54347a2e", size = 2156356, upload-time = "2026-04-03T16:53:09.914Z" },
-    { url = "https://files.pythonhosted.org/packages/d1/a7/5f476227576cb8644650eff68cc35fa837d3802b997465c96b8340ced1e2/sqlalchemy-2.0.49-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:57ca426a48eb2c682dae8204cd89ea8ab7031e2675120a47924fabc7caacbc2a", size = 3276486, upload-time = "2026-04-03T17:07:46.9Z" },
-    { url = "https://files.pythonhosted.org/packages/2e/84/efc7c0bf3a1c5eef81d397f6fddac855becdbb11cb38ff957888603014a7/sqlalchemy-2.0.49-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:685e93e9c8f399b0c96a624799820176312f5ceef958c0f88215af4013d29066", size = 3281479, upload-time = "2026-04-03T17:12:32.226Z" },
-    { url = "https://files.pythonhosted.org/packages/91/68/bb406fa4257099c67bd75f3f2261b129c63204b9155de0d450b37f004698/sqlalchemy-2.0.49-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:9e0400fa22f79acc334d9a6b185dc00a44a8e6578aa7e12d0ddcd8434152b187", size = 3226269, upload-time = "2026-04-03T17:07:48.678Z" },
-    { url = "https://files.pythonhosted.org/packages/67/84/acb56c00cca9f251f437cb49e718e14f7687505749ea9255d7bd8158a6df/sqlalchemy-2.0.49-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:a05977bffe9bffd2229f477fa75eabe3192b1b05f408961d1bebff8d1cd4d401", size = 3248260, upload-time = "2026-04-03T17:12:34.381Z" },
-    { url = "https://files.pythonhosted.org/packages/56/19/6a20ea25606d1efd7bd1862149bb2a22d1451c3f851d23d887969201633f/sqlalchemy-2.0.49-cp314-cp314-win32.whl", hash = "sha256:0f2fa354ba106eafff2c14b0cc51f22801d1e8b2e4149342023bd6f0955de5f5", size = 2118463, upload-time = "2026-04-03T17:05:47.093Z" },
-    { url = "https://files.pythonhosted.org/packages/cf/4f/8297e4ed88e80baa1f5aa3c484a0ee29ef3c69c7582f206c916973b75057/sqlalchemy-2.0.49-cp314-cp314-win_amd64.whl", hash = "sha256:77641d299179c37b89cf2343ca9972c88bb6eef0d5fc504a2f86afd15cd5adf5", size = 2144204, upload-time = "2026-04-03T17:05:48.694Z" },
-    { url = "https://files.pythonhosted.org/packages/1f/33/95e7216df810c706e0cd3655a778604bbd319ed4f43333127d465a46862d/sqlalchemy-2.0.49-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c1dc3368794d522f43914e03312202523cc89692f5389c32bea0233924f8d977", size = 3565474, upload-time = "2026-04-03T16:58:35.128Z" },
-    { url = "https://files.pythonhosted.org/packages/0c/a4/ed7b18d8ccf7f954a83af6bb73866f5bc6f5636f44c7731fbb741f72cc4f/sqlalchemy-2.0.49-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:7c821c47ecfe05cc32140dcf8dc6fd5d21971c86dbd56eabfe5ba07a64910c01", size = 3530567, upload-time = "2026-04-03T17:06:04.587Z" },
-    { url = "https://files.pythonhosted.org/packages/73/a3/20faa869c7e21a827c4a2a42b41353a54b0f9f5e96df5087629c306df71e/sqlalchemy-2.0.49-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:9c04bff9a5335eb95c6ecf1c117576a0aa560def274876fd156cfe5510fccc61", size = 3474282, upload-time = "2026-04-03T16:58:37.131Z" },
-    { url = "https://files.pythonhosted.org/packages/b7/50/276b9a007aa0764304ad467eceb70b04822dc32092492ee5f322d559a4dc/sqlalchemy-2.0.49-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:7f605a456948c35260e7b2a39f8952a26f077fd25653c37740ed186b90aaa68a", size = 3480406, upload-time = "2026-04-03T17:06:07.176Z" },
-    { url = "https://files.pythonhosted.org/packages/e5/c3/c80fcdb41905a2df650c2a3e0337198b6848876e63d66fe9188ef9003d24/sqlalchemy-2.0.49-cp314-cp314t-win32.whl", hash = "sha256:6270d717b11c5476b0cbb21eedc8d4dbb7d1a956fd6c15a23e96f197a6193158", size = 2149151, upload-time = "2026-04-03T17:02:07.281Z" },
-    { url = "https://files.pythonhosted.org/packages/05/52/9f1a62feab6ed368aff068524ff414f26a6daebc7361861035ae00b05530/sqlalchemy-2.0.49-cp314-cp314t-win_amd64.whl", hash = "sha256:275424295f4256fd301744b8f335cff367825d270f155d522b30c7bf49903ee7", size = 2184178, upload-time = "2026-04-03T17:02:08.623Z" },
-    { url = "https://files.pythonhosted.org/packages/e5/30/8519fdde58a7bdf155b714359791ad1dc018b47d60269d5d160d311fdc36/sqlalchemy-2.0.49-py3-none-any.whl", hash = "sha256:ec44cfa7ef1a728e88ad41674de50f6db8cfdb3e2af84af86e0041aaf02d43d0", size = 1942158, upload-time = "2026-04-03T16:53:44.135Z" },
+sdist = { url = "https://files.pythonhosted.org/packages/57/da/6fbf010c8ebb347679d0d100b22fe9ba5e13fd04046c5df7280d2f0bf706/sqlalchemy-2.0.50.tar.gz", hash = "sha256:af5607d11ef90fd6a5c0549fe0045dce1663d427426bcfb506dcb5346a85a3b9", size = 9907424, upload-time = "2026-05-24T19:20:04.018Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/df/32/10ac51b4be7cdecd7e93d069251c86dfbf70b7adbd7c67b48ccea6c49e1c/sqlalchemy-2.0.50-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:c966932507a4d7d0a37314927dbfcd89720e3f37d2a1e3352e7ae7939fa8e8a0", size = 2158519, upload-time = "2026-05-24T19:27:56.472Z" },
+    { url = "https://files.pythonhosted.org/packages/5a/76/e703d2f7681d7d66c4c891af3f07c7ccf4c76ad7f18351de035b5eda007a/sqlalchemy-2.0.50-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:faffef4bcc20a1892e65e155293d99d60855bbbc79250ab712819cfd56a8e6bb", size = 3282063, upload-time = "2026-05-24T20:09:38.57Z" },
+    { url = "https://files.pythonhosted.org/packages/31/26/ef168b184a25701f9995e8fb7e503fafd7a99c1c77cda1bc1a26ea2ed486/sqlalchemy-2.0.50-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:6c206aec519a2e7bd08abbfb33436e325fd22c632d9c21a9047e376ce241646e", size = 3287069, upload-time = "2026-05-24T20:17:21.942Z" },
+    { url = "https://files.pythonhosted.org/packages/c2/15/765acc2bc693bccc43ca4a95d5b69750da8aaf6db1b5c616536e087f8920/sqlalchemy-2.0.50-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:bef4ac756363227ef6402a75fee025a4bc690f92328e825868939b3b3a446a6d", size = 3230453, upload-time = "2026-05-24T20:09:40.398Z" },
+    { url = "https://files.pythonhosted.org/packages/63/61/08e03c3adbf5db0087a0b6816746fec8f3032fb2f7fc899a9bb9b2a48ce4/sqlalchemy-2.0.50-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:96fbee6b19c19cd1556c8bf9419447cf2ec149ffcab7ab64348c23e54ef8547f", size = 3252413, upload-time = "2026-05-24T20:17:24.067Z" },
+    { url = "https://files.pythonhosted.org/packages/03/0c/370a1f2db38436c615e10134c8a37de3688e74084792380695f3f5083860/sqlalchemy-2.0.50-cp314-cp314-win32.whl", hash = "sha256:8f00e3eb43ba30eb1b238ee03a8a62309486d1321eda3328bb611e0340033ad8", size = 2120063, upload-time = "2026-05-24T19:50:11.08Z" },
+    { url = "https://files.pythonhosted.org/packages/7f/a0/fe92bb9817863bc13ba093bda931979a26cc2ca69f8e8f26d07add3d7c6f/sqlalchemy-2.0.50-cp314-cp314-win_amd64.whl", hash = "sha256:15708c613cd5005b7dffe1f66ee6a63ee8f5e46799f71c70ebad74178c676a39", size = 2145830, upload-time = "2026-05-24T19:50:12.452Z" },
+    { url = "https://files.pythonhosted.org/packages/cc/ff/e5640a98a0b2f491eb8fde10fb6c773621a2e44340de231fafcc9370f4a9/sqlalchemy-2.0.50-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:3699dac4be410e97049a1658e9480da9cde956594aa0f3aebc60b88f21c5ba70", size = 2178435, upload-time = "2026-05-24T19:42:58.889Z" },
+    { url = "https://files.pythonhosted.org/packages/b7/85/337116e186f1236375b5fb70c21cfac98e8e8ab0d3a47be838dc47a59e08/sqlalchemy-2.0.50-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f96233858e3df43932ac11589e22520da6e8aeb624b03fedfeebb0e8ea213086", size = 3566059, upload-time = "2026-05-24T20:01:20.848Z" },
+    { url = "https://files.pythonhosted.org/packages/96/34/bb0e190e161c3c2c24314a65add57218be14a4a9486886b7f5047c1ff7c8/sqlalchemy-2.0.50-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c4e70c46fad30c3bcc6a4708bc0130a3173e11a5b25f0ea4a9d8911b450f1f52", size = 3535366, upload-time = "2026-05-24T20:03:56.768Z" },
+    { url = "https://files.pythonhosted.org/packages/df/5a/a7f759f97e4fd499c5d4e4488c760d5a7fbecf3028b465a04274fcd52384/sqlalchemy-2.0.50-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:1918a3cf564d16d95bca7301005f41ab2ad50b07cd3b9da50d3ed986db148d6a", size = 3474879, upload-time = "2026-05-24T20:01:23.058Z" },
+    { url = "https://files.pythonhosted.org/packages/9d/d9/2907ea38eb60687d297bf9c39e5ee58053c87b57fe8a9cae97090cecbf10/sqlalchemy-2.0.50-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:b00098cdbdbd38c7be3d568b0c9c3122b8c0ec62b911b57cd5e6e0254d60a76d", size = 3486117, upload-time = "2026-05-24T20:03:59.052Z" },
+    { url = "https://files.pythonhosted.org/packages/f2/e3/5aa06f167559f8c0bdae487e297d23ba548150ab016a3418265d617a4985/sqlalchemy-2.0.50-cp314-cp314t-win32.whl", hash = "sha256:1fbd55a969d7ac44a98e3dec75016074f809fa08f871585ace58dde110d1bf3e", size = 2150823, upload-time = "2026-05-24T20:08:58.644Z" },
+    { url = "https://files.pythonhosted.org/packages/65/9b/112fb8f977582d7489d036e409e3723948bcf5320b3ac465f3c481bbe8f9/sqlalchemy-2.0.50-cp314-cp314t-win_amd64.whl", hash = "sha256:c5c3cdb753a9004183e1ccb634b41611654c989e61bc68617ce878e46d6f1e51", size = 2185794, upload-time = "2026-05-24T20:09:00.319Z" },
+    { url = "https://files.pythonhosted.org/packages/d0/10/f7220e9b784d295d241c86ed99aeb537f92afcd469a64861f2717e9bb077/sqlalchemy-2.0.50-py3-none-any.whl", hash = "sha256:92064363517a3ff8212b5a93b8c62876579d8dfd1ca5b561335f30152d884fa9", size = 1943861, upload-time = "2026-05-24T19:59:01.119Z" },
 ]
 
 [package.optional-dependencies]

python3_commons-0.18.22/src/python3_commons/auth.py

@@ -1,198 +0,0 @@
-from __future__ import annotations
-
-import logging
-from collections.abc import Sequence
-from http import HTTPStatus
-from typing import Self, TypeVar
-
-from pydantic import HttpUrl
-
-from python3_commons.helpers import replace_origin
-
-try:
-    import aiohttp
-except ImportError as e:
-    msg = 'Install python3-commons[authn] to use this feature'
-    raise RuntimeError(msg) from e
-
-import msgspec
-
-from python3_commons.conf import oidc_settings
-
-logger = logging.getLogger(__name__)
-
-
-class TokenData(msgspec.Struct):
-    exp: int
-    iat: int
-    iss: str
-    sub: str
-    aud: str | Sequence[str] | None = None
-    email: str | None = None
-    name: str | None = None
-    preferred_username: str | None = None
-    realm_access: dict[str, Sequence[str]] | None = None
-    resource_access: dict[str, dict[str, Sequence[str]]] | None = None
-
-    @property
-    def roles(self) -> list[str]:
-        roles_list = []
-
-        if self.realm_access:
-            roles_list.extend(self.realm_access.get('roles', []))
-
-        if self.resource_access:
-            for client in self.resource_access.values():
-                roles_list.extend(client.get('roles', []))
-
-        return list(set(roles_list))
-
-
-T = TypeVar('T', bound=TokenData)
-
-
-class OIDCTokenResponse(msgspec.Struct):
-    access_token: str
-    token_type: str
-    expires_in: int
-    refresh_token: str
-    scope: str
-    id_token: str
-    error: str | None = None
-    error_description: str | None = None
-
-
-async def fetch_openid_config() -> dict:
-    """
-    Fetch the OpenID configuration (including JWKS URI) from OIDC authority.
-    """
-    if (authority_url := oidc_settings.authority_url) is None:
-        msg = 'OIDC authority URL is required'
-        raise ValueError(msg)
-
-    if oidc_settings.authority_internal_host:
-        authority_url = replace_origin(authority_url, oidc_settings.authority_internal_host)
-
-    oidc_config_url = f'{authority_url}/.well-known/openid-configuration'
-
-    logger.debug('Fetching OpenID configuration from: %s', oidc_config_url)
-
-    async with aiohttp.ClientSession() as session, session.get(oidc_config_url) as response:
-        if response.status != HTTPStatus.OK:
-            _msg = 'Failed to fetch OpenID configuration'
-
-            raise RuntimeError(_msg)
-
-        return await response.json()
-
-
-async def fetch_jwks(jwks_uri: str) -> dict:
-    """
-    Fetch the JSON Web Key Set (JWKS) for validating the token's signature.
-    """
-    if authority_internal_host := oidc_settings.authority_internal_host:
-        logger.debug('Received jwks_uri: %s', jwks_uri)
-        logger.debug('Replacing OIDC authority host with: %s', authority_internal_host)
-        jwks_uri = str(replace_origin(HttpUrl(jwks_uri), authority_internal_host))
-        logger.debug('Modified jwks_uri: %s', jwks_uri)
-
-    async with aiohttp.ClientSession() as session, session.get(jwks_uri) as response:
-        if response.status != HTTPStatus.OK:
-            _msg = 'Failed to fetch JWKS'
-
-            raise RuntimeError(_msg)
-
-        return await response.json()
-
-
-class OIDCError(Exception):
-    pass
-
-
-class OIDCAuthError(OIDCError):
-    pass
-
-
-# TODO: use api_client
-class OIDCClient:
-    def __init__(
-        self,
-        authority_url: str,
-        client_id: str,
-        client_secret: str | None = None,
-        *,
-        timeout: float = 10.0,
-        session: aiohttp.ClientSession | None = None,
-    ) -> None:
-        self._token_url = f'{authority_url}/protocol/openid-connect/token'  # TODO: get it from openid-configuration
-        self._client_id = client_id
-        self._client_secret = client_secret
-        self._timeout = aiohttp.ClientTimeout(total=timeout)
-        self._session = session
-        self._owns_session = session is None
-
-    async def __aenter__(self) -> Self:
-        if self._session is None:
-            self._session = aiohttp.ClientSession(timeout=self._timeout)
-        return self
-
-    async def __aexit__(self, *_: object) -> None:
-        if self._owns_session and self._session:
-            await self._session.close()
-
-    async def fetch_token(
-        self,
-        *,
-        username: str,
-        password: str,
-        scope: str = 'openid profile email',
-    ) -> OIDCTokenResponse:
-        if self._session is None:
-            msg = 'ClientSession not initialized'
-
-            raise RuntimeError(msg)
-
-        data = {
-            'grant_type': 'password',
-            'username': username,
-            'password': password,
-            'client_id': self._client_id,
-            'scope': scope,
-        }
-
-        if self._client_secret:
-            data['client_secret'] = self._client_secret
-
-        try:
-            async with self._session.post(
-                self._token_url,
-                data=data,
-                headers={'Content-Type': 'application/x-www-form-urlencoded'},
-            ) as resp:
-                payload = await resp.read()
-                decoder = msgspec.json.Decoder(type=OIDCTokenResponse)
-                token = decoder.decode(payload)
-
-        except TimeoutError as e:
-            msg = 'OIDC request timed out'
-
-            raise OIDCError(msg) from e
-        except aiohttp.ClientError as e:
-            msg = 'OIDC transport error'
-
-            raise OIDCError(msg) from e
-
-        if not resp.ok:
-            error = token.error
-            description = token.error_description
-
-            if error in {'invalid_grant', 'invalid_client'}:
-                msg = f'{error}: {description}'
-
-                raise OIDCAuthError(msg)
-
-            msg = f'{error}: {description}'
-
-            raise OIDCError(msg)
-
-        return token