Agentic Identity Framework abstracting Keycloak/OIDC complexity for AI Agents

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for armstrongsam25 from gravatar.com armstrongsam25

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Agentic Security

A "Convention over Configuration" Python package for adding Agentic Identity to your AI Agents.

This package abstracts away the complexity of:

  • Dynamic Client Registration: Automatically registers your agent with Keycloak if no credentials exist.
  • Token Exchange: Implements RFC 8693 logic to exchange user tokens for downstream service access.
  • Token Verification: Provides FastAPI dependencies to validate incoming Bearer tokens.

Installation

pip install agentic-security

Note: You may need to install from source or a private repository until published.

Usage

Initialization

Initialize the security module with your realm URL and service details.

from agentic_security import AgentSecurity

security = AgentSecurity(
    realm_url="http://localhost:8080",
    service_name="my-specialist-agent",
    # initial_access_token is required only for the very first run to register the client
    initial_access_token="<YOUR_INITIAL_ACCESS_TOKEN>" 
)

The first time this runs, it will:

  1. Check for credentials.json.
  2. If missing, use initial_access_token to register my-specialist-agent.
  3. Save the new client_id and client_secret to credentials.json.

Protecting an Endpoint

Use the verify_token dependency to protect your FastAPI routes.

from fastapi import FastAPI, Depends

app = FastAPI()

@app.get("/secure-data")
def secure_endpoint(token_payload = Depends(security.verify_token)):
    return {
        "user": token_payload["sub"],
        "message": "You have access!"
    }

Exchanging Tokens (The Orchestrator Pattern)

If your agent needs to call another agent, use exchange_token.

def call_downstream_agent(user_token: str):
    # Exchange the incoming user token for a token to access 'target-service'
    downstream_token = security.exchange_token(
        user_token=user_token,
        target_client="target-service"
    )
    
    # Use the new token to make the request
    # headers = {"Authorization": f"Bearer {downstream_token}"}
    # requests.get(..., headers=headers)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for armstrongsam25 from gravatar.com armstrongsam25

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.1.3

0.1.2

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secureagent-0.1.0.tar.gz (11.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

secureagent-0.1.0-py3-none-any.whl (10.9 kB view details)

Uploaded Python 3

File details

Details for the file secureagent-0.1.0.tar.gz.

File metadata

  • Download URL: secureagent-0.1.0.tar.gz
  • Upload date:
  • Size: 11.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for secureagent-0.1.0.tar.gz
Algorithm Hash digest
SHA256 7e77a715d681650dd8340ff42b6f2b283f6cfe1ca4dc42c1e9f56ec928c4c0d0
MD5 96a9649fb53acc50b1b6621c91822e8e
BLAKE2b-256 6741a2aca7a3a57fc03588a4e537c39397e01402ab461423acdb4402320e0342

See more details on using hashes here.

Provenance

The following attestation bundles were made for secureagent-0.1.0.tar.gz:

Publisher: test.yml on armstrongsam25/SecureAgent

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file secureagent-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: secureagent-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 10.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for secureagent-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 036c4c8116402d3459cb6a58022006d05a0ba3b5aaed42763c942c49dfd76296
MD5 0ba6fb9ae16855e8647302dcc9e4d4b2
BLAKE2b-256 3d4fe94debad6166e57cf44ae8bf238168bedf557fb4ea66a367ff93b44832d0

See more details on using hashes here.

Provenance

The following attestation bundles were made for secureagent-0.1.0-py3-none-any.whl:

Publisher: test.yml on armstrongsam25/SecureAgent

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page