trishul-oauth-client 0.1.0__tar.gz

trishul_oauth_client-0.1.0/.gitignore

@@ -0,0 +1,134 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+.env.production
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# public
+
+# Identity service React build output (generated by vite build)
+services/identity-service/src/public/auth-ui/
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+.DS_Store
+
+# Enterprise Roadmap
+docs/enterprise_roadmap.md
+
+scratch/*
+
+# Claude
+.claude/settings.local.json

trishul_oauth_client-0.1.0/PKG-INFO

@@ -0,0 +1,205 @@
+Metadata-Version: 2.4
+Name: trishul-oauth-client
+Version: 0.1.0
+Summary: Enterprise-grade OIDC/OAuth client library for Python (FastAPI, Flask, Django)
+Project-URL: Homepage, https://trishuliam.com
+Project-URL: Repository, https://github.com/shubhamssinghs/trishul-iam
+Author-email: TrishulIAM Team <team@trishuliam.com>
+License: MIT
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.8
+Requires-Dist: httpx>=0.24.0
+Requires-Dist: pyjwt[crypto]>=2.8.0
+Provides-Extra: dev
+Requires-Dist: black>=23.0.0; extra == 'dev'
+Requires-Dist: mypy>=1.0.0; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.21.0; extra == 'dev'
+Requires-Dist: pytest>=7.0.0; extra == 'dev'
+Requires-Dist: respx>=0.20.0; extra == 'dev'
+Provides-Extra: django
+Requires-Dist: django>=4.0.0; extra == 'django'
+Provides-Extra: fastapi
+Requires-Dist: fastapi>=0.100.0; extra == 'fastapi'
+Provides-Extra: flask
+Requires-Dist: flask>=2.0.0; extra == 'flask'
+Description-Content-Type: text/markdown
+
+# Trishul OAuth Client for Python
+
+An enterprise-grade, highly secure OIDC/OAuth 2.0 client library for Python. Supports standard OIDC authorization code flow with secure PKCE validation, state validation, and plug-and-play integrations for **FastAPI**, **Flask**, and **Django**.
+
+---
+
+## Features
+
+- **Sync & Async Core Engine**: Fully support both sync and async frameworks out-of-the-box.
+- **Secure PKCE (S256)**: Auto-generated PKCE verification pairs for absolute security against code interception attacks.
+- **OIDC Discovery Configuration**: Automatic parsing and local caching of the openid-configuration metadata.
+- **Cryptographic Signature Verification**: Validates ID Token signatures locally using the server's JWKS endpoint.
+- **Automatic Silent Token Rotation**: Seamless refresh-token based token rotation without user disruption.
+- **Out-of-the-Box Web Framework Integrations** for:
+  - **FastAPI / Starlette**
+  - **Flask**
+  - **Django**
+
+---
+
+## Installation
+
+Install from PyPI (once published):
+
+```bash
+pip install trishul-oauth-client
+```
+
+Or install with framework-specific dependency packages:
+
+```bash
+# For FastAPI
+pip install "trishul-oauth-client[fastapi]"
+
+# For Flask
+pip install "trishul-oauth-client[flask]"
+
+# For Django
+pip install "trishul-oauth-client[django]"
+```
+
+---
+
+## Quickstart
+
+### 1. Initialize Client
+```python
+from trishul_oauth import TrishulOAuth, MemoryStorage
+
+client = TrishulOAuth({
+    "issuer": "https://identity.yourdomain.com",
+    "clientId": "your_client_id",
+    "clientSecret": "your_client_secret",
+    "redirectUri": "http://localhost:8000/callback",
+    "usePKCE": True,
+})
+```
+
+---
+
+## Web Framework Integrations
+
+### 1. FastAPI / Starlette
+Fully async dependency injection provider:
+
+```python
+from fastapi import FastAPI, Depends, HTTPException
+from trishul_oauth import TrishulOAuth
+from trishul_oauth.integrations.fastapi import TrishulSecurity
+
+app = FastAPI()
+client = TrishulOAuth({
+    "issuer": "https://identity.yourdomain.com",
+    "clientId": "your_client_id",
+    "redirectUri": "http://localhost:8000/callback",
+})
+
+# Initialize FastAPI Security provider
+security = TrishulSecurity(client)
+
+@app.get("/api/dashboard")
+async def dashboard(user = Depends(security.require_auth(scopes=["profile"]))):
+    return {
+        "status": "success",
+        "message": f"Welcome back, {user.get('name')}!",
+        "profile": user
+    }
+```
+
+### 2. Flask
+Clean view decorators and session injectors:
+
+```python
+from flask import Flask, session, render_template
+from trishul_oauth import TrishulOAuth
+from trishul_oauth.integrations.flask import FlaskOAuth
+
+app = Flask(__name__)
+app.secret_key = "your_super_secret_session_key"
+
+client = TrishulOAuth({
+    "issuer": "https://identity.yourdomain.com",
+    "clientId": "your_client_id",
+    "clientSecret": "your_client_secret",
+    "redirectUri": "http://localhost:5000/callback",
+})
+
+oauth = FlaskOAuth(client)
+
+@app.route("/dashboard")
+@oauth.require_auth(scopes=["profile"])
+def dashboard():
+    # Retrieve user info from global Flask context
+    user = oauth.current_user
+    return f"Welcome back, {user['name']}!"
+```
+
+### 3. Django
+Middleware and view decorators for robust authentication:
+
+```python
+# settings.py
+INSTALLED_APPS = [
+    ...
+    'django.contrib.sessions',
+]
+
+MIDDLEWARE = [
+    ...
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'trishul_oauth.integrations.django.TrishulOAuthMiddleware',
+]
+
+from trishul_oauth import TrishulOAuth
+TRISHUL_OAUTH_CLIENT = TrishulOAuth({
+    "issuer": "https://identity.yourdomain.com",
+    "clientId": "your_client_id",
+    "clientSecret": "your_client_secret",
+})
+
+
+# views.py
+from django.http import JsonResponse
+from trishul_oauth.integrations.django import require_auth
+
+@require_auth(scopes=["profile"])
+def dashboard_view(request):
+    user = request.trishul_user
+    return JsonResponse({
+        "status": "success",
+        "user": user
+    })
+```
+
+---
+
+## Running Package Tests
+
+Verify everything runs cleanly using `pytest`:
+
+```bash
+pytest tests/
+```
+
+---
+
+## License
+
+MIT License. See [LICENSE](LICENSE) for details.

trishul_oauth_client-0.1.0/README.md

@@ -0,0 +1,169 @@
+# Trishul OAuth Client for Python
+
+An enterprise-grade, highly secure OIDC/OAuth 2.0 client library for Python. Supports standard OIDC authorization code flow with secure PKCE validation, state validation, and plug-and-play integrations for **FastAPI**, **Flask**, and **Django**.
+
+---
+
+## Features
+
+- **Sync & Async Core Engine**: Fully support both sync and async frameworks out-of-the-box.
+- **Secure PKCE (S256)**: Auto-generated PKCE verification pairs for absolute security against code interception attacks.
+- **OIDC Discovery Configuration**: Automatic parsing and local caching of the openid-configuration metadata.
+- **Cryptographic Signature Verification**: Validates ID Token signatures locally using the server's JWKS endpoint.
+- **Automatic Silent Token Rotation**: Seamless refresh-token based token rotation without user disruption.
+- **Out-of-the-Box Web Framework Integrations** for:
+  - **FastAPI / Starlette**
+  - **Flask**
+  - **Django**
+
+---
+
+## Installation
+
+Install from PyPI (once published):
+
+```bash
+pip install trishul-oauth-client
+```
+
+Or install with framework-specific dependency packages:
+
+```bash
+# For FastAPI
+pip install "trishul-oauth-client[fastapi]"
+
+# For Flask
+pip install "trishul-oauth-client[flask]"
+
+# For Django
+pip install "trishul-oauth-client[django]"
+```
+
+---
+
+## Quickstart
+
+### 1. Initialize Client
+```python
+from trishul_oauth import TrishulOAuth, MemoryStorage
+
+client = TrishulOAuth({
+    "issuer": "https://identity.yourdomain.com",
+    "clientId": "your_client_id",
+    "clientSecret": "your_client_secret",
+    "redirectUri": "http://localhost:8000/callback",
+    "usePKCE": True,
+})
+```
+
+---
+
+## Web Framework Integrations
+
+### 1. FastAPI / Starlette
+Fully async dependency injection provider:
+
+```python
+from fastapi import FastAPI, Depends, HTTPException
+from trishul_oauth import TrishulOAuth
+from trishul_oauth.integrations.fastapi import TrishulSecurity
+
+app = FastAPI()
+client = TrishulOAuth({
+    "issuer": "https://identity.yourdomain.com",
+    "clientId": "your_client_id",
+    "redirectUri": "http://localhost:8000/callback",
+})
+
+# Initialize FastAPI Security provider
+security = TrishulSecurity(client)
+
+@app.get("/api/dashboard")
+async def dashboard(user = Depends(security.require_auth(scopes=["profile"]))):
+    return {
+        "status": "success",
+        "message": f"Welcome back, {user.get('name')}!",
+        "profile": user
+    }
+```
+
+### 2. Flask
+Clean view decorators and session injectors:
+
+```python
+from flask import Flask, session, render_template
+from trishul_oauth import TrishulOAuth
+from trishul_oauth.integrations.flask import FlaskOAuth
+
+app = Flask(__name__)
+app.secret_key = "your_super_secret_session_key"
+
+client = TrishulOAuth({
+    "issuer": "https://identity.yourdomain.com",
+    "clientId": "your_client_id",
+    "clientSecret": "your_client_secret",
+    "redirectUri": "http://localhost:5000/callback",
+})
+
+oauth = FlaskOAuth(client)
+
+@app.route("/dashboard")
+@oauth.require_auth(scopes=["profile"])
+def dashboard():
+    # Retrieve user info from global Flask context
+    user = oauth.current_user
+    return f"Welcome back, {user['name']}!"
+```
+
+### 3. Django
+Middleware and view decorators for robust authentication:
+
+```python
+# settings.py
+INSTALLED_APPS = [
+    ...
+    'django.contrib.sessions',
+]
+
+MIDDLEWARE = [
+    ...
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'trishul_oauth.integrations.django.TrishulOAuthMiddleware',
+]
+
+from trishul_oauth import TrishulOAuth
+TRISHUL_OAUTH_CLIENT = TrishulOAuth({
+    "issuer": "https://identity.yourdomain.com",
+    "clientId": "your_client_id",
+    "clientSecret": "your_client_secret",
+})
+
+
+# views.py
+from django.http import JsonResponse
+from trishul_oauth.integrations.django import require_auth
+
+@require_auth(scopes=["profile"])
+def dashboard_view(request):
+    user = request.trishul_user
+    return JsonResponse({
+        "status": "success",
+        "user": user
+    })
+```
+
+---
+
+## Running Package Tests
+
+Verify everything runs cleanly using `pytest`:
+
+```bash
+pytest tests/
+```
+
+---
+
+## License
+
+MIT License. See [LICENSE](LICENSE) for details.

trishul_oauth_client-0.1.0/playground.py

@@ -0,0 +1,43 @@
+import asyncio
+import os
+import sys
+
+from trishul_oauth import TrishulOAuth, TrishulOAuthError
+
+async def main():
+    print("=== Trishul OAuth Client Python Playground ===")
+    
+    # 1. Initialize Client pointing to local identity service
+    config = {
+        "issuer": os.getenv("TRISHUL_ISSUER", "http://localhost:3001"),
+        "clientId": os.getenv("TRISHUL_CLIENT_ID", "test_client"),
+        "redirectUri": "http://localhost:8000/callback",
+        "usePKCE": True,
+        "debug": True,
+    }
+
+    print(f"Connecting to Identity Issuer: {config['issuer']}")
+    client = TrishulOAuth(config)
+
+    try:
+        # 2. Fetch OIDC Configuration
+        print("\n1. Querying OpenID Discovery endpoint...")
+        discovery = await client.async_get_discovery()
+        print(f"✅ Success! Token Endpoint: {discovery['token_endpoint']}")
+
+        # 3. Create redirect authorize URL
+        print("\n2. Generating OIDC Authorization redirect URL...")
+        auth_data = await client.async_create_authorization_url()
+        print(f"✅ Authorization URL: {auth_data['url']}")
+        print(f"🔑 Saved Verification State: {auth_data['state']}")
+
+        print("\nReady to authenticate. Push to repository to trigger GHA pipeline!")
+        
+    except TrishulOAuthError as e:
+        print(f"❌ Error during OIDC communication: {str(e)}")
+        if e.original_error:
+            print(f"Details: {e.original_error}")
+        sys.exit(1)
+
+if __name__ == "__main__":
+    asyncio.run(main())

trishul_oauth_client-0.1.0/pyproject.toml

@@ -0,0 +1,53 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "trishul-oauth-client"
+dynamic = ["version"]
+description = "Enterprise-grade OIDC/OAuth client library for Python (FastAPI, Flask, Django)"
+readme = "README.md"
+requires-python = ">=3.8"
+license = { text = "MIT" }
+authors = [
+    { name = "TrishulIAM Team", email = "team@trishuliam.com" }
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Topic :: Software Development :: Libraries :: Python Modules"
+]
+dependencies = [
+    "httpx>=0.24.0",
+    "pyjwt[crypto]>=2.8.0",
+]
+
+[project.optional-dependencies]
+fastapi = ["fastapi>=0.100.0"]
+flask = ["flask>=2.0.0"]
+django = ["django>=4.0.0"]
+dev = [
+    "pytest>=7.0.0",
+    "pytest-asyncio>=0.21.0",
+    "respx>=0.20.0",
+    "black>=23.0.0",
+    "mypy>=1.0.0"
+]
+
+[project.urls]
+Homepage = "https://trishuliam.com"
+Repository = "https://github.com/shubhamssinghs/trishul-iam"
+
+[tool.hatch.version]
+path = "trishul_oauth/__init__.py"
+
+[tool.hatch.build.targets.wheel]
+packages = ["trishul_oauth"]

trishul_oauth_client-0.1.0/tests/__init__.py

@@ -0,0 +1 @@
+# Trishul OAuth Client tests subpackage.