PyPI - usso - Versions diffs - 0.26.0__tar.gz → 0.27.0__tar.gz - Mend

usso 0.26.0tar.gz → 0.27.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

{usso-0.26.0/src/usso.egg-info → usso-0.27.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.26.0
+Version: 0.27.0
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>

{usso-0.26.0 → usso-0.27.0}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "usso"
-version = "0.26.0"
+version = "0.27.0"
 description = "A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices."
 readme = "README.md"
 requires-python = ">=3.9"

{usso-0.26.0 → usso-0.27.0}/src/usso/core.py RENAMED Viewed

@@ -2,10 +2,12 @@ import json
 import logging
 import os
 import uuid
-from functools import lru_cache
+from urllib.parse import urlparse
 import cachetools.func
 import jwt
+import requests
+from cachetools import TTLCache, cached
 from pydantic import BaseModel, model_validator
 from . import b64tools
@@ -90,7 +92,7 @@ def decode_token(key, token: str, algorithms=["RS256"], **kwargs) -> dict:
         logger.error(e)
-@lru_cache
+@cached(TTLCache(maxsize=128, ttl=10 * 60))
 def get_jwk_keys(jwk_url: str) -> jwt.PyJWKClient:
     return jwt.PyJWKClient(jwk_url, headers={"User-Agent": "usso-python"})
@@ -115,6 +117,15 @@ def decode_token_jwk(jwk_url: str, token: str, **kwargs) -> UserData | None:
         logger.error(e)
+@cached(TTLCache(maxsize=128, ttl=10 * 60))
+def get_api_key_data(jwk_url: str, api_key: str):
+    parsed = urlparse(jwk_url)
+    url = f"{parsed.scheme}://{parsed.netloc}/api_key/verify"
+    response = requests.post(url, json={"api_key": api_key})
+    response.raise_for_status()
+    return UserData(**response.json())
 class JWTConfig(BaseModel):
     jwk_url: str | None = None
     secret: str | None = None
@@ -147,7 +158,9 @@ class Usso:
     def __init__(
         self,
         *,
-        jwt_config: str | dict | JWTConfig | list[str] | list[dict] | list[JWTConfig] | None = None,
+        jwt_config: (
+            str | dict | JWTConfig | list[str] | list[dict] | list[JWTConfig] | None
+        ) = None,
         jwk_url: str | None = None,
         secret: str | None = None,
     ):
@@ -160,7 +173,7 @@ class Usso:
             if jwk_url:
                 self.jwt_configs = [JWTConfig(jwk_url=jwk_url)]
                 return
             if not secret:
                 secret = os.getenv("USSO_SECRET")
             if secret:
@@ -216,3 +229,31 @@ class Usso:
                 status_code=401,
                 error="unauthorized",
             )
+    def user_data_api_key(self, api_key: str, **kwargs) -> UserData | None:
+        """get user data from auth server by api_key."""
+        for jwk_config in self.jwt_configs:
+            try:
+                user_data = jwk_config.decode(api_key)
+                if user_data.token_type.lower() != kwargs.get("token_type", "access"):
+                    raise USSOException(
+                        status_code=401,
+                        error="invalid_token_type",
+                        message="Token type must be 'access'",
+                    )
+                return user_data
+            except USSOException as e:
+                exp = e
+        if kwargs.get("raise_exception", True):
+            if exp:
+                raise exp
+            raise USSOException(
+                status_code=401,
+                error="unauthorized",
+            )
+    def user_data_from_api_key(self, api_key: str):
+        return get_api_key_data(self.jwt_configs[0].jwk_url, api_key)

{usso-0.26.0 → usso-0.27.0}/src/usso/fastapi/integration.py RENAMED Viewed

@@ -27,16 +27,26 @@ def get_request_token(request: Request | WebSocket) -> UserData | None:
     return token
-def jwt_access_security_None(request: Request, jwt_config = None) -> UserData | None:
+def jwt_access_security_None(request: Request, jwt_config=None) -> UserData | None:
     """Return the user associated with a token value."""
+    api_key = request.headers.get("x-api-key")
+    if api_key:
+        return Usso(jwt_config=jwt_config).user_data_from_api_key(api_key)
     token = get_request_token(request)
     if not token:
         return None
-    return Usso(jwt_config=jwt_config).user_data_from_token(token, raise_exception=False)
+    return Usso(jwt_config=jwt_config).user_data_from_token(
+        token, raise_exception=False
+    )
 def jwt_access_security(request: Request, jwt_config=None) -> UserData | None:
     """Return the user associated with a token value."""
+    api_key = request.headers.get("x-api-key")
+    if api_key:
+        return Usso(jwt_config=jwt_config).user_data_from_api_key(api_key)
     token = get_request_token(request)
     if not token:
         raise USSOException(
@@ -50,6 +60,10 @@ def jwt_access_security(request: Request, jwt_config=None) -> UserData | None:
 def jwt_access_security_ws(websocket: WebSocket, jwt_config=None) -> UserData | None:
     """Return the user associated with a token value."""
+    api_key = websocket.headers.get("x-api-key")
+    if api_key:
+        return Usso(jwt_config=jwt_config).user_data_from_api_key(api_key)
     token = get_request_token(websocket)
     if not token:
         raise USSOException(

usso-0.27.0/src/usso/httpx_session.py ADDED Viewed

@@ -0,0 +1,87 @@
+from datetime import datetime, timedelta
+import httpx
+import jwt
+class AsyncUssoSession(httpx.AsyncClient):
+    def __init__(
+        self,
+        sso_refresh_url: str,
+        refresh_token: str | None = None,
+        api_key: str | None = None,
+        user_id: str | None = None,
+    ):
+        super().__init__()
+        self.sso_refresh_url = sso_refresh_url
+        self._refresh_token = refresh_token
+        self.access_token = None
+        self.session = None  # This will hold the aiohttp session
+        self.api_key = api_key
+        self.user_id = user_id
+    @property
+    def refresh_token(self):
+        if self._refresh_token:
+            decoded_token = jwt.decode(
+                self._refresh_token, options={"verify_signature": False}
+            )
+            exp = decoded_token.get(
+                "exp", (datetime.now() + timedelta(days=1)).timestamp()
+            )
+            exp = datetime.fromtimestamp(exp)
+            if exp < datetime.now():
+                self._refresh_token = None
+        return self._refresh_token
+    async def _refresh_api(self):
+        params = {"user_id": self.user_id} if self.user_id else {}
+        async with httpx.AsyncClient() as session:
+            response = await session.get(
+                f"{self.sso_refresh_url}/api",
+                headers={"x-api-key": self.api_key},
+                params=params,
+            )
+            response.raise_for_status()
+            data: dict = response.json()
+            self._refresh_token = data.get("token", {}).get("refresh_token")
+    async def _refresh(self):
+        if not self.refresh_token and not self.api_key:
+            raise ValueError("Refresh token not provided or invalid.")
+        if self.api_key and not self.refresh_token:
+            await self._refresh_api()
+        async with httpx.AsyncClient() as session:
+            response = await session.post(
+                self.sso_refresh_url, json={"refresh_token": self.refresh_token}
+            )
+            response.raise_for_status()
+            return response.json()
+    async def _ensure_valid_token(self):
+        if self.access_token:
+            decoded_token = jwt.decode(
+                self.access_token, options={"verify_signature": False}
+            )
+            exp = decoded_token.get("exp")
+            if exp and datetime.fromtimestamp(exp) < datetime.now():
+                self.access_token = None  # Token expired, need a new one
+        if not self.access_token:
+            # Get a new token if none exists or it has expired
+            token_data = await self._refresh()
+            self.access_token = token_data.get("access_token")
+    async def request(self, method: str, url: str, *args, **kwargs):
+        await self._ensure_valid_token()
+        # Add authorization header to each request
+        headers = kwargs.pop("headers") or {}
+        headers["Authorization"] = f"Bearer {self.access_token}"
+        # Call the parent's request method
+        return await super().request(method, url, headers=headers, *args, **kwargs)

{usso-0.26.0 → usso-0.27.0/src/usso.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.26.0
+Version: 0.27.0
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>

{usso-0.26.0 → usso-0.27.0}/src/usso.egg-info/SOURCES.txt RENAMED Viewed

@@ -8,6 +8,7 @@ src/usso/async_session.py
 src/usso/b64tools.py
 src/usso/core.py
 src/usso/exceptions.py
+src/usso/httpx_session.py
 src/usso/session.py
 src/usso.egg-info/PKG-INFO
 src/usso.egg-info/SOURCES.txt