Agentic Identity Framework abstracting Keycloak/OIDC complexity for AI Agents

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for armstrongsam25 from gravatar.com armstrongsam25

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Agentic Security

A "Convention over Configuration" Python package for adding Agentic Identity to your AI Agents.

This package abstracts away the complexity of:

  • Dynamic Client Registration: Automatically registers your agent with Keycloak if no credentials exist.
  • Token Exchange: Implements RFC 8693 logic to exchange user tokens for downstream service access.
  • Token Verification: Provides FastAPI dependencies to validate incoming Bearer tokens.

Installation

pip install agentic-security

Note: You may need to install from source or a private repository until published.

Usage

Initialization

Initialize the security module with your realm URL and service details.

from SecureAgent import AgentSecurity

security = AgentSecurity(
    realm_url="http://localhost:8080",
    service_name="my-specialist-agent",
    # initial_access_token is required only for the very first run to register the client
    initial_access_token="<YOUR_INITIAL_ACCESS_TOKEN>" 
)

The first time this runs, it will:

  1. Check for credentials.json.
  2. If missing, use initial_access_token to register my-specialist-agent.
  3. Save the new client_id and client_secret to credentials.json.

Protecting an Endpoint

Use the verify_token dependency to protect your FastAPI routes.

from fastapi import FastAPI, Depends

app = FastAPI()

@app.get("/secure-data")
def secure_endpoint(token_payload = Depends(security.verify_token)):
    return {
        "user": token_payload["sub"],
        "message": "You have access!"
    }

Exchanging Tokens (The Orchestrator Pattern)

If your agent needs to call another agent, use exchange_token.

def call_downstream_agent(user_token: str):
    # Exchange the incoming user token for a token to access 'target-service'
    downstream_token = security.exchange_token(
        user_token=user_token,
        target_client="target-service"
    )
    
    # Use the new token to make the request
    # headers = {"Authorization": f"Bearer {downstream_token}"}
    # requests.get(..., headers=headers)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for armstrongsam25 from gravatar.com armstrongsam25

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.1.3

0.1.2

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secureagent-0.1.1.tar.gz (11.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

secureagent-0.1.1-py3-none-any.whl (10.8 kB view details)

Uploaded Python 3

File details

Details for the file secureagent-0.1.1.tar.gz.

File metadata

  • Download URL: secureagent-0.1.1.tar.gz
  • Upload date:
  • Size: 11.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for secureagent-0.1.1.tar.gz
Algorithm Hash digest
SHA256 385ceb732a80d0b2220f74a6cce8886d9c6997d9dad46c0b3cf58c7831c44786
MD5 3e8477b9e3b554501f5fc9705ae2d11a
BLAKE2b-256 9d8735d9c9db9811d55c322fec7464e3aa5dae4a141590b2634073bc327c8667

See more details on using hashes here.

Provenance

The following attestation bundles were made for secureagent-0.1.1.tar.gz:

Publisher: test.yml on armstrongsam25/SecureAgent

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file secureagent-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: secureagent-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 10.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for secureagent-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 89a08a0a61b9127d7f5e11a2a5a504a747f03b78bc95b305f6cc5a961720fa92
MD5 f8139334832fed6f0415afd4caa88f96
BLAKE2b-256 9b55b254098c12e933f33e5a6d165a22ef4571f9f5cbd7513d8cfa1753fccc0d

See more details on using hashes here.

Provenance

The following attestation bundles were made for secureagent-0.1.1-py3-none-any.whl:

Publisher: test.yml on armstrongsam25/SecureAgent

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page