A portable local authentication library for AI agents and developer tools
Project description
authsome
__ __
____ ___ __/ /_/ /_ _________ ____ ___ ___
/ __ `/ / / / __/ __ \/ ___/ __ \/ __ `__ \/ _ \
/ /_/ / /_/ / /_/ / / (__ ) /_/ / / / / / / __/
\__,_/\__,_/\__/_/ /_/____/\____/_/ /_/ /_/\___/
Local auth for AI agents.
Log in once via OAuth2/API Key. Authsome keeps the credentials fresh for every AI agent.
Why Agents Are Different
Agents need API access that survives outside an interactive app:
- agents run without interactive sessions
- tokens expire, rotate, and need refresh
- tool access must work in scripts, cron, CI, SSH, background workers, and parallel pipelines
Hardcoded env tokens leak or go stale. DIY auth means rebuilding flow logic, token storage, refresh handling, expiry checks, and per-provider config for every project.
Authsome is the local credential layer agents can call at runtime.
- No credential sprawl. One encrypted store — every provider, every agent, one place.
- No SaaS, no privacy trade-off. Credentials never leave your machine. No third-party cloud dependency.
- No browser required at runtime. Setup can use browser PKCE, device code, or a browser bridge for secure API key entry. After that, agents run headlessly in CI, SSH, cron, workers, or parallel pipelines.
How It Works
The CLI is the agent's interface: setup once, then inject fresh credentials whenever a tool runs.
┌──────────┐ authsome ┌──────────────┐
│ Agent │ ──────────────────────▶ │ Local Vault │
└──────────┘ └──────┬───────┘
▲ │
│ fresh token / API key │ encrypted
└──────────────────────────────────────┘
Authenticate once:
authsome login github
Then agents get valid credentials on demand:
authsome get github --field access_token --show-secret
# → ghu_...
export $(authsome export github)
# → sets GITHUB_ACCESS_TOKEN in current shell
authsome run python my_agent.py
# runs behind a local auth proxy that injects headers at request time
# without exposing secrets in the child process environment.
# matched automatically via provider host_url (e.g. api.openai.com)
Credentials are stored locally, encrypted at rest, and refreshed before expiry. No server. No account. No cloud.
Why Authsome
| authsome | Hardcoded env tokens | DIY | |
|---|---|---|---|
| Automatic token refresh | ✅ | ❌ | build it |
| OAuth2 + API keys | ✅ | ❌ | build it |
| Runtime headless use | ✅ | ✅ | varies |
| Local — no SaaS dependency | ✅ | ✅ | ✅ |
| Built-in providers, zero config | ✅ | ❌ | ❌ |
| Multi-account per provider | ✅ | ❌ | build it |
Authsome gives agents one command for a valid token, without scattering long-lived secrets across every project.
Quick Start
pip install authsome
authsome init
authsome login github # opens browser, completes PKCE flow
authsome login github --flow device_code # headless: Device Code, works over SSH and CI
authsome login openai # secure API key entry via browser bridge
authsome list # all connections + token status
Docs
The full documentation site lives in docs/site/
To preview locally:
cd docs/site
npm i -g mint # requires Node.js >= 20.17.0
mint dev
Specs
License
MIT — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file authsome-0.2.2rc38.tar.gz.
File metadata
- Download URL: authsome-0.2.2rc38.tar.gz
- Upload date:
- Size: 214.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.8 {"installer":{"name":"uv","version":"0.11.8","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8cbc42a99ab0cf1c4cff8ad84575b93fe78fdb3929c5e1b7d7cb47c21c8a9ae0
|
|
| MD5 |
419ed3524d53cf7537a62fc65294299f
|
|
| BLAKE2b-256 |
58d03d29b34a1a229a8262f1ede69a3a0232a50b2dc33e6ddfcce7981d9c2ba6
|
File details
Details for the file authsome-0.2.2rc38-py3-none-any.whl.
File metadata
- Download URL: authsome-0.2.2rc38-py3-none-any.whl
- Upload date:
- Size: 80.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.8 {"installer":{"name":"uv","version":"0.11.8","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
090b8fe9052d61456f154de285231bea331ea90f4f00b84b0f89cb67b6f6e1b8
|
|
| MD5 |
d7ee8c0cf7f54f44c7b47fefbbc37cc2
|
|
| BLAKE2b-256 |
3f5db56a81b76efdec034394b6305f3413fc64ba5e6da426e13141d874590722
|
