verge-auth-sdk 0.1.27__py3-none-any.whl → 0.1.38__py3-none-any.whl

verge_auth_sdk/__init__.py

@@ -2,7 +2,7 @@
 """
 verge_auth_sdk package public API.
 Exports:
- - add_central_auth(app)  -> middleware to attach to FastAPI app
+ - add_central_auth(app)  -> middleware to attach to Python app
  - get_secret(name)       -> secret retrieval helper
 """
 from .middleware import add_central_auth

verge_auth_sdk/middleware.py

@@ -1,13 +1,15 @@
 from fastapi import FastAPI, Request
 from fastapi.responses import RedirectResponse, JSONResponse
-from .secret_provider import get_secret
-from .verge_routes import router as verge_routes_router
 import httpx
 import os
 import asyncio
 import jwt
+from typing import List
+from urllib.parse import quote
+from .secret_provider import get_secret
+from .verge_routes import router as verge_routes_router
 
-REGISTERED_ROUTES = []
+REGISTERED_ROUTES: List = []
 
 # ============================================================
 # GLOBAL JWT CACHE
@@ -64,7 +66,7 @@ async def load_public_key(force: bool = False):
 
     AUTH_PUBLIC_KEY_URL = os.getenv("AUTH_PUBLIC_KEY_URL")
     if not AUTH_PUBLIC_KEY_URL:
-        print("❌ AUTH_PUBLIC_KEY_URL not set")
+        print("❌ AUTH_PUBLIC_KEY_URL not set! Please Set it.")
         return
 
     try:
@@ -77,35 +79,33 @@ async def load_public_key(force: bool = False):
             JWT_KEY_ID = data.get("kid")
 
             if JWT_PUBLIC_KEY:
-                print("✅ JWT public key loaded from auth service")
+                print("✅ Security Key Loaded Successfully")
             else:
-                print("❌ JWT public key missing in response")
+                print("❌ Security Key Loading Failed")
 
     except Exception as e:
-        print("❌ Failed to load JWT public key:", str(e))
+        print("❌ Failed to load Security Key:", str(e))
 
 
 # -----------------------------------------------------------
 # MAIN INTEGRATION
 # -----------------------------------------------------------
 def add_central_auth(app: FastAPI):
-
+    AUTH_BASE_URL = os.getenv("AUTH_BASE_URL")
     AUTH_LOGIN_URL = os.getenv("AUTH_LOGIN_URL")
-
     SERVICE_NAME = os.getenv("SERVICE_NAME")
     SERVICE_BASE_URL = os.getenv("SERVICE_BASE_URL")
-
     CLIENT_ID = os.getenv("VERGE_CLIENT_ID")
     CLIENT_SECRET = os.getenv("VERGE_CLIENT_SECRET")
-
     VERGE_SERVICE_SECRET = get_secret("VERGE_SERVICE_SECRET")
-
     AUTH_REGISTER_URL = os.getenv("AUTH_REGISTER_URL")
     AUTH_ROUTE_SYNC_URL = os.getenv("AUTH_ROUTE_SYNC_URL")
+    INTROSPECT_URL = os.getenv("AUTH_INTROSPECT_URL")
 
     # -------------------------------------------------------
     # INTERNAL VERGE ROUTES
     # -------------------------------------------------------
+
     app.include_router(verge_routes_router)
 
     # -------------------------------------------------------
@@ -113,7 +113,7 @@ def add_central_auth(app: FastAPI):
     # -------------------------------------------------------
     @app.on_event("startup")
     async def verge_bootstrap():
-        print("🔥 Verge bootstrap started")
+        print("🔥 Verge Auth started")
 
         # 🔐 Load JWT public key FIRST (retry-safe)
         await load_public_key(force=True)
@@ -143,7 +143,7 @@ def add_central_auth(app: FastAPI):
             except Exception as e:
                 print("❌ Error collecting route:", e)
 
-        print("\n📡 Registering service with Auth Service...")
+        print("\n📡 Registering service with Verge Auth...")
 
         async with httpx.AsyncClient() as client:
             if AUTH_REGISTER_URL:
@@ -203,7 +203,8 @@ def add_central_auth(app: FastAPI):
 
         SKIP_PATHS = {
             "/health",
-            "/docs",
+            # "/docs",
+            # "/redoc",
             "/openapi.json",
             "/favicon.ico",
             "/service-registry/register",
@@ -214,24 +215,61 @@ def add_central_auth(app: FastAPI):
         if path in SKIP_PATHS or path.startswith("/__verge__"):
             return await call_next(request)
 
-        token = None
-        auth_header = request.headers.get("authorization")
-
-        if auth_header and auth_header.lower().startswith("bearer "):
-            token = auth_header.split(" ", 1)[1].strip()
+        token = request.cookies.get("verge_access")
 
+        # Then Authorization header
         if not token:
-            token = request.cookies.get("access_token")
+            auth_header = request.headers.get("authorization")
+            if auth_header and auth_header.lower().startswith("bearer "):
+                token = auth_header.split(" ", 1)[1].strip()
 
+        # Then session (optional fallback)
         if not token and "session" in request.scope:
             token = request.scope["session"].get("access_token")
 
-        if not token:
-            if "text/html" in request.headers.get("accept", ""):
-                return RedirectResponse(
-                    f"{AUTH_LOGIN_URL}?redirect_url={request.url}"
+        # ---------------------------------------------------
+        # AUTH CODE EXCHANGE
+        # ---------------------------------------------------
+        if not token and "code" in request.query_params:
+            code = request.query_params.get("code")
+
+            try:
+                async with httpx.AsyncClient(timeout=5) as client:
+                    resp = await client.post(
+                        f"{AUTH_BASE_URL}/auth/exchange",
+                        json={"code": code},
+                        headers={
+                            "X-Client-Id": os.getenv("VERGE_CLIENT_ID") or "",
+                            "X-Client-Secret": os.getenv("VERGE_CLIENT_SECRET") or "",
+                        },
+                    )
+                    resp.raise_for_status()
+                    token = resp.json().get("access_token")
+
+                    if not token:
+                        return JSONResponse(
+                            {"detail": "Authorization failed: no token returned"},
+                            status_code=401,
+                        )
+
+                    # Persist token + clean URL
+                    clean_url = str(request.url.remove_query_params("code"))
+                    response = RedirectResponse(clean_url)
+                    response.set_cookie(
+                        "verge_access",
+                        token,
+                        httponly=True,
+                        secure=True,
+                        samesite="lax",
+                        path="/",
+                    )
+                    return response
+
+            except Exception as e:
+                return JSONResponse(
+                    {"detail": "Authorization failed", "error": str(e)},
+                    status_code=401,
                 )
-            return JSONResponse({"detail": "Unauthorized"}, status_code=401)
 
         # ---------------------------------------------------
         # LOCAL JWT VERIFICATION
@@ -263,6 +301,36 @@ def add_central_auth(app: FastAPI):
                 status_code=401,
             )
 
+        # ---------------------------------------------------
+        # CENTRAL INTROSPECTION CHECK (session + revocation)
+        # ---------------------------------------------------
+        try:
+            async with httpx.AsyncClient(timeout=5) as client:
+                resp = await client.post(INTROSPECT_URL,
+                                         headers={
+                                             "Authorization": f"Bearer {token}",
+                                             "X-Client-Id": os.getenv("VERGE_CLIENT_ID") or "",
+                                             "X-Client-Secret": os.getenv("VERGE_CLIENT_SECRET") or "",
+                                         },
+                                         )
+
+                data = resp.json()
+                if not data.get("active"):
+                    return JSONResponse(
+                        {"detail": "Session inactive",
+                            "reason": data.get("reason")},
+                        status_code=401,
+                    )
+
+                # optionally enrich request with user info
+                request.state.introspect = data
+
+        except Exception as e:
+            return JSONResponse(
+                {"detail": "Auth introspection failed", "error": str(e)},
+                status_code=401,
+            )
+
         # ---------------------------------------------------
         # PERMISSION CHECK
         # ---------------------------------------------------

{verge_auth_sdk-0.1.27.dist-info → verge_auth_sdk-0.1.38.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: verge-auth-sdk
-Version: 0.1.27
+Version: 0.1.38
 Summary: Secure centralized authentication SDK for FastAPI microservices
 Author-email: Verge Infosoft <contactus@vergeinfosoft.com>
 License: MIT
@@ -182,16 +182,17 @@ The service will now:
 Each service requires a minimal set of environment variables:
 Exact endpoint configurations and integration details may vary by deployment and are abstracted by the SDK.
 
-############## DO NOT CHANGE THESE VALUES #################################
+############## DO NOT CHANGE THIS #################################
 
+AUTH_BASE_URL=https://auth.vergeinfosoft.com
 AUTH_SESSION_URL=https://auth.vergeinfosoft.com/session
 AUTH_INTROSPECT_URL=https://auth.vergeinfosoft.com/introspect
 AUTH_REGISTER_URL=https://auth.vergeinfosoft.com/service-registry/register
 AUTH_ROUTE_SYNC_URL=https://auth.vergeinfosoft.com/route-sync
-AUTH_PUBLIC_KEY_URL=https:/auth.vergeinfosoft.com/auth/keys/public 
-AUTH_LOGIN_URL=https://auth-ui.vergeinfosoft.com/login/
+AUTH_PUBLIC_KEY_URL=https://auth.vergeinfosoft.com/auth/keys/public 
+AUTH_LOGIN_URL=https://auth.vergeinfosoft.com/login
 
-############## DO NOT CHANGE THESE VALUES #################################
+############## DO NOT CHANGE THIS #################################
 
 
 ################# CHANGE THESE AS PER DETAILS PROVIDED #############################################

verge_auth_sdk-0.1.38.dist-info/RECORD

@@ -0,0 +1,9 @@
+verge_auth_sdk/__init__.py,sha256=fna_P4l-tc3ZLKwERFEdOpT4hqPQoJSikrbt_ze5yME,410
+verge_auth_sdk/middleware.py,sha256=a7B0pu2lIg3qmB89iefdnkZRr3bhj1QWx1WbVOmsNdY,12975
+verge_auth_sdk/secret_provider.py,sha256=j89rj9LZHl4qTI2fdf0qnn-mgDD3oTbdP3imsm0S9n8,1653
+verge_auth_sdk/verge_routes.py,sha256=GAFS8HdSNznuh6two6DAHZZeq2t29l3IlzDJjBcOGKA,1413
+verge_auth_sdk-0.1.38.dist-info/licenses/LICENSE,sha256=OLuFd1VUvl1QKIJJ_qJ8zR4ypcDhzeRkEywc7PX2ABQ,1090
+verge_auth_sdk-0.1.38.dist-info/METADATA,sha256=US1QT6gu-6OrM1TzYXRKyZ6RDol4hlbVOLaOg6mGlT8,7075
+verge_auth_sdk-0.1.38.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+verge_auth_sdk-0.1.38.dist-info/top_level.txt,sha256=0ik2K2CJZrP11DvuR7USTYJkX_kv2DSJS5wyhP1yAfA,15
+verge_auth_sdk-0.1.38.dist-info/RECORD,,

verge_auth_sdk-0.1.27.dist-info/RECORD

@@ -1,9 +0,0 @@
-verge_auth_sdk/__init__.py,sha256=n76KSaK3CohCP7dzrUXWlTPNPGzWesLTlYl-C7rfW60,411
-verge_auth_sdk/middleware.py,sha256=K9xebqoR_wa8KZMY1WgwtgQ4nFSZxp3eH4RTGCIK7cM,9837
-verge_auth_sdk/secret_provider.py,sha256=j89rj9LZHl4qTI2fdf0qnn-mgDD3oTbdP3imsm0S9n8,1653
-verge_auth_sdk/verge_routes.py,sha256=GAFS8HdSNznuh6two6DAHZZeq2t29l3IlzDJjBcOGKA,1413
-verge_auth_sdk-0.1.27.dist-info/licenses/LICENSE,sha256=OLuFd1VUvl1QKIJJ_qJ8zR4ypcDhzeRkEywc7PX2ABQ,1090
-verge_auth_sdk-0.1.27.dist-info/METADATA,sha256=dj105An051Rc6f-lekRXc9tCaceB464T0cp5Rm3vcmo,7048
-verge_auth_sdk-0.1.27.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-verge_auth_sdk-0.1.27.dist-info/top_level.txt,sha256=0ik2K2CJZrP11DvuR7USTYJkX_kv2DSJS5wyhP1yAfA,15
-verge_auth_sdk-0.1.27.dist-info/RECORD,,