usso 0.27.22__py3-none-any.whl → 0.28.0__py3-none-any.whl

usso/client/async_api.py

@@ -1,159 +0,0 @@
-import logging
-
-import httpx
-from singleton import Singleton
-
-from usso.core import UserData, Usso
-
-
-class AsyncUssoAPI(metaclass=Singleton):
-    def __init__(
-        self,
-        url: str = "https://api.usso.io",
-        api_key: str = None,
-        refresh_token: str = None,
-    ):
-        if url and not url.startswith("http"):
-            url = f"https://{url}"
-        url = url.rstrip("/")
-        self.url = url
-        assert (
-            api_key or refresh_token
-        ), "Either api_key or refresh_token must be provided"
-        self.api_key = api_key
-        self.refresh_token = refresh_token
-        self.access_token = None
-
-    async def _refresh(self, **kwargs):
-        if not self.refresh_token:
-            return
-
-        url = f"{self.url}/auth/refresh"
-        headers = {
-            "Authorization": f"Bearer {self.refresh_token}",
-            "Content-Type": "application/json",
-        }
-
-        async with httpx.AsyncClient() as client:
-            resp = await client.post(url, headers=headers)
-            if kwargs.get("raise_exception", True):
-                resp.raise_for_status()
-            self.access_token = resp.json().get("access_token")
-
-    def _access_valid(self) -> bool:
-        if not self.access_token:
-            return False
-
-        user_data = Usso(
-            jwks_url=f"{self.url}/website/jwks.json?"
-        ).user_data_from_token(self.access_token)
-        return bool(user_data)
-
-    async def _request(
-        self,
-        method="get",
-        endpoint: str = "",
-        data: dict = None,
-        **kwargs,
-    ) -> dict:
-        url = f"{self.url}/{endpoint}"
-        headers = {"Content-Type": "application/json"}
-        if self.api_key:
-            headers["x-api-key"] = self.api_key
-        elif self.refresh_token:
-            if not self.access_token:
-                await self._refresh()
-            headers["Authorization"] = f"Bearer {self.access_token}"
-
-        async with httpx.AsyncClient() as client:
-            try:
-                resp = await client.request(
-                    method,
-                    url,
-                    headers=headers,
-                    json=data,
-                )
-                resp.raise_for_status()
-                return resp.json()
-            except httpx.HTTPStatusError as e:
-                logging.error(f"HTTP error: {e.response.status_code} {e.response.text}")
-                raise e
-            except Exception as e:
-                logging.error(f"Unexpected error: {e}")
-                raise e
-
-    async def get_users(self, **kwargs) -> list[UserData]:
-        users_dict = await self._request(endpoint="website/users", **kwargs)
-        return [UserData(user_id=user.get("uid"), **user) for user in users_dict]
-
-    async def get_user(self, user_id: str, **kwargs) -> UserData:
-        user_dict = await self._request(endpoint=f"website/users/{user_id}", **kwargs)
-        return UserData(user_id=user_dict.get("uid"), **user_dict)
-
-    async def get_user_by_credentials(self, credentials: dict, **kwargs) -> UserData:
-        user_dict = await self._request(
-            endpoint="website/users/credentials", data=credentials, **kwargs
-        )
-        return UserData(user_id=user_dict.get("uid"), **user_dict)
-
-    async def create_user(self, user_data: dict, **kwargs) -> UserData:
-        user_dict = await self._request(
-            method="post", endpoint="website/users", data=user_data, **kwargs
-        )
-        return UserData(user_id=user_dict.get("uid"), **user_dict)
-
-    async def create_user_credentials(
-        self, user_id: str, credentials: dict, **kwargs
-    ) -> UserData:
-        user_dict = await self._request(
-            method="post",
-            endpoint=f"website/users/{user_id}/credentials",
-            data=credentials,
-            **kwargs,
-        )
-        return UserData(user_id=user_dict.get("uid"), **user_dict)
-
-    async def create_user_by_credentials(
-        self,
-        user_data: dict | None = None,
-        credentials: dict | None = None,
-        **kwargs,
-    ) -> UserData:
-        user_data = user_data or {}
-        if credentials:
-            user_data["authenticators"] = [credentials]
-        user_dict = await self._request(
-            method="post", endpoint="website/users", data=credentials, **kwargs
-        )
-        return UserData(user_id=user_dict.get("uid"), **user_dict)
-
-    async def get_user_payload(self, user_id: str, **kwargs) -> dict:
-        return await self._request(
-            endpoint=f"website/users/{user_id}/payload", **kwargs
-        )
-
-    async def update_user_payload(
-        self,
-        user_id: str,
-        payload: dict,
-        **kwargs,
-    ) -> dict:
-        return await self._request(
-            method="patch",
-            endpoint=f"website/users/{user_id}/payload",
-            data=payload,
-            **kwargs,
-        )
-
-    async def set_user_payload(
-        self,
-        user_id: str,
-        payload: dict,
-        **kwargs,
-    ) -> dict:
-        return await self._request(
-            method="put",
-            endpoint=f"website/users/{user_id}/payload",
-            data=payload,
-            **kwargs,
-        )

usso/core.py

@@ -1,160 +0,0 @@
-import json
-import logging
-import os
-from datetime import datetime, timedelta
-from urllib.parse import urlparse
-
-import cachetools.func
-import httpx
-import jwt
-
-from .exceptions import USSOException
-from .schemas import JWTConfig, UserData
-
-logger = logging.getLogger("usso")
-
-
-def get_authorization_scheme_param(
-    authorization_header_value: str | None,
-) -> tuple[str, str]:
-    if not authorization_header_value:
-        return "", ""
-    scheme, _, param = authorization_header_value.partition(" ")
-    return scheme, param
-
-
-def decode_token(key, token: str, algorithms=["RS256"], **kwargs) -> dict:
-    """Decode a JWT token."""
-    try:
-        decoded = jwt.decode(token, key, algorithms=algorithms)
-        decoded.update({"data": decoded, "token": token})
-        return UserData(**decoded)
-    except jwt.ExpiredSignatureError:
-        _handle_exception("expired_signature", **kwargs)
-    except jwt.InvalidSignatureError:
-        _handle_exception("invalid_signature", **kwargs)
-    except jwt.InvalidAlgorithmError:
-        _handle_exception("invalid_algorithm", **kwargs)
-    except jwt.InvalidIssuedAtError:
-        _handle_exception("invalid_issued_at", **kwargs)
-    except jwt.InvalidTokenError:
-        _handle_exception("invalid_token", **kwargs)
-    except jwt.InvalidKeyError:
-        _handle_exception("invalid_key", **kwargs)
-    except Exception as e:
-        _handle_exception("error", message=str(e), **kwargs)
-
-
-def _handle_exception(error_type: str, **kwargs):
-    """Handle JWT-related exceptions."""
-    if kwargs.get("raise_exception", True):
-        raise USSOException(
-            status_code=401, error=error_type, message=kwargs.get("message")
-        )
-    logger.error(kwargs.get("message") or error_type)
-
-
-def is_expired(token: str, **kwargs) -> bool:
-    now = datetime.now()
-    decoded_token: dict = jwt.decode(token, options={"verify_signature": False})
-    exp = decoded_token.get("exp", (now + timedelta(days=1)).timestamp())
-    exp = datetime.fromtimestamp(exp)
-    return exp < now
-
-
-@cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
-def get_jwk_keys(jwk_url: str) -> jwt.PyJWKClient:
-    return jwt.PyJWKClient(jwk_url, headers={"User-Agent": "usso-python"})
-
-
-def decode_token_with_jwk(jwk_url: str, token: str, **kwargs) -> UserData | None:
-    """Return the user associated with a token value."""
-    try:
-        jwk_client = get_jwk_keys(jwk_url)
-        signing_key = jwk_client.get_signing_key_from_jwt(token)
-        return decode_token(signing_key.key, token, **kwargs)
-    except Exception as e:
-        _handle_exception("error", message=str(e), **kwargs)
-
-
-@cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
-def fetch_api_key_data(jwk_url: str, api_key: str):
-    try:
-        parsed = urlparse(jwk_url)
-        url = f"{parsed.scheme}://{parsed.netloc}/api_key/verify"
-        response = httpx.post(url, json={"api_key": api_key})
-        response.raise_for_status()
-        return UserData(**response.json())
-    except Exception as e:
-        _handle_exception("error", message=str(e))
-
-
-
-class Usso:
-    def __init__(
-        self,
-        *,
-        jwt_config: (
-            str | dict | JWTConfig | list[str] | list[dict] | list[JWTConfig] | None
-        ) = None,
-        jwk_url: str | None = None,
-        secret: str | None = None,
-    ):
-        self.jwt_configs = self._initialize_configs(jwt_config, jwk_url, secret)
-
-    def _initialize_configs(
-        self,
-        jwt_config: (
-            str | dict | JWTConfig | list[str] | list[dict] | list[JWTConfig] | None
-        ) = None,
-        jwk_url: str | None = None,
-        secret: str | None = None,
-    ):
-        """Initialize JWT configurations."""
-        if jwt_config is None:
-            jwt_config = os.getenv("USSO_JWT_CONFIG")
-
-        if jwt_config is None:
-            jwk_url = jwk_url or os.getenv("USSO_JWK_URL") or os.getenv("USSO_JWKS_URL")
-            secret = secret or os.getenv("USSO_SECRET")
-            if jwk_url:
-                return [JWTConfig(jwk_url=jwk_url)]
-            if secret:
-                return [JWTConfig(secret=secret)]
-            raise ValueError(
-                "Provide jwt_config, jwk_url, or secret, or set the appropriate environment variables."
-            )
-
-        if isinstance(jwt_config, (str, dict, JWTConfig)):
-            return [self._parse_config(jwt_config)]
-        if isinstance(jwt_config, list):
-            return [self._parse_config(config) for config in jwt_config]
-        raise ValueError("Invalid jwt_config format")
-
-    def _parse_config(self, config):
-        """Parse a single JWT configuration."""
-        if isinstance(config, str):
-            config = json.loads(config)
-        if isinstance(config, dict):
-            return JWTConfig(**config)
-        return config
-
-    def user_data_from_token(self, token: str, **kwargs) -> UserData | None:
-        """Return the user associated with a token value."""
-        exp = None
-        for jwk_config in self.jwt_configs:
-            try:
-                user_data = jwk_config.decode(token)
-                if user_data.token_type.lower() != kwargs.get("token_type", "access"):
-                    _handle_exception("invalid_token_type", **kwargs)
-                return user_data
-            except USSOException as e:
-                exp = e
-
-        if kwargs.get("raise_exception", True):
-            if exp:
-                _handle_exception(exp.error, message=str(exp), **kwargs)
-            _handle_exception("unauthorized", **kwargs)
-
-    def user_data_from_api_key(self, api_key: str):
-        return fetch_api_key_data(self.jwt_configs[0].jwk_url, api_key)

usso/fastapi/__init__.py

@@ -1,7 +0,0 @@
-from .integration import (
-    jwt_access_security,
-    jwt_access_security_None,
-    jwt_access_security_ws,
-)
-
-__all__ = ["jwt_access_security", "jwt_access_security_ws", "jwt_access_security_None"]

usso/fastapi/integration.py

@@ -1,88 +0,0 @@
-import logging
-
-from fastapi import Request, WebSocket
-from fastapi.responses import JSONResponse
-from starlette.status import HTTP_401_UNAUTHORIZED
-
-from usso.exceptions import USSOException
-
-from ..core import UserData, Usso, get_authorization_scheme_param
-
-logger = logging.getLogger("usso")
-
-
-def get_request_token(request: Request | WebSocket) -> UserData | None:
-    authorization = request.headers.get("Authorization")
-    token = None
-
-    if authorization:
-        scheme, credentials = get_authorization_scheme_param(authorization)
-        if scheme.lower() == "bearer":
-            token = credentials
-
-    else:
-        cookie_token = request.cookies.get("usso_access_token")
-        if cookie_token:
-            token = cookie_token
-
-    return token
-
-
-def jwt_access_security_None(request: Request, jwt_config=None) -> UserData | None:
-    """Return the user associated with a token value."""
-    api_key = request.headers.get("x-api-key")
-    if api_key:
-        return Usso(jwt_config=jwt_config).user_data_from_api_key(api_key)
-
-    token = get_request_token(request)
-    if not token:
-        return None
-    return Usso(jwt_config=jwt_config).user_data_from_token(
-        token, raise_exception=False
-    )
-
-
-def jwt_access_security(request: Request, jwt_config=None) -> UserData | None:
-    """Return the user associated with a token value."""
-    api_key = request.headers.get("x-api-key")
-    if api_key:
-        return Usso(jwt_config=jwt_config).user_data_from_api_key(api_key)
-
-    token = get_request_token(request)
-    if not token:
-        raise USSOException(
-            status_code=HTTP_401_UNAUTHORIZED,
-            error="unauthorized",
-            message="No token provided",
-        )
-
-    return Usso(jwt_config=jwt_config).user_data_from_token(token)
-
-
-def jwt_access_security_ws(websocket: WebSocket, jwt_config=None) -> UserData | None:
-    """Return the user associated with a token value."""
-    api_key = websocket.headers.get("x-api-key")
-    if api_key:
-        return Usso(jwt_config=jwt_config).user_data_from_api_key(api_key)
-
-    token = get_request_token(websocket)
-    if not token:
-        raise USSOException(
-            status_code=HTTP_401_UNAUTHORIZED,
-            error="unauthorized",
-            message="No token provided",
-        )
-
-    return Usso(jwt_config=jwt_config).user_data_from_token(token)
-
-
-async def usso_exception_handler(request: Request, exc: USSOException):
-    return JSONResponse(
-        status_code=exc.status_code,
-        content={"message": exc.message, "error": exc.error},
-    )
-
-
-EXCEPTION_HANDLERS = {
-    USSOException: usso_exception_handler,
-}

usso/schemas.py

@@ -1,67 +0,0 @@
-import uuid
-
-import cachetools.func
-from pydantic import BaseModel, model_validator
-
-from . import b64tools
-
-
-class UserData(BaseModel):
-    user_id: str
-    workspace_id: str | None = None
-    workspace_ids: list[str] = []
-    token_type: str = "access"
-
-    email: str | None = None
-    phone: str | None = None
-    username: str | None = None
-
-    authentication_method: str | None = None
-    is_active: bool = False
-
-    jti: str | None = None
-    data: dict | None = None
-
-    token: str | None = None
-
-    @property
-    def uid(self) -> uuid.UUID:
-        user_id = self.user_id
-
-        if user_id.startswith("u_"):
-            user_id = user_id[2:]
-        if 22 <= len(user_id) <= 24:
-            user_id = b64tools.b64_decode_uuid(user_id)
-
-        return uuid.UUID(user_id)
-
-    @property
-    def b64id(self) -> uuid.UUID:
-        return b64tools.b64_encode_uuid_strip(self.uid)
-
-
-class JWTConfig(BaseModel):
-    """Configuration for JWT processing."""
-
-    jwk_url: str | None = None
-    secret: str | None = None
-    algorithm: str = "RS256"
-    header: dict[str, str] = {"type": "Cookie", "name": "usso_access_token"}
-
-    def __hash__(self):
-        return hash(self.model_dump_json())
-
-    @model_validator(mode="before")
-    def validate_config(cls, data: dict):
-        if not data.get("jwk_url") and not data.get("secret"):
-            raise ValueError("Either jwk_url or secret must be provided")
-        return data
-
-    @cachetools.func.ttl_cache(maxsize=128, ttl=600)
-    def decode(self, token: str):
-        """Decode a token using the configured method."""
-        from .core import decode_token, decode_token_with_jwk
-
-        if self.jwk_url:
-            return decode_token_with_jwk(self.jwk_url, token)
-        return decode_token(self.secret, token, algorithms=[self.algorithm])

usso-0.27.22.dist-info/METADATA

@@ -1,110 +0,0 @@
-Metadata-Version: 2.2
-Name: usso
-Version: 0.27.22
-Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
-Author-email: Mahdi Kiani <mahdikiany@gmail.com>
-Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>
-License: Copyright (c) 2016 The Python Packaging Authority (PyPA)
-        
-        Permission is hereby granted, free of charge, to any person obtaining a copy of
-        this software and associated documentation files (the "Software"), to deal in
-        the Software without restriction, including without limitation the rights to
-        use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
-        of the Software, and to permit persons to whom the Software is furnished to do
-        so, subject to the following conditions:
-        
-        The above copyright notice and this permission notice shall be included in all
-        copies or substantial portions of the Software.
-        
-        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-        SOFTWARE.
-        
-Project-URL: Homepage, https://github.com/ussoio/usso-python
-Project-URL: Bug Reports, https://github.com/ussoio/usso-python/issues
-Project-URL: Funding, https://github.com/ussoio/usso-python
-Project-URL: Say Thanks!, https://saythanks.io/to/mahdikiani
-Project-URL: Source, https://github.com/ussoio/usso-python
-Keywords: usso,sso,authentication,security,fastapi,django
-Classifier: Development Status :: 3 - Alpha
-Classifier: Intended Audience :: Developers
-Classifier: Topic :: Software Development :: Build Tools
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Programming Language :: Python :: 3 :: Only
-Requires-Python: >=3.9
-Description-Content-Type: text/markdown
-License-File: LICENSE.txt
-Requires-Dist: pydantic>=2
-Requires-Dist: pyjwt[crypto]
-Requires-Dist: cachetools
-Requires-Dist: singleton_package
-Requires-Dist: json-advanced
-Requires-Dist: httpx
-Provides-Extra: fastapi
-Requires-Dist: fastapi>=0.65.0; extra == "fastapi"
-Requires-Dist: uvicorn[standard]>=0.13.0; extra == "fastapi"
-Provides-Extra: django
-Requires-Dist: Django>=3.2; extra == "django"
-Provides-Extra: httpx
-Requires-Dist: httpx; extra == "httpx"
-Provides-Extra: dev
-Requires-Dist: check-manifest; extra == "dev"
-Provides-Extra: test
-Requires-Dist: coverage; extra == "test"
-Provides-Extra: all
-Requires-Dist: fastapi; extra == "all"
-Requires-Dist: uvicorn; extra == "all"
-Requires-Dist: django; extra == "all"
-Requires-Dist: httpx; extra == "all"
-Requires-Dist: dev; extra == "all"
-Requires-Dist: test; extra == "all"
-
-# USSO-Client
-
-The USSO-Client provides a universal single sign-on (SSO) integration for microservices, making it easy to add secure, scalable authentication across different frameworks. This client simplifies the process of connecting any microservice to the USSO service.
-
-## Features
-
-- **Core SSO Integration**: Use the USSO core client for basic SSO functionality across any Python application.
-- **Framework-Specific Modules**:
-  - **FastAPI Integration**: Specialized support for FastAPI applications, enabling async authentication mechanisms tailored to FastAPI's event loop.
-  - *Django Integration* (Coming soon): Customizable Django authentication backend that integrates seamlessly with Django's user management and middleware architecture.
-
-## Installation
-
-Install the USSO client using pip:
-
-```bash
-pip install usso
-```
-
-To add framework-specific support, use the following commands:
-
-For FastAPI:
-
-```bash
-pip install "usso[fastapi]"
-```
-
-For Django:
-
-```bash
-pip install "usso[django]"
-```
-
-## Quick Start
-Follow the quick start guides in the documentation to integrate USSO in your application.
-
-## Contributing
-Contributions are welcome! See CONTRIBUTING.md for more details on how to get involved.
-
-## License
-Distributed under the MIT License. See LICENSE for more information.

usso-0.27.22.dist-info/RECORD

@@ -1,22 +0,0 @@
-usso/__init__.py,sha256=NnOS_S1a-JKTOlGe1nw-kCL3m0y82mA2mDraus7BQ2o,120
-usso/b64tools.py,sha256=HGQ0E59vzjrQo2-4jrcY03ebtTaYwTtCZ7KgJaEmxO0,610
-usso/core.py,sha256=kZCdHQz-sIbmd9MUd4CVMZACtvP60rbpL1Gszy3tkzQ,5641
-usso/exceptions.py,sha256=ogJsjdUK0HoZdQv5uCnzIVoG-bTTMHBqyvB4swAMsiE,653
-usso/schemas.py,sha256=aK_UWZvqjZLz5r1yBIZX_nL2yPCNUjxpZ93AsV9mAes,1810
-usso/client/__init__.py,sha256=ilGFrugI7bhGXVIcETdbRAye8S7k2mVjkEeziToVzSs,100
-usso/client/api.py,sha256=-sluL8BMjcI1z8y8thZElCa63nxo25qlmKh3IzK3M6U,5124
-usso/client/async_api.py,sha256=UMN84vmWvLgi-3zsNdhCOjf5zQQQFUJ-wKLztI_rU58,5186
-usso/django/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-usso/django/middleware.py,sha256=EEEpHvMQ6QiWw2HY8zQ2Aec0RCATcLWsCKeyiPWJKio,3245
-usso/fastapi/__init__.py,sha256=0EcdOzb4f3yu9nILIdGWnlyUz-0VaVX2az1e3f2BusI,201
-usso/fastapi/integration.py,sha256=IonxxNj_B9sG2j672rIzE047qo972vk7ch4-eGENp3Q,2638
-usso/session/__init__.py,sha256=tE4qWUdSI7iN_pywm47Mg8NKOTBa2nCNwCy3wCZWRmU,124
-usso/session/async_session.py,sha256=bOWUeBpE2reDdK9zXrD4ZrZrRWlEOyyafWgPcLg2WLY,3638
-usso/session/base_session.py,sha256=1Ad6LbX8IsCPTeEIopnYwybrkPkN5zgGUobv8VHcipA,3430
-usso/session/session.py,sha256=T3v3lGvLxs4Yi-zZRzdKHLxEo2rtVewcLk-1V6Y44Jk,2569
-usso-0.27.22.dist-info/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
-usso-0.27.22.dist-info/METADATA,sha256=_di-fqd1GQaRLFMQHK2aVHv6xApGgeOEPlYYjqoI15E,4580
-usso-0.27.22.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-usso-0.27.22.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
-usso-0.27.22.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
-usso-0.27.22.dist-info/RECORD,,