usso 0.14.0__tar.gz → 0.16.0__tar.gz

{usso-0.14.0/src/usso.egg-info → usso-0.16.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.14.0
+Version: 0.16.0
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>
@@ -24,11 +24,11 @@ License: Copyright (c) 2016 The Python Packaging Authority (PyPA)
         OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
         SOFTWARE.
         
-Project-URL: Homepage, https://github.com/usso-io/usso-python
-Project-URL: Bug Reports, https://github.com/usso-io/usso-python/issues
-Project-URL: Funding, https://github.com/usso-io/usso-python
-Project-URL: Say Thanks!, https://github.com/usso-io/usso-python
-Project-URL: Source, https://github.com/usso-io/usso-python
+Project-URL: Homepage, https://github.com/ussoio/usso-python
+Project-URL: Bug Reports, https://github.com/ussoio/usso-python/issues
+Project-URL: Funding, https://github.com/ussoio/usso-python
+Project-URL: Say Thanks!, https://github.com/ussoio/usso-python
+Project-URL: Source, https://github.com/ussoio/usso-python
 Keywords: usso,sso,authentication,security,fastapi,django
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers
@@ -48,6 +48,7 @@ Requires-Dist: peppercorn
 Requires-Dist: pydantic>=1.8.2
 Requires-Dist: requests>=2.26.0
 Requires-Dist: pyjwt[crypto]
+Requires-Dist: singleton_package
 Provides-Extra: fastapi
 Requires-Dist: fastapi>=0.65.0; extra == "fastapi"
 Requires-Dist: uvicorn[standard]>=0.13.0; extra == "fastapi"

{usso-0.14.0 → usso-0.16.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "usso"
-version = "0.14.0"
+version = "0.16.0"
 description = "A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices."
 readme = "README.md"
 requires-python = ">=3.8"
@@ -33,16 +33,17 @@ dependencies = [
   "peppercorn",  # Example main dependency
   "pydantic>=1.8.2",
   "requests>=2.26.0",
-  "pyjwt[crypto]"
+  "pyjwt[crypto]",
+  "singleton_package"
 ]
 optional-dependencies = {"fastapi" = ["fastapi>=0.65.0", "uvicorn[standard]>=0.13.0"],"django" = ["Django>=3.2"],"dev" = ["check-manifest"],"test" = ["coverage"]}
 
 [project.urls]
-"Homepage" = "https://github.com/usso-io/usso-python"
-"Bug Reports" = "https://github.com/usso-io/usso-python/issues"
-"Funding" = "https://github.com/usso-io/usso-python"
-"Say Thanks!" = "https://github.com/usso-io/usso-python"
-"Source" = "https://github.com/usso-io/usso-python"
+"Homepage" = "https://github.com/ussoio/usso-python"
+"Bug Reports" = "https://github.com/ussoio/usso-python/issues"
+"Funding" = "https://github.com/ussoio/usso-python"
+"Say Thanks!" = "https://github.com/ussoio/usso-python"
+"Source" = "https://github.com/ussoio/usso-python"
 
 [project.scripts]
 usso = "usso:main"

usso-0.16.0/src/usso/api.py

@@ -0,0 +1,102 @@
+import requests
+from singleton import Singleton
+
+from usso.core import Usso
+
+
+class UssoAPI(metaclass=Singleton):
+    def __init__(
+        self,
+        url: str = "https://api.usso.io",
+        api_key: str = None,
+        refresh_token: str = None,
+    ):
+        self.url = url
+        assert (
+            api_key or refresh_token
+        ), "Either api_key or refresh_token must be provided"
+        self.api_key = api_key
+        self.refresh_token = refresh_token
+        self.access_token = None
+
+    def refresh(self):
+        if not self.refresh_token:
+            return
+
+        url = f"{self.url}/auth/refresh"
+
+        if self.refresh_token:
+            headers = {"Authorization": f"Bearer {self.refresh_token}"}
+
+        resp = requests.post(url, headers=headers)
+        self.access_token = resp.json().get("access_token")
+
+    def _access_valid(self):
+        if not self.access_token:
+            return False
+
+        user_data = Usso(
+            jwks_url=f"{self.url}/website/jwks.json?"
+        ).user_data_from_token(self.access_token)
+        if user_data:
+            return True
+        return False
+
+    def _request(self, method="get", endpoint: str = "", data: dict = None):
+        url = f"{self.url}/{endpoint}"
+        headers = {}
+        if self.api_key:
+            headers["x-api-key"] = self.api_key
+        elif self.refresh_token:
+            if not self.access_token:
+                self.refresh()
+            headers["Authorization"] = f"Bearer {self.access_token}"
+
+        resp = requests.request(method, url, headers=headers, json=data)
+        return resp.json()
+
+    def get_users(self):
+        return self._request(endpoint="website/users/")
+
+    def get_user(self, user_id: str):
+        return self._request(endpoint=f"website/users/{user_id}/")
+
+    def get_user_credentials(self, user_id: str):
+        return self._request(endpoint=f"website/users/{user_id}/credentials/")
+
+    def get_user_by_credentials(self, credentials: dict):
+        return self._request(endpoint="website/users/credentials/", data=credentials)
+
+    def create_user(self, user_data: dict):
+        return self._request(method="post", endpoint="website/users/", data=user_data)
+
+    def create_user_credentials(self, user_id: str, credentials: dict):
+        return self._request(
+            method="post",
+            endpoint=f"website/users/{user_id}/credentials/",
+            data=credentials,
+        )
+
+    def create_user_by_credentials(
+        self, user_data: dict, credentials: dict | None = None
+    ):
+        if credentials:
+            user_data["authenticators"] = [credentials]
+        return self._request(method="post", endpoint="website/users/", data=user_data)
+
+    def get_user_payload(self, user_id: str):
+        return self._request(endpoint=f"website/users/{user_id}/payload/")
+
+    def update_user_payload(self, user_id: str, payload: dict):
+        return self._request(
+            method="patch",
+            endpoint=f"website/users/{user_id}/payload/",
+            data=payload,
+        )
+
+    def set_user_payload(self, user_id: str, payload: dict):
+        return self._request(
+            method="put",
+            endpoint=f"website/users/{user_id}/payload/",
+            data=payload,
+        )

usso-0.16.0/src/usso/core.py

@@ -0,0 +1,100 @@
+import os
+import logging
+import uuid
+from functools import lru_cache
+from typing import Optional, Tuple
+from singleton import Singleton
+
+import jwt
+from pydantic import BaseModel
+
+from . import b64tools
+from .exceptions import USSOException
+
+logger = logging.getLogger("usso")
+
+
+class UserData(BaseModel):
+    user_id: str
+    email: str | None = None
+    phone: str | None = None
+    authentication_method: str | None = None
+    is_active: bool = False
+    jti: str
+    data: dict | None = None
+    token: str | None = None
+
+    @property
+    def uid(self) -> uuid.UUID:
+        user_id = self.user_id
+
+        if user_id.startswith("u_"):
+            user_id = user_id[2:]
+        if 22 <= len(user_id) <= 24:
+            user_id = b64tools.b64_decode_uuid(user_id)
+
+        return uuid.UUID(user_id)
+
+    @property
+    def b64id(self) -> uuid.UUID:
+        return b64tools.b64_encode_uuid_strip(self.uid)
+
+
+class Usso(metaclass=Singleton):
+    def __init__(self, jwks_url: str|None = None):
+        if jwks_url is None:
+            jwks_url = os.getenv("USSO_JWKS_URL")
+        self.jwks_url = jwks_url
+
+    @lru_cache
+    def get_jwks_keys(self):
+        return jwt.PyJWKClient(self.jwks_url)
+
+    def get_authorization_scheme_param(self,
+        authorization_header_value: Optional[str],
+    ) -> Tuple[str, str]:
+        if not authorization_header_value:
+            return "", ""
+        scheme, _, param = authorization_header_value.partition(" ")
+        return scheme, param
+
+    def user_data_from_token(self, token: str, **kwargs) -> UserData | None:
+        """Return the user associated with a token value."""
+        try:
+            # header = jwt.get_unverified_header(token)
+            # jwks_url = header["jwk_url"]
+            jwks_client = self.get_jwks_keys()
+            signing_key = jwks_client.get_signing_key_from_jwt(token)
+            decoded = jwt.decode(
+                token,
+                signing_key.key,
+                algorithms=["RS256"],
+            )
+            decoded["token"] = token
+
+        except jwt.exceptions.ExpiredSignatureError:
+            if kwargs.get("raise_exception"):
+                raise USSOException(status_code=401, error="expired_signature")
+            return None
+        except jwt.exceptions.InvalidSignatureError:
+            if kwargs.get("raise_exception"):
+                raise USSOException(status_code=401, error="invalid_signature")
+            return None
+        except jwt.exceptions.InvalidTokenError:
+            if kwargs.get("raise_exception"):
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_token",
+                )
+            return None
+        except Exception as e:
+            if kwargs.get("raise_exception"):
+                raise USSOException(
+                    status_code=401,
+                    error="error",
+                    message=str(e),
+                )
+            logger.error(e)
+            return None
+
+        return UserData(**decoded)

usso-0.16.0/src/usso/fastapi/__init__.py

@@ -0,0 +1 @@
+from .integration import jwt_access_security, jwt_access_security_ws

{usso-0.14.0 → usso-0.16.0}/src/usso/fastapi/integration.py

@@ -3,7 +3,7 @@ import logging
 from fastapi import Request, WebSocket
 from starlette.status import HTTP_401_UNAUTHORIZED
 
-from usso.core import UserData, get_authorization_scheme_param, user_data_from_token
+from usso.core import UserData, Usso
 from usso.exceptions import USSOException
 
 logger = logging.getLogger("usso")
@@ -14,14 +14,14 @@ async def jwt_access_security(request: Request) -> UserData | None:
     kwargs = {}
     authorization = request.headers.get("Authorization")
     if authorization:
-        scheme, _, credentials = get_authorization_scheme_param(authorization)
+        scheme, _, credentials = Usso().get_authorization_scheme_param(authorization)
         if scheme.lower() == "bearer":
             token = credentials
-            return user_data_from_token(token, **kwargs)
+            return Usso().user_data_from_token(token, **kwargs)
 
     cookie_token = request.cookies.get("usso_access_token")
     if cookie_token:
-        return user_data_from_token(cookie_token, **kwargs)
+        return Usso().user_data_from_token(cookie_token, **kwargs)
 
     if kwargs.get("raise_exception", True):
         raise USSOException(
@@ -36,14 +36,14 @@ async def jwt_access_security_ws(websocket: WebSocket) -> UserData | None:
     kwargs = {}
     authorization = websocket.headers.get("Authorization")
     if authorization:
-        scheme, _, credentials = get_authorization_scheme_param(authorization)
+        scheme, _, credentials = Usso().get_authorization_scheme_param(authorization)
         if scheme.lower() == "bearer":
             token = credentials
-            return user_data_from_token(token, **kwargs)
+            return Usso().user_data_from_token(token, **kwargs)
 
     cookie_token = websocket.cookies.get("usso_access_token")
     if cookie_token:
-        return user_data_from_token(cookie_token, **kwargs)
+        return Usso().user_data_from_token(cookie_token, **kwargs)
 
     if kwargs.get("raise_exception", True):
         raise USSOException(

{usso-0.14.0 → usso-0.16.0/src/usso.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.14.0
+Version: 0.16.0
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>
@@ -24,11 +24,11 @@ License: Copyright (c) 2016 The Python Packaging Authority (PyPA)
         OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
         SOFTWARE.
         
-Project-URL: Homepage, https://github.com/usso-io/usso-python
-Project-URL: Bug Reports, https://github.com/usso-io/usso-python/issues
-Project-URL: Funding, https://github.com/usso-io/usso-python
-Project-URL: Say Thanks!, https://github.com/usso-io/usso-python
-Project-URL: Source, https://github.com/usso-io/usso-python
+Project-URL: Homepage, https://github.com/ussoio/usso-python
+Project-URL: Bug Reports, https://github.com/ussoio/usso-python/issues
+Project-URL: Funding, https://github.com/ussoio/usso-python
+Project-URL: Say Thanks!, https://github.com/ussoio/usso-python
+Project-URL: Source, https://github.com/ussoio/usso-python
 Keywords: usso,sso,authentication,security,fastapi,django
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers
@@ -48,6 +48,7 @@ Requires-Dist: peppercorn
 Requires-Dist: pydantic>=1.8.2
 Requires-Dist: requests>=2.26.0
 Requires-Dist: pyjwt[crypto]
+Requires-Dist: singleton_package
 Provides-Extra: fastapi
 Requires-Dist: fastapi>=0.65.0; extra == "fastapi"
 Requires-Dist: uvicorn[standard]>=0.13.0; extra == "fastapi"

{usso-0.14.0 → usso-0.16.0}/src/usso.egg-info/SOURCES.txt

@@ -2,6 +2,7 @@ LICENSE.txt
 README.md
 pyproject.toml
 src/usso/__init__.py
+src/usso/api.py
 src/usso/b64tools.py
 src/usso/core.py
 src/usso/exceptions.py

{usso-0.14.0 → usso-0.16.0}/src/usso.egg-info/requires.txt

@@ -2,6 +2,7 @@ peppercorn
 pydantic>=1.8.2
 requests>=2.26.0
 pyjwt[crypto]
+singleton_package
 
 [dev]
 check-manifest

usso-0.14.0/src/usso/core.py

@@ -1,97 +0,0 @@
-import os
-import logging
-import uuid
-from functools import lru_cache
-from typing import Optional, Tuple
-
-import jwt
-from pydantic import BaseModel
-
-from . import b64tools
-from .exceptions import USSOException
-
-logger = logging.getLogger("usso")
-
-
-class UserData(BaseModel):
-    user_id: str
-    email: str | None = None
-    phone: str | None = None
-    authentication_method: str | None = None
-    is_active: bool = False
-    jti: str
-    data: dict | None = None
-    token: str | None = None
-
-    @property
-    def uid(self) -> uuid.UUID:
-        user_id = self.user_id
-
-        if user_id.startswith("u_"):
-            user_id = user_id[2:]
-        if 22 <= len(user_id) <= 24:
-            user_id = b64tools.b64_decode_uuid(user_id)
-
-        return uuid.UUID(user_id)
-
-    @property
-    def b64id(self) -> uuid.UUID:
-        return b64tools.b64_encode_uuid_strip(self.uid)
-
-
-def get_authorization_scheme_param(
-    authorization_header_value: Optional[str],
-) -> Tuple[str, str]:
-    if not authorization_header_value:
-        return "", ""
-    scheme, _, param = authorization_header_value.partition(" ")
-    return scheme, param
-
-
-def user_data_from_token(token: str, **kwargs) -> UserData | None:
-    """Return the user associated with a token value."""
-    try:
-        header = jwt.get_unverified_header(token)
-        jwks_url = header["jwk_url"]
-        assert os.getenv("USSO_JWKS_URL") == jwks_url
-        jwks_client = get_jwks_keys(jwks_url)
-        # , headers=optional_custom_headers)
-        signing_key = jwks_client.get_signing_key_from_jwt(token)
-        decoded = jwt.decode(
-            token,
-            signing_key.key,
-            algorithms=["RS256"],
-        )
-        decoded["token"] = token
-
-    except jwt.exceptions.ExpiredSignatureError:
-        if kwargs.get("raise_exception"):
-            raise USSOException(status_code=401, error="expired_signature")
-        return None
-    except jwt.exceptions.InvalidSignatureError:
-        if kwargs.get("raise_exception"):
-            raise USSOException(status_code=401, error="invalid_signature")
-        return None
-    except jwt.exceptions.InvalidTokenError:
-        if kwargs.get("raise_exception"):
-            raise USSOException(
-                status_code=401,
-                error="invalid_token",
-            )
-        return None
-    except Exception as e:
-        if kwargs.get("raise_exception"):
-            raise USSOException(
-                status_code=401,
-                error="error",
-                message=str(e),
-            )
-        logger.error(e)
-        return None
-
-    return UserData(**decoded)
-
-
-@lru_cache
-def get_jwks_keys(jwks_url):
-    return jwt.PyJWKClient(jwks_url)

usso-0.14.0/src/usso/fastapi/__init__.py

@@ -1 +0,0 @@
-from .integration import jwt_access_security