Standalone OIDC identity microservice and client library for DjangoPlay and Python applications.
Project description
AuthX
Maintained by
Standalone OIDC identity microservice for codefleetx applications.
What it does
AuthX is a standards-compliant OpenID Connect (OIDC) identity provider built with FastAPI. It:
- Issues signed JWT access tokens and refresh tokens
- Exposes public OIDC endpoints (
/token,/userinfo,/jwks,/.well-known/openid-configuration) - Exposes an internal API (
/internal/identities) for trusted services (e.g. DjangoPlay) to create and look up identities - Supports email/password and SSO (Google, Apple) identity providers
- Is stateless and horizontally scalable
Architecture
┌──────────────────────────────────────┐
│ Client (browser, mobile, CLI) │
│ → POST /token (login) │
│ → GET /userinfo (who am I?) │
└────────────────┬─────────────────────┘
│ JWT
┌───────────▼──────────────────┐
│ AuthX │
│ FastAPI + PostgreSQL │
│ Issues & validates JWTs │
└───────────┬──────────────────┘
│ Internal API (service token)
┌───────────▼──────────────────┐
│ DjangoPlay │
│ Trusts AuthX JWTs │
│ Owns EmploymentProfile │
│ Owns MemberProfile │
└──────────────────────────────┘
Endpoints
Public OIDC
| Method | Path | Description |
|---|---|---|
| GET | /.well-known/openid-configuration |
OIDC discovery document |
| GET | /jwks |
Public keys for JWT verification |
| POST | /token |
Issue access + refresh token |
| POST | /token/refresh |
Refresh access token |
| GET | /userinfo |
Get identity info from token |
Internal (service token required)
| Method | Path | Description |
|---|---|---|
| POST | /internal/identities |
Create identity |
| GET | /internal/identities/{id} |
Get identity by ID |
| GET | /internal/identities/by-email/{email} |
Lookup by email |
| GET | /internal/identities/by-sso |
Lookup by SSO provider + ID |
| PATCH | /internal/identities/{id} |
Update identity fields |
| DELETE | /internal/identities/{id} |
Soft delete identity |
Running locally
cp .env.example .env
# fill in values
docker compose up
Migrations run automatically on startup.
Running in production
docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
Environment variables
See .env.example for all required variables.
JWT verification (for consumers)
Consumers (DjangoPlay, etc.) should:
- Fetch public keys from
/jwkson startup (cache them) - Verify JWT signatures locally — no AuthX call needed per request
- Only call
/userinfofor server-to-server lookups without a JWT in hand
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file authx_identity-0.1.0rc1.tar.gz.
File metadata
- Download URL: authx_identity-0.1.0rc1.tar.gz
- Upload date:
- Size: 18.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
af128d8c13b9b78c72a08ed89fea7131221a312e407beaea8d97b5644cbd6a11
|
|
| MD5 |
0c9307398ab751c79fc5930cb8fa4609
|
|
| BLAKE2b-256 |
c93c38150727ebd56a94b3653e78ef659342c8a71bb8d5ce3122cf7d8bb35772
|
File details
Details for the file authx_identity-0.1.0rc1-py3-none-any.whl.
File metadata
- Download URL: authx_identity-0.1.0rc1-py3-none-any.whl
- Upload date:
- Size: 21.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ea7e2c7b1b24305232e306e8db4348320ecc0532bb7bd09ecadb043c19b8b28f
|
|
| MD5 |
7dec5b2becae73718f759f634133af4f
|
|
| BLAKE2b-256 |
ec5a66c65b72a292026dafb08d2fe8f79471b13e5892794db7f1df1a7980661e
|
