A portable local authentication library for AI agents and developer tools

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mbajaj from gravatar.com mbajaj

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Manoj Bajaj
  • Tags agents , api-key , auth , credentials , mcp , oauth2
  • Requires: Python >=3.13
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

authsome

PyPI version Python 3.13+ License: MIT PyPI downloads Tests codecov

               __  __
  ____ ___  __/ /_/ /_  _________  ____ ___  ___
 / __ `/ / / / __/ __ \/ ___/ __ \/ __ `__ \/ _ \
/ /_/ / /_/ / /_/ / / (__  ) /_/ / / / / / /  __/
\__,_/\__,_/\__/_/ /_/____/\____/_/ /_/ /_/\___/

Local auth for AI agents.

Log in once via OAuth2/API Key. Authsome keeps the credentials fresh for every AI agent.

Why Agents Are Different

Agents need API access that survives outside an interactive app:

  • agents run without interactive sessions
  • tokens expire, rotate, and need refresh
  • tool access must work in scripts, cron, CI, SSH, background workers, and parallel pipelines

Hardcoded env tokens leak or go stale. DIY auth means rebuilding flow logic, token storage, refresh handling, expiry checks, and per-provider config for every project.

Authsome is the local credential layer agents can call at runtime.

  • No credential sprawl. One encrypted store — every provider, every agent, one place.
  • No SaaS, no privacy trade-off. Credentials never leave your machine. No third-party cloud dependency.
  • No browser required at runtime. Setup can use browser PKCE, device code, or a browser bridge for secure API key entry. After that, agents run headlessly in CI, SSH, cron, workers, or parallel pipelines.

How It Works

The CLI is the agent's interface: setup once, then inject fresh credentials whenever a tool runs.

┌──────────┐        authsome         ┌──────────────┐
│  Agent   │ ──────────────────────▶ │ Local Vault  │
└──────────┘                         └──────┬───────┘
     ▲                                      │
     │       fresh token / API key          │ encrypted
     └──────────────────────────────────────┘

Authenticate once:

authsome login github

Then agents get valid credentials on demand:

authsome get github --field access_token --show-secret
# → ghu_...

export $(authsome export github)
# → sets GITHUB_ACCESS_TOKEN in current shell

authsome run python my_agent.py
# runs behind a local auth proxy that injects headers at request time
# without exposing secrets in the child process environment.
# matched automatically via provider host_url (e.g. api.openai.com)

Credentials are stored locally, encrypted at rest, and refreshed before expiry. No server. No account. No cloud.

Why Authsome

authsome Hardcoded env tokens DIY
Automatic token refresh build it
OAuth2 + API keys build it
Runtime headless use varies
Local — no SaaS dependency
Built-in providers, zero config
Multi-account per provider build it

Authsome gives agents one command for a valid token, without scattering long-lived secrets across every project.

Quick Start

pip install authsome
authsome init
authsome login github                  # opens browser, completes PKCE flow
authsome login github --flow device_code  # headless: Device Code, works over SSH and CI
authsome login openai                  # secure API key entry via browser bridge
authsome list                          # all connections + token status

Docs

The full documentation site lives in docs/site/

To preview locally:

cd docs/site
npm i -g mint   # requires Node.js >= 20.17.0
mint dev

Specs

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mbajaj from gravatar.com mbajaj

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Manoj Bajaj
  • Tags agents , api-key , auth , credentials , mcp , oauth2
  • Requires: Python >=3.13
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.2.4

0.2.3

0.2.3rc67 pre-release

0.2.3rc66 pre-release

0.2.3rc65 pre-release

0.2.3rc64 pre-release

0.2.2

0.2.2rc42 pre-release

0.2.2rc41 pre-release

0.2.2rc40 pre-release

0.2.2rc39 pre-release

0.2.2rc38 pre-release

This version

0.2.2rc37 pre-release

0.2.2rc36 pre-release

0.2.2rc35 pre-release

0.2.1

0.2.1rc34 pre-release

0.2.1rc33 pre-release

0.2.1rc32 pre-release

0.2.1rc31 pre-release

0.2.1rc30 pre-release

0.2.1rc29 pre-release

0.2.1rc28 pre-release

0.2.1rc27 pre-release

0.2.1rc26 pre-release

0.2.1rc24 pre-release

0.2.1rc23 pre-release

0.2.1rc22 pre-release

0.2.1rc21 pre-release

0.2.1rc20 pre-release

0.2.0

0.2.0rc19 pre-release

0.2.0rc18 pre-release

0.2.0rc17 pre-release

0.2.0rc16 pre-release

0.2.0rc15 pre-release

0.2.0rc14 pre-release

0.2.0rc13 pre-release

0.2.0rc9 pre-release

0.2.0rc8 pre-release

0.2.0rc7 pre-release

0.2.0rc6 pre-release

0.1.12

0.1.11

0.1.11rc4 pre-release

0.1.11rc3 pre-release

0.1.11rc2 pre-release

0.1.11rc1 pre-release

0.1.10

0.1.9

0.1.8

0.1.7 yanked

Reason this release was yanked:

incorrect init

0.1.6 yanked

Reason this release was yanked:

Incorrect imports

0.1.5 yanked

Reason this release was yanked:

Incorrect imports

0.1.4

0.1.3

0.1.2

0.1.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

authsome-0.2.2rc37.tar.gz (214.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

authsome-0.2.2rc37-py3-none-any.whl (80.1 kB view details)

Uploaded Python 3

File details

Details for the file authsome-0.2.2rc37.tar.gz.

File metadata

  • Download URL: authsome-0.2.2rc37.tar.gz
  • Upload date:
  • Size: 214.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.8 {"installer":{"name":"uv","version":"0.11.8","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for authsome-0.2.2rc37.tar.gz
Algorithm Hash digest
SHA256 0768622f8e08dcf1498163b57664de3db8c69d696dc8a24e813baa380bcac930
MD5 61d6b0fb53bf0aefc3f6dca8d42fbf08
BLAKE2b-256 0deae5e78fc56833da4b8865780d9cc171992fb84f97c3ea5900ac571ad231ea

See more details on using hashes here.

File details

Details for the file authsome-0.2.2rc37-py3-none-any.whl.

File metadata

  • Download URL: authsome-0.2.2rc37-py3-none-any.whl
  • Upload date:
  • Size: 80.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.8 {"installer":{"name":"uv","version":"0.11.8","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for authsome-0.2.2rc37-py3-none-any.whl
Algorithm Hash digest
SHA256 834f93e658d328f46bc9eba7ec5cda5ad8e0a5562c74a5cc98128f83e57186c8
MD5 d86364dfaa506f4821d1a9df1cff5de5
BLAKE2b-256 9829865659884378fe15285803453aebcd83feb5ebda2c94256ffb3f8a2c1894

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page