Agentic Identity Framework abstracting Keycloak/OIDC complexity for AI Agents

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for armstrongsam25 from gravatar.com armstrongsam25

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

Agentic Security

A "Convention over Configuration" Python package for adding Agentic Identity to your AI Agents.

This package abstracts away the complexity of:

  • Dynamic Client Registration: Automatically registers your agent with Keycloak if no credentials exist.
  • Token Exchange: Implements RFC 8693 logic to exchange user tokens for downstream service access.
  • Token Verification: Provides FastAPI dependencies to validate incoming Bearer tokens.

Installation

pip install SecureAgent

Note: You may need to install from source or a private repository until published.

Usage

Initialization

Initialize the security module with your realm URL and service details.

from SecureAgent import AgentSecurity

security = AgentSecurity(
    realm_url="http://localhost:8080",
    service_name="my-specialist-agent",
    # initial_access_token is required only for the very first run to register the client
    initial_access_token="<YOUR_INITIAL_ACCESS_TOKEN>" 
)

The first time this runs, it will:

  1. Check for credentials.json.
  2. If missing, use initial_access_token to register my-specialist-agent.
  3. Save the new client_id and client_secret to credentials.json.

Protecting an Endpoint

Use the verify_token dependency to protect your FastAPI routes.

from fastapi import FastAPI, Depends

app = FastAPI()

@app.get("/secure-data")
def secure_endpoint(token_payload = Depends(security.verify_token)):
    return {
        "user": token_payload["sub"],
        "message": "You have access!"
    }

Exchanging Tokens (The Orchestrator Pattern)

If your agent needs to call another agent, use exchange_token.

def call_downstream_agent(user_token: str):
    # Exchange the incoming user token for a token to access 'target-service'
    downstream_token = security.exchange_token(
        user_token=user_token,
        target_client="target-service"
    )
    
    # Use the new token to make the request
    # headers = {"Authorization": f"Bearer {downstream_token}"}
    # requests.get(..., headers=headers)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for armstrongsam25 from gravatar.com armstrongsam25

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.1.3

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secureagent-0.1.2.tar.gz (11.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

secureagent-0.1.2-py3-none-any.whl (10.8 kB view details)

Uploaded Python 3

File details

Details for the file secureagent-0.1.2.tar.gz.

File metadata

  • Download URL: secureagent-0.1.2.tar.gz
  • Upload date:
  • Size: 11.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for secureagent-0.1.2.tar.gz
Algorithm Hash digest
SHA256 d90310e63a12962e3bc0c75cbb832c8b91c4384c8a3b17559706e12e3adf2aa2
MD5 0bbed7fcd7b4fabfde8493fa629cfb03
BLAKE2b-256 4cf22ce7c2de74e36d89dd44e2a4b98206de771918c1f89530510e2f4e5709af

See more details on using hashes here.

Provenance

The following attestation bundles were made for secureagent-0.1.2.tar.gz:

Publisher: test.yml on armstrongsam25/SecureAgent

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file secureagent-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: secureagent-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 10.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for secureagent-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 47106c4845d5c29ddf4164e8b20bcb5ee8eec0b6b314bf61f86544115f956d3e
MD5 52edaa14064650d4dc54f432e1b3e0af
BLAKE2b-256 d25979401b271b9ac4a328281867782832c74ce6f27828fd5edd36bc7670d009

See more details on using hashes here.

Provenance

The following attestation bundles were made for secureagent-0.1.2-py3-none-any.whl:

Publisher: test.yml on armstrongsam25/SecureAgent

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page