sweatstack 0.55.0__tar.gz → 0.57.0__tar.gz

{sweatstack-0.55.0 → sweatstack-0.57.0}/CHANGELOG.md

@@ -6,6 +6,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [0.57.0] - 2025-12-04
+
+### Added
+- Added a new "proxy mode" to the `ss.StreamlitAuth` class that allows running Streamlit apps behind a proxy. The proxy mode is enabled by calling `ss.StreamlitAuth.behind_proxy()`. The proxy should handle the OAuth callback and token exchange and pass the access token to the app via the `X-SweatStack-Token` (configurable) header. The OAuth2 flow is still initiated by the `ss.StreamlitAuth` class.
+
+
+## [0.56.0] - 2025-11-21
+
+### Fixed
+- Fixed an issue where refreshing the token would not succeed with the Streamlit integration.
+
+
 ## [0.55.0] - 2025-10-24
 
 ### Added

{sweatstack-0.55.0 → sweatstack-0.57.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sweatstack
-Version: 0.55.0
+Version: 0.57.0
 Summary: The official Python client for SweatStack
 Author-email: Aart Goossens <aart@gssns.io>
 Requires-Python: >=3.9

{sweatstack-0.55.0 → sweatstack-0.57.0}/docs/everything.rst

@@ -163,9 +163,98 @@ Metric
     :undoc-members:
 
 sweatstack.openapi_schemas
-------------------
+--------------------------
+
+Core Data Models
+~~~~~~~~~~~~~~~~
+
+.. autoclass:: sweatstack.openapi_schemas.ActivitySummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.ActivityDetails
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.TraceDetails
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.Lap
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+Activity Summaries
+~~~~~~~~~~~~~~~~~~
+
+.. autoclass:: sweatstack.openapi_schemas.ActivitySummarySummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.PowerSummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.SpeedSummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.DistanceSummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.ElevationSummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.HeartRateSummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.TemperatureSummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.CoreTemperatureSummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.Smo2Summary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+User & Authentication
+~~~~~~~~~~~~~~~~~~~~~
+
+.. autoclass:: sweatstack.openapi_schemas.UserSummary
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.UserInfoResponse
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: sweatstack.openapi_schemas.TokenResponse
+    :members:
+    :undoc-members:
+    :show-inheritance:
 
-.. automodule:: sweatstack.openapi_schemas
+.. autoclass:: sweatstack.openapi_schemas.BackfillStatus
     :members:
     :undoc-members:
     :show-inheritance:

{sweatstack-0.55.0 → sweatstack-0.57.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "sweatstack"
-version = "0.55.0"
+version = "0.57.0"
 description = "The official Python client for SweatStack"
 readme = "README.md"
 authors = [

{sweatstack-0.55.0 → sweatstack-0.57.0}/src/sweatstack/client.py

@@ -669,6 +669,8 @@ class Client(_OAuth2Mixin, _DelegationMixin, _TokenStorageMixin, _LocalCacheMixi
         refresh_token: str | None = None,
         url: str | None = None,
         streamlit_compatible: bool = False,
+        client_id: str | None = None,
+        client_secret: str | None = None,
     ):
         """Initialize a SweatStack client.
 
@@ -682,18 +684,28 @@ class Client(_OAuth2Mixin, _DelegationMixin, _TokenStorageMixin, _LocalCacheMixi
         self.refresh_token = refresh_token
         self.url = url
         self.streamlit_compatible = streamlit_compatible
+        self.client_id = client_id or OAUTH2_CLIENT_ID
+        self.client_secret = client_secret
 
     def _do_token_refresh(self, tz: str) -> str:
-        with self._http_client() as client:
+        refresh_token = self.refresh_token
+        if refresh_token is None:
+            raise ValueError(
+                "Cannot refresh token: no refresh_token available. "
+                "If using Streamlit, ensure you're using StreamlitAuth which handles token refresh automatically."
+            )
+
+        with self._http_client(skip_token_check=True) as client:
             response = client.post(
                 "/api/v1/oauth/token",
-                json={
+                data={
                     "grant_type": "refresh_token",
-                    "refresh_token": self.refresh_token,
+                    "refresh_token": refresh_token,
                     "tz": tz,
+                    "client_id": self.client_id,
+                    "client_secret": self.client_secret,
                 },
             )
-
             self._raise_for_status(response)
             return response.json()["access_token"]
 
@@ -701,12 +713,13 @@ class Client(_OAuth2Mixin, _DelegationMixin, _TokenStorageMixin, _LocalCacheMixi
         try:
             body = decode_jwt_body(token)
             # Margin in seconds to account for time to token validation of the next request
-            TOKEN_EXPIRY_MARGIN = 5
+            TOKEN_EXPIRY_MARGIN = 5  # 5 seconds. Meaning that if the token is within 5 seconds of expiring, it will be refreshed.
             if body["exp"] - TOKEN_EXPIRY_MARGIN < time.time():
                 # Token is (almost) expired, refresh it
                 token = self._do_token_refresh(body["tz"])
                 self._api_key = token
-        except Exception:
+        except Exception as exception:
+            logging.warning("Exception checking token expiry: %s", exception)
             # If token can't be decoded, just return as-is
             # @TODO: This probably should be handled differently
             pass
@@ -776,16 +789,27 @@ class Client(_OAuth2Mixin, _DelegationMixin, _TokenStorageMixin, _LocalCacheMixi
         self._url = value
     
     @contextlib.contextmanager
-    def _http_client(self):
+    def _http_client(self, skip_token_check: bool = False):
         """
         Creates an httpx client with the base URL and authentication headers pre-configured.
+
+        Args:
+            skip_token_check: If True, uses the raw _api_key without triggering token expiry check.
+                              This prevents recursive token refresh attempts.
         """
         headers = {
             "User-Agent": f"python-sweatstack/{__version__}",
         }
-        if self.api_key:
-            headers["Authorization"] = f"Bearer {self.api_key}"
-        
+        if skip_token_check:
+            # Use raw token without triggering expiry check (used during refresh)
+            token = self._api_key
+        else:
+            # Normal path: may trigger token refresh
+            token = self.api_key
+
+        if token:
+            headers["Authorization"] = f"Bearer {token}"
+
         with httpx.Client(base_url=self.url, headers=headers, timeout=60) as client:
             yield client
 

{sweatstack-0.55.0 → sweatstack-0.57.0}/src/sweatstack/streamlit.py

@@ -114,19 +114,115 @@ class StreamlitAuth:
 
         self.redirect_uri = redirect_uri or os.environ.get("SWEATSTACK_REDIRECT_URI")
 
+        self._proxy_mode = False
+        self._logout_uri = None
+
         self.api_key = st.session_state.get("sweatstack_api_key")
-        self.client = Client(self.api_key, streamlit_compatible=True)
+        self.refresh_token = st.session_state.get("sweatstack_refresh_token")
+        self.client = Client(
+            self.api_key,
+            refresh_token=self.refresh_token,
+            streamlit_compatible=True,
+            client_id=self.client_id,
+            client_secret=self.client_secret,
+        )
+
+    @classmethod
+    def behind_proxy(
+        cls,
+        redirect_uri: str,
+        header_name: str = "X-SweatStack-Token",
+        logout_uri: str = "/logout",
+    ) -> "StreamlitAuth":
+        """Create a StreamlitAuth instance for use behind a proxy.
+
+        Use this method when your Streamlit app runs behind a proxy that handles
+        authentication and passes the SweatStack access token via an HTTP header.
+
+        Args:
+            redirect_uri: The URI to redirect to after login (used by proxy).
+            header_name: The HTTP header name containing the access token.
+                         Defaults to "X-SweatStack-Token".
+            logout_uri: The URI to redirect to for logout.
+                        Defaults to "/logout".
+
+        Returns:
+            StreamlitAuth: An instance configured for proxy mode.
+
+        Example:
+            auth = StreamlitAuth.behind_proxy(
+                redirect_uri="https://myapp.example.com/app",
+            )
+
+            if not auth.is_authenticated():
+                st.error("Missing authentication header")
+                st.stop()
+
+            activities = auth.client.get_activities()
+        """
+        instance = cls(redirect_uri=redirect_uri)
+        instance._proxy_mode = True
+        instance._logout_uri = logout_uri
+
+        token = st.context.headers.get(header_name)
+        if token:
+            instance.api_key = token
+            instance.client = Client(token, streamlit_compatible=True)
+
+        return instance
+
+    def _show_styled_link_button(self, label: str, url: str):
+        """Displays a styled link button with hover effects.
+
+        Args:
+            label: Text to display on the button.
+            url: The URL to navigate to when clicked.
+        """
+        st.markdown(
+            f"""
+            <style>
+                .animated-button {{
+                }}
+                .animated-button:hover {{
+                    transform: scale(1.05);
+                }}
+                .animated-button:active {{
+                    transform: scale(1);
+                }}
+            </style>
+            <a href="{url}"
+                target="_top"
+                class="animated-button"
+                style="display: inline-block;
+                    padding: 10px 20px;
+                    background-color: #EF2B2D;
+                    color: white;
+                    text-decoration: none;
+                    border-radius: 6px;
+                    border: none;
+                    transition: all 0.3s ease;
+                    cursor: pointer;"
+                >{label}</a>
+            """,
+            unsafe_allow_html=True,
+        )
 
     def logout_button(self):
         """Displays a logout button and handles user logout.
 
-        When clicked, this button clears the stored API key from session state,
-        resets the client, and triggers a Streamlit rerun to update the UI.
+        In standard mode, clears the stored API key from session state,
+        resets the client, and triggers a Streamlit rerun.
+
+        In proxy mode, displays a styled link that redirects to the logout URI.
         """
-        if st.button("Logout"):
+        if self._proxy_mode:
+            self._show_styled_link_button("Logout", self._logout_uri)
+        elif st.button("Logout"):
             self.api_key = None
+            self.refresh_token = None
             self.client = Client(streamlit_compatible=True)
-            st.session_state.pop("sweatstack_api_key")
+            st.session_state.pop("sweatstack_api_key", None)
+            st.session_state.pop("sweatstack_refresh_token", None)
             st.rerun()
 
     def _running_on_streamlit_cloud(self):
@@ -142,34 +238,7 @@ class StreamlitAuth:
         authorization_url = self.get_authorization_url()
         login_label = login_label or "Connect with SweatStack"
         if not self._running_on_streamlit_cloud():
-            st.markdown(
-                f"""
-                <style>
-                    .animated-button {{
-                    }}
-                    .animated-button:hover {{
-                        transform: scale(1.05);
-                    }}
-                    .animated-button:active {{
-                        transform: scale(1);
-                    }}
-                </style>
-                <a href="{authorization_url}"
-                    target="_top"
-                    class="animated-button"
-                    style="display: inline-block;
-                        padding: 10px 20px;
-                        background-color: #EF2B2D;
-                        color: white;
-                        text-decoration: none;
-                        border-radius: 6px;
-                        border: none;
-                        transition: all 0.3s ease;
-                        cursor: pointer;"
-                    >{login_label}</a>
-                """,
-                unsafe_allow_html=True,
-            )
+            self._show_styled_link_button(login_label, authorization_url)
         else:
             st.link_button(login_label, authorization_url)
 
@@ -193,15 +262,21 @@ class StreamlitAuth:
 
         return authorization_url
 
-    def _set_api_key(self, api_key):
-        """Sets the API key in instance and session state, then refreshes the client.
+    def _set_api_key(self, api_key, refresh_token=None):
+        """Sets the API key and refresh token in instance and session state, then refreshes the client.
 
         Args:
             api_key: The API access token to set.
+            refresh_token: The refresh token to set. If None, keeps the existing refresh token.
         """
         self.api_key = api_key
         st.session_state["sweatstack_api_key"] = api_key
-        self.client = Client(self.api_key, streamlit_compatible=True)
+
+        if refresh_token is not None:
+            self.refresh_token = refresh_token
+            st.session_state["sweatstack_refresh_token"] = refresh_token
+
+        self.client = Client(self.api_key, refresh_token=self.refresh_token, streamlit_compatible=True)
 
     def _exchange_token(self, code):
         """Exchanges an authorization code for an access token.
@@ -230,7 +305,10 @@ class StreamlitAuth:
             raise Exception(f"SweatStack Python login failed. Please try again.") from e
         token_response = response.json()
 
-        self._set_api_key(token_response.get("access_token"))
+        self._set_api_key(
+            token_response.get("access_token"),
+            refresh_token=token_response.get("refresh_token")
+        )
 
         return
 
@@ -257,12 +335,23 @@ class StreamlitAuth:
         to the Streamlit app with an authorization code, which is exchanged for an
         access token.
 
+        In proxy mode, this method only shows the login button if not authenticated.
+        The proxy handles the OAuth callback and token exchange.
+
         Args:
             login_label: The label to display on the login button. Defaults to "Login with SweatStack".
 
         Returns:
             None
         """
+        if self._proxy_mode:
+            if self.is_authenticated():
+                if show_logout:
+                    self.logout_button()
+            else:
+                self._show_sweatstack_login(login_label)
+            return
+
         if self.is_authenticated():
             if not st.session_state.get("sweatstack_auth_toast_shown", False):
                 st.toast("SweatStack authentication successful!", icon="✅")