usso 0.24.18__tar.gz → 0.25.0__tar.gz

{usso-0.24.18/src/usso.egg-info → usso-0.25.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.24.18
+Version: 0.25.0
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>
@@ -42,7 +42,6 @@ Classifier: Programming Language :: Python :: 3 :: Only
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE.txt
-Requires-Dist: peppercorn
 Requires-Dist: pydantic>=2
 Requires-Dist: requests>=2.26.0
 Requires-Dist: pyjwt[crypto]

{usso-0.24.18 → usso-0.25.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "usso"
-version = "0.24.18"
+version = "0.25.0"
 description = "A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices."
 readme = "README.md"
 requires-python = ">=3.9"
@@ -28,7 +28,6 @@ classifiers = [
   "Programming Language :: Python :: 3 :: Only",
 ]
 dependencies = [
-  "peppercorn",  # Example main dependency
   "pydantic>=2",
   "requests>=2.26.0",
   "pyjwt[crypto]",

{usso-0.24.18 → usso-0.25.0}/src/usso/async_session.py

@@ -2,7 +2,6 @@ from contextlib import asynccontextmanager
 from datetime import datetime, timedelta
 
 import aiohttp
-from fastapi import params
 import jwt
 
 
@@ -76,7 +75,7 @@ class AsyncUssoSession:
         if not self.access_token:
             # Get a new token if none exists or it has expired
             token_data = await self._refresh()
-            self.access_token = token_data["access_token"]
+            self.access_token = token_data.get("access_token")
 
             # Update headers with the new access token
             if self.session:

usso-0.25.0/src/usso/core.py

@@ -0,0 +1,174 @@
+import logging
+import os
+import uuid
+from functools import lru_cache
+from typing import Optional, Tuple
+
+import cachetools.func
+import jwt
+from pydantic import BaseModel, model_validator
+from singleton import Singleton
+
+from . import b64tools
+from .exceptions import USSOException
+
+logger = logging.getLogger("usso")
+
+
+class UserData(BaseModel):
+    user_id: str
+    workspace_id: str | None = None
+    workspace_ids: list[str] = []
+    token_type: str = "access"
+
+    email: str | None = None
+    phone: str | None = None
+    username: str | None = None
+
+    authentication_method: str | None = None
+    is_active: bool = False
+
+    jti: str | None = None
+    data: dict | None = None
+
+    token: str | None = None
+
+    @property
+    def uid(self) -> uuid.UUID:
+        user_id = self.user_id
+
+        if user_id.startswith("u_"):
+            user_id = user_id[2:]
+        if 22 <= len(user_id) <= 24:
+            user_id = b64tools.b64_decode_uuid(user_id)
+
+        return uuid.UUID(user_id)
+
+    @property
+    def b64id(self) -> uuid.UUID:
+        return b64tools.b64_encode_uuid_strip(self.uid)
+
+
+def get_authorization_scheme_param(
+    authorization_header_value: str | None,
+) -> tuple[str, str]:
+    if not authorization_header_value:
+        return "", ""
+    scheme, _, param = authorization_header_value.partition(" ")
+    return scheme, param
+
+
+def decode_token(key, token: str, algorithms=["RS256"], **kwargs) -> dict:
+    try:
+        decoded = jwt.decode(token, key, algorithms=algorithms)
+        decoded["token"] = token
+        return UserData(**decoded)
+    except jwt.exceptions.ExpiredSignatureError:
+        if kwargs.get("raise_exception", True):
+            raise USSOException(status_code=401, error="expired_signature")
+    except jwt.exceptions.InvalidSignatureError:
+        if kwargs.get("raise_exception", True):
+            raise USSOException(status_code=401, error="invalid_signature")
+    except jwt.exceptions.InvalidAlgorithmError:
+        if kwargs.get("raise_exception", True):
+            raise USSOException(status_code=401, error="invalid_algorithm")
+    except jwt.exceptions.InvalidIssuedAtError:
+        if kwargs.get("raise_exception", True):
+            raise USSOException(status_code=401, error="invalid_issued_at")
+    except jwt.exceptions.InvalidTokenError:
+        if kwargs.get("raise_exception", True):
+            raise USSOException(status_code=401, error="invalid_token")
+    except jwt.exceptions.InvalidKeyError:
+        if kwargs.get("raise_exception", True):
+            raise USSOException(status_code=401, error="invalid_key")
+    except USSOException as e:
+        if kwargs.get("raise_exception", True):
+            raise e
+    except Exception as e:
+        if kwargs.get("raise_exception", True):
+            raise USSOException(status_code=401, error="error", message=str(e))
+        logger.error(e)
+
+
+@lru_cache
+def get_jwk_keys(jwk_url: str) -> jwt.PyJWKClient:
+    return jwt.PyJWKClient(jwk_url, headers={"User-Agent": "usso-python"})
+
+
+def decode_token_jwk(jwk_url: str, token: str, **kwargs) -> UserData | None:
+    """Return the user associated with a token value."""
+    try:
+        jwk_client = get_jwk_keys(jwk_url)
+        signing_key = jwk_client.get_signing_key_from_jwt(token)
+        return decode_token(signing_key.key, token, **kwargs)
+    except USSOException as e:
+        if kwargs.get("raise_exception", True):
+            raise e
+        logger.error(e)
+    except Exception as e:
+        if kwargs.get("raise_exception", True):
+            raise USSOException(
+                status_code=401,
+                error="error",
+                message=str(e),
+            )
+        logger.error(e)
+
+
+class JWTConfig(BaseModel):
+    jwk_url: str | None = None
+    secret: str | None = None
+    type: str = "RS256"
+    header: dict[str, str] = {"type": "Cookie", "name": "usso_access_token"}
+
+    def __hash__(self):
+        return hash(self.model_dump_json())
+
+    @model_validator(mode="before")
+    def validate_secret(cls, data: dict):
+        if not data.get("jwk_url") and not data.get("secret"):
+            raise ValueError("Either jwk_url or secret must be provided")
+        return data
+
+    @classmethod
+    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
+    def get_jwk_keys(cls, jwk_url):
+        return get_jwk_keys(jwk_url)
+
+    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
+    def decode(self, token: str):
+        if self.jwk_url:
+            return decode_token_jwk(self.jwk_url, token)
+        return decode_token(self.secret, token, algorithms=[self.type])
+
+
+class Usso(metaclass=Singleton):
+    def __init__(self, jwks_url: str | None = None):
+        if jwks_url is None:
+            jwks_url = os.getenv("USSO_JWKS_URL")
+        self.jwks_url = jwks_url
+
+    def get_jwk_keys(self):
+        return get_jwk_keys(self.jwks_url)
+
+    def get_authorization_scheme_param(
+        self, authorization_header_value: Optional[str]
+    ) -> Tuple[str, str]:
+        return get_authorization_scheme_param(authorization_header_value)
+
+    def user_data_from_token(self, token: str, **kwargs) -> UserData | None:
+        """Return the user associated with a token value."""
+        user_data = decode_token_jwk(self.jwks_url, token, **kwargs)
+        if user_data.token_type.lower() != kwargs.get("token_type", "access"):
+            raise USSOException(status_code=401, error="invalid_token_type")
+        return user_data
+
+    def user_data_from_token_none(self, token: str, **kwargs) -> UserData | None:
+        try:
+            return self.user_data_from_token(token, **kwargs)
+        except USSOException:
+            # logger.error(str(e))
+            return None
+        except Exception:
+            # logger.error(str(e))
+            return None

usso-0.25.0/src/usso/fastapi/auth_middleware.py

@@ -0,0 +1,87 @@
+import json
+import logging
+import os
+
+from fastapi import Request, WebSocket
+from starlette.status import HTTP_401_UNAUTHORIZED
+
+from usso.exceptions import USSOException
+
+from ..core import JWTConfig, UserData
+from .integration import get_request_token
+
+logger = logging.getLogger("usso")
+
+
+class Usso:
+
+    def __init__(
+        self,
+        jwt_config: (
+            str | dict | JWTConfig | list[str] | list[dict] | list[JWTConfig] | None
+        ) = None,
+    ):
+        if jwt_config is None:
+            self.jwk_url = os.getenv("USSO_JWK_URL")
+            self.jwt_configs = [JWTConfig(jwk_url=self.jwk_url)]
+            return
+
+        def _get_config(jwt_config):
+            if isinstance(jwt_config, str):
+                jwt_config = json.loads(jwt_config)
+            if isinstance(jwt_config, dict):
+                jwt_config = JWTConfig(**jwt_config)
+            return jwt_config
+
+        if isinstance(jwt_config, str | dict | JWTConfig):
+            jwt_config = [_get_config(jwt_config)]
+        elif isinstance(jwt_config, list):
+            jwt_config = [_get_config(j) for j in jwt_config]
+
+        # self.jwk_url = jwt_config
+        self.jwt_configs = jwt_config
+
+    def user_data_from_token(self, token: str, **kwargs) -> UserData | None:
+        """Return the user associated with a token value."""
+        exp = None
+        for jwk_config in self.jwt_configs:
+            try:
+                return jwk_config.decode(token)
+            except USSOException as e:
+                exp = e
+
+        if kwargs.get("raise_exception", True):
+            if exp:
+                raise exp
+            raise USSOException(
+                status_code=HTTP_401_UNAUTHORIZED,
+                error="unauthorized",
+            )
+
+    async def jwt_access_security(self, request: Request, **kwargs) -> UserData | None:
+        """Return the user associated with a token value."""
+        token = get_request_token(request)
+        if token:
+            return self.user_data_from_token(token)
+
+        if kwargs.get("raise_exception", True):
+            raise USSOException(
+                status_code=HTTP_401_UNAUTHORIZED,
+                error="unauthorized",
+            )
+        return None
+
+    async def jwt_access_security_ws(
+        self, websocket: WebSocket, **kwargs
+    ) -> UserData | None:
+        """Return the user associated with a token value."""
+        token = get_request_token(websocket)
+        if token:
+            return self.user_data_from_token(token)
+
+        if kwargs.get("raise_exception", True):
+            raise USSOException(
+                status_code=HTTP_401_UNAUTHORIZED,
+                error="unauthorized",
+            )
+        return None

{usso-0.24.18 → usso-0.25.0}/src/usso/session.py

@@ -69,7 +69,7 @@ class UssoSession:
             if exp < datetime.now():
                 self.access_token = None
         if not self.access_token:
-            self.access_token = self._refresh()["access_token"]
+            self.access_token = self._refresh().get("access_token")
             self.session.headers.update(
                 {"Authorization": f"Bearer {self.access_token}"}
             )

{usso-0.24.18 → usso-0.25.0/src/usso.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.24.18
+Version: 0.25.0
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>
@@ -42,7 +42,6 @@ Classifier: Programming Language :: Python :: 3 :: Only
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE.txt
-Requires-Dist: peppercorn
 Requires-Dist: pydantic>=2
 Requires-Dist: requests>=2.26.0
 Requires-Dist: pyjwt[crypto]

{usso-0.24.18 → usso-0.25.0}/src/usso.egg-info/requires.txt

@@ -1,4 +1,3 @@
-peppercorn
 pydantic>=2
 requests>=2.26.0
 pyjwt[crypto]

usso-0.24.18/src/usso/core.py

@@ -1,113 +0,0 @@
-import logging
-import os
-import uuid
-from functools import lru_cache
-from typing import Optional, Tuple
-
-import jwt
-from pydantic import BaseModel
-from singleton import Singleton
-
-from . import b64tools
-from .exceptions import USSOException
-
-logger = logging.getLogger("usso")
-
-
-class UserData(BaseModel):
-    user_id: str
-    email: str | None = None
-    phone: str | None = None
-    authentication_method: str | None = None
-    is_active: bool = False
-    jti: str | None = None
-    data: dict | None = None
-    token: str | None = None
-
-    @property
-    def uid(self) -> uuid.UUID:
-        user_id = self.user_id
-
-        if user_id.startswith("u_"):
-            user_id = user_id[2:]
-        if 22 <= len(user_id) <= 24:
-            user_id = b64tools.b64_decode_uuid(user_id)
-
-        return uuid.UUID(user_id)
-
-    @property
-    def b64id(self) -> uuid.UUID:
-        return b64tools.b64_encode_uuid_strip(self.uid)
-
-
-class Usso(metaclass=Singleton):
-    def __init__(self, jwks_url: str | None = None):
-        if jwks_url is None:
-            jwks_url = os.getenv("USSO_JWKS_URL")
-        self.jwks_url = jwks_url
-
-    @lru_cache
-    def get_jwks_keys(self):
-        return jwt.PyJWKClient(
-            self.jwks_url,
-            headers={
-                "User-Agent": "usso-python",
-            },
-        )
-
-    def get_authorization_scheme_param(
-        self,
-        authorization_header_value: Optional[str],
-    ) -> Tuple[str, str]:
-        if not authorization_header_value:
-            return "", ""
-        scheme, _, param = authorization_header_value.partition(" ")
-        return scheme, param
-
-    def decode_token(self, key, token: str, **kwargs) -> dict:
-        try:
-            decoded = jwt.decode(token, key, algorithms=["RS256"])
-            if decoded["token_type"] != "access":
-                raise USSOException(status_code=401, error="invalid_token_type")
-            decoded["token"] = token
-            return UserData(**decoded)
-        except jwt.exceptions.ExpiredSignatureError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="expired_signature")
-        except jwt.exceptions.InvalidSignatureError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_signature")
-        except jwt.exceptions.InvalidAlgorithmError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_algorithm")
-        except jwt.exceptions.InvalidIssuedAtError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_issued_at")
-        except jwt.exceptions.InvalidTokenError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_token")
-        except jwt.exceptions.InvalidKeyError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_key")
-        except USSOException as e:
-            if kwargs.get("raise_exception", True):
-                raise e
-        except Exception as e:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="error", message=str(e))
-            logger.error(e)
-
-    def user_data_from_token(self, token: str, **kwargs) -> UserData | None:
-        """Return the user associated with a token value."""
-        try:
-            jwks_client = self.get_jwks_keys()
-            signing_key = jwks_client.get_signing_key_from_jwt(token)
-            return self.decode_token(signing_key.key, token, **kwargs)
-        except Exception as e:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(
-                    status_code=401,
-                    error="error",
-                    message=str(e),
-                )
-            logger.error(e)

usso-0.24.18/src/usso/fastapi/auth_middleware.py

@@ -1,186 +0,0 @@
-import json
-import logging
-import os
-
-import cachetools.func
-import jwt
-from fastapi import Request, WebSocket
-from pydantic import BaseModel, model_validator
-from starlette.status import HTTP_401_UNAUTHORIZED
-
-from usso.core import UserData
-from usso.exceptions import USSOException
-
-logger = logging.getLogger("usso")
-
-
-class JWTConfig(BaseModel):
-    jwk_url: str | None = None
-    secret: str | None = None
-    type: str = "RS256"
-    header: dict[str, str] = {"type": "Cookie", "name": "usso_access_token"}
-
-    def __hash__(self):
-        return hash(self.model_dump_json())
-
-    @model_validator(mode="before")
-    def validate_secret(cls, data: dict):
-        if not data.get("jwk_url") and not data.get("secret"):
-            raise ValueError("Either jwk_url or secret must be provided")
-        return data
-
-    @classmethod
-    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
-    def get_jwk_keys(cls, jwk_url):
-        return jwt.PyJWKClient(
-            jwk_url,
-            headers={
-                "User-Agent": "usso-python",
-            },
-        )
-
-    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
-    def decode(self, token: str):
-        if self.jwk_url:
-            jwk_client = self.get_jwk_keys(self.jwk_url)
-            signing_key = jwk_client.get_signing_key_from_jwt(token)
-            return jwt.decode(token, signing_key.key, algorithms=[self.type])
-
-        return jwt.decode(token, self.secret, algorithms=[self.type])
-
-
-class Usso:
-
-    def __init__(self, jwt_config: str | dict | JWTConfig | None = None):
-        if jwt_config is None:
-            self.jwk_url = os.getenv("USSO_JWK_URL")
-            return
-
-        if isinstance(jwt_config, str):
-            jwt_config = json.loads(jwt_config)
-        if isinstance(jwt_config, dict):
-            jwt_config = JWTConfig(**jwt_config)
-
-        self.jwk_url = jwt_config
-        self.jwt_config = jwt_config
-
-    def get_authorization_scheme_param(
-        self,
-        authorization_header_value: str | None,
-    ) -> tuple[str, str]:
-        if not authorization_header_value:
-            return "", ""
-        scheme, _, param = authorization_header_value.partition(" ")
-        return scheme, param
-
-    def decode_token(self, key, token: str, **kwargs) -> dict:
-        try:
-            decoded = jwt.decode(token, key, algorithms=["RS256"])
-            if decoded["token_type"] != "access":
-                raise USSOException(status_code=401, error="invalid_token_type")
-            decoded["token"] = token
-            return UserData(**decoded)
-        except jwt.exceptions.ExpiredSignatureError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="expired_signature")
-        except jwt.exceptions.InvalidSignatureError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_signature")
-        except jwt.exceptions.InvalidAlgorithmError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_algorithm")
-        except jwt.exceptions.InvalidIssuedAtError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_issued_at")
-        except jwt.exceptions.InvalidTokenError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_token")
-        except jwt.exceptions.InvalidKeyError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_key")
-        except USSOException as e:
-            if kwargs.get("raise_exception", True):
-                raise e
-        except Exception as e:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="error", message=str(e))
-            logger.error(e)
-
-    def user_data_from_token(self, token: str, **kwargs) -> UserData | None:
-        """Return the user associated with a token value."""
-        try:
-            decoded = self.jwk_url.decode(token)
-            if decoded["token_type"] != "access":
-                raise USSOException(status_code=401, error="invalid_token_type")
-            decoded["token"] = token
-            return UserData(**decoded)
-        except jwt.exceptions.ExpiredSignatureError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="expired_signature")
-        except jwt.exceptions.InvalidSignatureError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_signature")
-        except jwt.exceptions.InvalidAlgorithmError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_algorithm")
-        except jwt.exceptions.InvalidIssuedAtError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_issued_at")
-        except jwt.exceptions.InvalidTokenError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_token")
-        except jwt.exceptions.InvalidKeyError:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="invalid_key")
-        except KeyError as e:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="key_error", message=str(e))
-        except USSOException as e:
-            if kwargs.get("raise_exception", True):
-                raise e
-        except Exception as e:
-            if kwargs.get("raise_exception", True):
-                raise USSOException(status_code=401, error="error", message=str(e))
-            logger.error(e)
-
-    async def jwt_access_security(self, request: Request) -> UserData | None:
-        """Return the user associated with a token value."""
-        kwargs = {}
-        authorization = request.headers.get("Authorization")
-        if authorization:
-            scheme, credentials = self.get_authorization_scheme_param(authorization)
-            if scheme.lower() == "bearer":
-                token = credentials
-                return self.user_data_from_token(token, **kwargs)
-
-        cookie_token = request.cookies.get("usso_access_token")
-        if cookie_token:
-            return self.user_data_from_token(cookie_token, **kwargs)
-
-        if kwargs.get("raise_exception", True):
-            raise USSOException(
-                status_code=HTTP_401_UNAUTHORIZED,
-                error="unauthorized",
-            )
-        return None
-
-    async def jwt_access_security_ws(self, websocket: WebSocket) -> UserData | None:
-        """Return the user associated with a token value."""
-        kwargs = {}
-        authorization = websocket.headers.get("Authorization")
-        if authorization:
-            scheme, credentials = self.get_authorization_scheme_param(authorization)
-            if scheme.lower() == "bearer":
-                token = credentials
-                return self.user_data_from_token(token, **kwargs)
-
-        cookie_token = websocket.cookies.get("usso_access_token")
-        if cookie_token:
-            return self.user_data_from_token(cookie_token, **kwargs)
-
-        if kwargs.get("raise_exception", True):
-            raise USSOException(
-                status_code=HTTP_401_UNAUTHORIZED,
-                error="unauthorized",
-            )
-        return None