Skip to main content

Shared Cognito authentication library for FastAPI + Jinja2 web apps

Project description

daylily-auth-cognito

daylily-auth-cognito is the standalone Cognito auth repo for Daylily. It publishes the daylily_auth_cognito Python package and the daycog CLI.

The 2.0 line is a breaking refactor with hard boundaries:

  • runtime/: JWT verification and FastAPI bearer auth
  • browser/: Hosted UI session auth with token-free session storage
  • admin/: Cognito pool, app-client, user, password, and federation mutations
  • cli/: daycog wiring only
  • policy/: email-domain policy helpers

Install

pip install daylily-auth-cognito

For development in this repo:

source ./activate
pytest -q

activate installs the editable repo and the published cli-core-yo==2.0.0 dependency.

Public API

The top-level package is intentionally small:

from daylily_auth_cognito import (
    CognitoTokenVerifier,
    CognitoWebSessionConfig,
    JWKSCache,
    SessionPrincipal,
    clear_session_principal,
    complete_cognito_callback,
    configure_session_middleware,
    create_auth_dependency,
    load_session_principal,
    start_cognito_login,
    store_session_principal,
    verify_m2m_token_with_jwks,
)

Use submodules directly for admin and CLI-specific work. CLI config handling lives under daylily_auth_cognito.cli.config and is CLI-only.

Runtime Example

from daylily_auth_cognito import CognitoTokenVerifier, create_auth_dependency

verifier = CognitoTokenVerifier(
    region="us-west-2",
    user_pool_id="us-west-2_example",
    app_client_id="client-123",
)

current_principal = create_auth_dependency(verifier)

Browser Session Example

from daylily_auth_cognito import CognitoWebSessionConfig, configure_session_middleware

config = CognitoWebSessionConfig(
    domain="auth.example.test",
    client_id="client-123",
    redirect_uri="https://app.example.test/auth/callback",
    logout_uri="https://app.example.test/logout",
    session_secret_key="replace-me",
    session_cookie_name="app_session",
    public_base_url="https://app.example.test",
    server_instance_id="server-1",
)

configure_session_middleware(app, config)

Hosted UI callbacks exchange the authorization code asynchronously in the web path and only persist normalized principal data in the session. Raw OAuth tokens are rejected.

CLI

Activate the repo, then use daycog:

source ./activate
daycog --help
daycog status
daycog auth-config print
daycog setup --help

CLI config remains at ~/.config/daycog/config.yaml.

The flat-file config model is implemented in daylily_auth_cognito.cli.config; its internal config helper is not part of the runtime surface.

Layout

daylily_auth_cognito/
  runtime/
  browser/
  admin/
  cli/
  policy/

Docs

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

daylily_auth_cognito-2.1.1.tar.gz (77.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

daylily_auth_cognito-2.1.1-py3-none-any.whl (49.9 kB view details)

Uploaded Python 3

File details

Details for the file daylily_auth_cognito-2.1.1.tar.gz.

File metadata

  • Download URL: daylily_auth_cognito-2.1.1.tar.gz
  • Upload date:
  • Size: 77.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for daylily_auth_cognito-2.1.1.tar.gz
Algorithm Hash digest
SHA256 f08cf1127470817989ccfd9777867799f517cf8f0f3865997776cf4feeffc68d
MD5 b6221a6b6705e9bce61cb4327ecc051f
BLAKE2b-256 dbc398e599033472e9752b4364fbadd1dfb9d0d5d3fcf680f8fe9eaf1f951699

See more details on using hashes here.

File details

Details for the file daylily_auth_cognito-2.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for daylily_auth_cognito-2.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ae34194a49cf8083793c9d09b2fe5ce7cb4ada3f45a4fb1cd6ef704cffa5083f
MD5 601d11418b6b1cb0d4054fd0b53dc9f7
BLAKE2b-256 727ff4138f12ab22c2532d675f10b69807f15e3956a4a11b3355b9013893dec2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page