Python server-side middleware for BPC (Bound Pair Credentials) — FastAPI and Flask request verification
Project description
bpc-server
Python server-side middleware for the BPC (Bound Pair Credentials) protocol. Verifies BPC-signed requests in FastAPI and Flask applications using the full 12-step pipeline from the BPC spec v1.0.
Install
pip install bpc-server[fastapi] # FastAPI + Starlette
pip install bpc-server[flask] # Flask
pip install bpc-server[all] # Both
FastAPI
from fastapi import FastAPI, Request
from bpc_server import BPCFastAPIMiddleware, InMemoryPairRegistry, PairRecord
app = FastAPI()
registry = InMemoryPairRegistry()
# Register a pair (in production, load from your database)
registry.register(PairRecord(
pair_id="pair_abc123",
name="my-agent",
scope="read-write",
mode="development",
public_key_jwk={...}, # from bpc-client registration
secret_hash="argon2id_hash_here",
))
app.add_middleware(BPCFastAPIMiddleware, registry=registry)
@app.get("/api/data")
async def get_data(request: Request):
pair = request.state.bpc_pair # BPCVerificationResult
return {"pair_id": pair.pair_id, "scope": pair.pair.scope}
Flask
from flask import Flask, g
from bpc_server import BPCFlaskMiddleware, InMemoryPairRegistry
app = Flask(__name__)
registry = InMemoryPairRegistry()
BPCFlaskMiddleware(app, registry=registry)
@app.route("/api/data")
def get_data():
return {"pair_id": g.bpc_pair_id}
Standalone Verifier
from bpc_server import BPCVerifier, InMemoryPairRegistry, InMemoryNonceStore
verifier = BPCVerifier(registry=registry, nonce_store=InMemoryNonceStore())
result = verifier.verify(headers=request.headers, method="GET", path="/api/data")
if not result.ok:
return 401, result.error_code
12-Step Verification Pipeline
- Headers present (
X-BPC-Pair-ID,X-BPC-Signature,X-BPC-Signed-Data,X-BPC-Version) - Pair exists and is active (not revoked, not expired)
- Pair not locked out
- Decode and parse canonical payload
- Protocol version check (
"1.0") - Timestamp within ±60s window
- Nonce not seen before (replay prevention)
- Method and path match payload
- Body hash match (SHA-256)
- ECDSA-SHA-256 signature valid
- Scope enforcement (
read/read-write/admin)
See the full spec.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
bpc_server-1.0.0.tar.gz
(8.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bpc_server-1.0.0.tar.gz.
File metadata
- Download URL: bpc_server-1.0.0.tar.gz
- Upload date:
- Size: 8.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.0rc1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5d24acaf62466c8692be471030dee74079304c89a7e428bb735f584dccbc1caf
|
|
| MD5 |
1f931707d3c39f1ac4ff225ce9fd91dc
|
|
| BLAKE2b-256 |
3dbf646f46fae3060b5c2073979d058aa6ae8704ae89d9068166081e827c8b38
|
File details
Details for the file bpc_server-1.0.0-py3-none-any.whl.
File metadata
- Download URL: bpc_server-1.0.0-py3-none-any.whl
- Upload date:
- Size: 9.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.0rc1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9dba93cba902bee3b67cc9d9887a250c870642d840d78cd0684ab124f8b645a6
|
|
| MD5 |
56c6f4eba53259921152233a74abb7bf
|
|
| BLAKE2b-256 |
9eab7458524e1bdc6389b64e202d5ad2d5e920156a4d7bbe9e5f6621e5019908
|
