PyPI - tigrbl_auth - Versions diffs - 0.3.2.dev4__tar.gz → 0.3.2.dev7__tar.gz - Mend

tigrbl_auth 0.3.2.dev4tar.gz → 0.3.2.dev7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tigrbl_auth
-Version: 0.3.2.dev4
+Version: 0.3.2.dev7
 Summary: A Tigrbl Multi‑tenant OpenID‑Connect / OAuth2 Identity‑Provider server by Swarmauri.
 License-Expression: Apache-2.0
 License-File: LICENSE

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "tigrbl_auth"
-version = "0.3.2.dev4"
+version = "0.3.2.dev7"
 description = "A Tigrbl Multi‑tenant OpenID‑Connect / OAuth2 Identity‑Provider server by Swarmauri."
 license = "Apache-2.0"
 readme = "README.md"

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/adapters/local_adapter.py RENAMED Viewed

@@ -7,9 +7,9 @@ exist in *tigrbl_auth* so that Tigrbl can consume them automatically.
 Usage
 -----
->>> from tigrbl import TigrblApi
+>>> from tigrbl import TigrblRouter
 >>> from tigrbl_auth.adapters import LocalAuthNAdapter
->>> api = TigrblApi(engine=ENGINE, authn=LocalAuthNAdapter())
+>>> api = TigrblRouter(engine=ENGINE, authn=LocalAuthNAdapter())
 """
 from __future__ import annotations

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/app.py RENAMED Viewed

@@ -26,6 +26,7 @@ from .oidc_discovery import include_oidc_discovery
 from .rfc.rfc8693 import include_rfc8693
 from .oidc_userinfo import include_oidc_userinfo
 from .rfc.rfc7009 import include_rfc7009
+from .rfc.rfc8932 import include_rfc8932
 import logging
@@ -60,6 +61,9 @@ if settings.enable_rfc8414:
     include_rfc8414(app)
     include_oidc_discovery(app)
+if settings.enable_rfc8932:
+    include_rfc8932(app)
 async def _startup() -> None:
     # 1 – metadata validation / SQLite convenience mode

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/deps/__init__.py RENAMED Viewed

@@ -31,7 +31,7 @@ from .fastapi import (
 from .sqlalchemy import IntegrityError, Select, select, or_, delete
 from .tigrbl import (
     TigrblApp,
-    TigrblApi,
+    TigrblRouter,
     op_ctx,
     hook_ctx,
     engine_ctx,
@@ -114,7 +114,7 @@ __all__ = [
     "IntegrityError",
     # tigrbl
     "TigrblApp",
-    "TigrblApi",
+    "TigrblRouter",
     "op_ctx",
     "hook_ctx",
     "engine_ctx",

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/deps/tigrbl.py RENAMED Viewed

@@ -1,4 +1,4 @@
-from tigrbl import TigrblApp, TigrblApi, op_ctx, hook_ctx, engine_ctx
+from tigrbl import TigrblApp, TigrblRouter, op_ctx, hook_ctx, engine_ctx
 from tigrbl.engine import HybridSession as AsyncSession, engine as build_engine
 from tigrbl.config.constants import TIGRBL_AUTH_CONTEXT_ATTR
 from tigrbl.types.authn_abc import AuthNProvider
@@ -39,7 +39,7 @@ from tigrbl.types import (
 __all__ = [
     "TigrblApp",
-    "TigrblApi",
+    "TigrblRouter",
     "op_ctx",
     "hook_ctx",
     "engine_ctx",

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/oidc_discovery.py RENAMED Viewed

@@ -11,12 +11,12 @@ import json
 from functools import lru_cache
 from typing import Any
-from tigrbl_auth.deps import TigrblApi, TigrblApp
+from tigrbl_auth.deps import TigrblRouter, TigrblApp
 from .rfc.rfc8414_metadata import ISSUER, JWKS_PATH
 from .runtime_cfg import settings
-api = TigrblApi()
+api = TigrblRouter()
 router = api
@@ -92,13 +92,13 @@ def refresh_discovery_cache() -> None:
 # ---------------------------------------------------------------------------
 # Routes
 # ---------------------------------------------------------------------------
-@api.get("/.well-known/openid-configuration", tags=[".well-known"])
+@api.route("/.well-known/openid-configuration", methods=["GET"], tags=[".well-known"])
 async def openid_configuration():
     """Return OpenID Connect discovery metadata."""
     return _cached_openid_config(_settings_signature())
-@api.get(JWKS_PATH, tags=[".well-known"])
+@api.route(JWKS_PATH, methods=["GET"], tags=[".well-known"])
 async def jwks():
     """Publish all public keys in RFC 7517 JWKS format."""
     from .oidc_id_token import ensure_rsa_jwt_key, rsa_key_provider
@@ -120,7 +120,9 @@ async def jwks():
 def include_oidc_discovery(app: TigrblApp) -> None:
     """Attach OIDC discovery routes to *app* if not already present."""
     if not any(
-        route.path == "/.well-known/openid-configuration" for route in app.routes
+        (getattr(route, "path", None) or getattr(route, "path_template", None))
+        == "/.well-known/openid-configuration"
+        for route in app.router.routes
     ):
         app.include_router(api)

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/oidc_userinfo.py RENAMED Viewed

@@ -14,7 +14,7 @@ from __future__ import annotations
 import inspect
 from tigrbl_auth.deps import (
-    TigrblApi,
+    TigrblRouter,
     TigrblApp,
     HTTPException,
     Request,
@@ -28,7 +28,7 @@ from .orm import User
 from .rfc.rfc6750 import extract_bearer_token
 from .deps import JWAAlg
-api = TigrblApi()
+api = TigrblRouter()
 router = api
@@ -47,7 +47,7 @@ async def _resolve_current_user(request: Request) -> User:
     return await get_current_principal(request)
-@api.get("/userinfo", response_model=None)
+@api.route("/userinfo", methods=["GET"], response_model=None)
 async def userinfo(request: Request) -> Response | dict[str, str]:
     """Return claims about the authenticated user.
@@ -101,7 +101,11 @@ async def userinfo(request: Request) -> Response | dict[str, str]:
 def include_oidc_userinfo(app: TigrblApp) -> None:
     """Attach the UserInfo endpoint to *app* if not already present."""
-    if not any(route.path == "/userinfo" for route in app.routes):
+    if not any(
+        (getattr(route, "path", None) or getattr(route, "path_template", None))
+        == "/userinfo"
+        for route in app.router.routes
+    ):
         app.include_router(api)

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/rfc/rfc6749_token.py RENAMED Viewed

@@ -9,7 +9,7 @@ from uuid import UUID
 from tigrbl.security.dependencies import Depends as TigrblDepends
 from tigrbl_auth.deps import (
-    TigrblApi,
+    TigrblRouter,
     AsyncSession,
     HTTPException,
     JSONResponse,
@@ -47,7 +47,7 @@ from ..routers.shared import (
 )
 from ..runtime_cfg import settings
-api = TigrblApi()
+api = TigrblRouter()
 router = api
@@ -71,7 +71,7 @@ async def _parse_request_form(request: Request) -> tuple[dict[str, str], list[st
     return data, resources
-@api.post("/token", response_model=TokenPair)
+@api.route("/token", methods=["POST"], response_model=TokenPair)
 async def token(
     request: Request, db: AsyncSession = TigrblDepends(get_db)
 ) -> TokenPair:
@@ -295,7 +295,7 @@ async def token(
     )
-@api.post("/token/refresh", response_model=TokenPair)
+@api.route("/token/refresh", methods=["POST"], response_model=TokenPair)
 async def refresh(body: RefreshIn, request: Request):
     _require_tls(request)
     try:

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/rfc/rfc7009.py RENAMED Viewed

@@ -13,13 +13,13 @@ from urllib.parse import parse_qs
 from typing import Final, Set
-from tigrbl_auth.deps import TigrblApi, TigrblApp, HTTPException, Request, status
+from tigrbl_auth.deps import TigrblRouter, TigrblApp, HTTPException, Request, status
 from ..runtime_cfg import settings
 RFC7009_SPEC_URL: Final = "https://www.rfc-editor.org/rfc/rfc7009"
-api = TigrblApi()
+api = TigrblRouter()
 router = api
 # In-memory set storing revoked tokens for demonstration and testing purposes
@@ -57,7 +57,7 @@ def reset_revocations() -> None:
     _REVOKED_TOKENS.clear()
-@api.post("/revoked_tokens/revoke")
+@api.route("/revoked_tokens/revoke", methods=["POST"])
 async def revoke(request: Request) -> dict[str, str]:
     """RFC 7009 token revocation endpoint."""
     if not settings.enable_rfc7009:
@@ -77,7 +77,9 @@ async def revoke(request: Request) -> dict[str, str]:
 def include_rfc7009(app: TigrblApp) -> None:
     """Attach revocation routes to *app* if enabled."""
     if settings.enable_rfc7009 and not any(
-        route.path == "/revoked_tokens/revoke" for route in app.routes
+        (getattr(route, "path", None) or getattr(route, "path_template", None))
+        == "/revoked_tokens/revoke"
+        for route in app.router.routes
     ):
         app.include_router(api)

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/rfc/rfc7662_introspection.py RENAMED Viewed

@@ -2,18 +2,18 @@ from __future__ import annotations
 from urllib.parse import parse_qs
-from tigrbl_auth.deps import TigrblApi, HTTPException, Request, status
+from tigrbl_auth.deps import TigrblRouter, HTTPException, Request, status
 from ..runtime_cfg import settings
 from ..routers.schemas import IntrospectOut
 from ..routers.shared import _require_tls
 from ..rfc.rfc7662 import introspect_token
-api = TigrblApi()
+api = TigrblRouter()
 router = api
-@api.post("/introspect", response_model=IntrospectOut)
+@api.route("/introspect", methods=["POST"], response_model=IntrospectOut)
 async def introspect(request: Request):
     _require_tls(request)
     if not settings.enable_rfc7662:

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/rfc/rfc8414.py RENAMED Viewed

@@ -12,7 +12,7 @@ from __future__ import annotations
 from typing import Final
-from tigrbl_auth.deps import TigrblApi, TigrblApp, HTTPException, status
+from tigrbl_auth.deps import TigrblRouter, TigrblApp, HTTPException, status
 from ..runtime_cfg import settings
 from ..oidc_discovery import (
@@ -23,15 +23,16 @@ from ..oidc_discovery import (
 RFC8414_SPEC_URL: Final = "https://www.rfc-editor.org/rfc/rfc8414"
-api = TigrblApi()
+api = TigrblRouter()
 router = api
 # ---------------------------------------------------------------------------
 # Routes
 # ---------------------------------------------------------------------------
-@api.get(
+@api.route(
     "/.well-known/oauth-authorization-server",
+    methods=["GET"],
     include_in_schema=False,
     tags=[".well-known"],
 )
@@ -47,7 +48,9 @@ async def authorization_server_metadata():
 def include_rfc8414(app: TigrblApp) -> None:
     """Attach discovery routes to *app* if enabled."""
     if settings.enable_rfc8414 and not any(
-        route.path == "/.well-known/oauth-authorization-server" for route in app.routes
+        (getattr(route, "path", None) or getattr(route, "path_template", None))
+        == "/.well-known/oauth-authorization-server"
+        for route in app.router.routes
     ):
         app.include_router(api)

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/rfc/rfc8693.py RENAMED Viewed

@@ -13,7 +13,7 @@ from typing import Any, Dict, List, Optional, Union
 from enum import Enum
 import warnings
 from tigrbl_auth.deps import (
-    TigrblApi,
+    TigrblRouter,
     TigrblApp,
     Form,
     HTTPException,
@@ -32,7 +32,7 @@ RFC8693_SPEC_URL = "https://www.rfc-editor.org/rfc/rfc8693"
 # Token Exchange Grant Type
 TOKEN_EXCHANGE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange"
-api = TigrblApi()
+api = TigrblRouter()
 router = api
@@ -40,7 +40,9 @@ def include_rfc8693(app: TigrblApp) -> None:
     """Attach the RFC 8693 router to *app* if enabled."""
     if runtime_cfg.settings.enable_rfc8693 and not any(
-        route.path == "/token/exchange" for route in app.routes
+        (getattr(route, "path", None) or getattr(route, "path_template", None))
+        == "/token/exchange"
+        for route in app.router.routes
     ):
         app.include_router(api)
@@ -295,7 +297,7 @@ def exchange_token(
     )
-@api.post("/token/exchange")
+@api.route("/token/exchange", methods=["POST"])
 async def token_exchange_endpoint(
     request: Request,
     grant_type: str = Form(...),

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/rfc/rfc8932.py RENAMED Viewed

@@ -14,14 +14,14 @@ from __future__ import annotations
 from typing import Any, Dict, List
-from tigrbl_auth.deps import TigrblApi, HTTPException, status
+from tigrbl_auth.deps import TigrblRouter, HTTPException, status
 from ..runtime_cfg import settings
 from .rfc8414_metadata import ISSUER, JWKS_PATH
 RFC8932_SPEC_URL = "https://www.rfc-editor.org/rfc/rfc8932"
-api = TigrblApi()
+api = TigrblRouter()
 router = api
 # Supported encrypted DNS transports per RFC 8932 recommendations
@@ -210,8 +210,9 @@ def get_enhanced_authorization_server_metadata() -> Dict[str, Any]:
     return result
-@api.get(
+@api.route(
     "/.well-known/oauth-authorization-server-enhanced",
+    methods=["GET"],
     include_in_schema=False,
     tags=[".well-known"],
 )
@@ -332,6 +333,16 @@ def get_capability_matrix() -> Dict[str, Dict[str, Any]]:
     }
+def include_rfc8932(app) -> None:
+    """Register RFC 8932 enhanced metadata endpoint on *app* once."""
+    if not any(
+        (getattr(route, "path", None) or getattr(route, "path_template", None))
+        == "/.well-known/oauth-authorization-server-enhanced"
+        for route in app.router.routes
+    ):
+        app.include_router(api)
 __all__ = [
     "enforce_encrypted_dns",
     "get_enhanced_authorization_server_metadata",
@@ -341,5 +352,6 @@ __all__ = [
     "api",
     "router",
     "RFC8932_SPEC_URL",
+    "include_rfc8932",
     "enforce_encrypted_dns",
 ]

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/routers/auth_flows.py RENAMED Viewed

@@ -16,7 +16,7 @@ from .authz import router as router
 api = router
-@router.post("/login", request_model=CredsIn, response_model=TokenPair)
+@router.route("/login", methods=["POST"], response_model=TokenPair)
 async def login(
     request: Request,
     creds: CredsIn | None = None,

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/routers/authz/__init__.py RENAMED Viewed

@@ -1,7 +1,7 @@
-from tigrbl_auth.deps import TigrblApi
+from tigrbl_auth.deps import TigrblRouter
 from tigrbl_auth.rfc import rfc6749_token, rfc7662_introspection
-api = TigrblApi()
+api = TigrblRouter()
 api.include_router(rfc6749_token.api)
 api.include_router(rfc7662_introspection.api)

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/routers/authz/oidc.py RENAMED Viewed

@@ -26,7 +26,7 @@ from ..shared import _require_tls
 from . import api
-@api.get("/authorize")
+@api.route("/authorize", methods=["GET"])
 async def authorize(
     request: Request,
     response_type: str | None = None,

{tigrbl_auth-0.3.2.dev4 → tigrbl_auth-0.3.2.dev7}/tigrbl_auth/routers/surface.py RENAMED Viewed

@@ -8,7 +8,7 @@ Exports
 -------
 Base        : Declarative base for all models in **tigrbl_authn**.
 metadata    : Shared SQLAlchemy ``MetaData`` with a sane naming-convention.
-surface_api : ``TigrblApi`` combining Tigrbl resources and auth flows.
+surface_api : ``TigrblRouter`` combining Tigrbl resources and auth flows.
 The resulting ``surface_api`` exposes a symmetrical REST/RPC surface under
 namespaces like ``surface_api.core.User.create`` and
@@ -25,7 +25,7 @@ Notes
 from __future__ import annotations
-from tigrbl_auth.deps import TigrblApi
+from tigrbl_auth.deps import TigrblRouter
 from tigrbl_auth.orm import (
     Tenant,
     User,
@@ -43,9 +43,9 @@ from .auth_flows import api as flows_api
 # ----------------------------------------------------------------------
 # 3.  Build Tigrbl instance & router
 # ----------------------------------------------------------------------
-surface_api = TigrblApi(engine=dsn)
+surface_api = TigrblRouter(engine=dsn)
-surface_api.include_models(
+surface_api.include_tables(
     [
         Tenant,
         User,