Shared Cognito authentication library for FastAPI + Jinja2 web apps
Project description
daylily-auth-cognito
daylily-auth-cognito is the standalone Cognito auth repo for Daylily. It publishes the daylily_auth_cognito Python package and the daycog CLI.
The 2.0 line is a breaking refactor with hard boundaries:
runtime/: JWT verification and FastAPI bearer authbrowser/: Hosted UI session auth with token-free session storageadmin/: Cognito pool, app-client, user, password, and federation mutationscli/:daycogwiring onlypolicy/: email-domain policy helpers
Install
pip install daylily-auth-cognito
For development in this repo:
source ./activate
pytest -q
activate installs the editable repo and the published cli-core-yo==2.0.0 dependency.
Public API
The top-level package is intentionally small:
from daylily_auth_cognito import (
CognitoTokenVerifier,
CognitoWebSessionConfig,
JWKSCache,
SessionPrincipal,
clear_session_principal,
complete_cognito_callback,
configure_session_middleware,
create_auth_dependency,
load_session_principal,
start_cognito_login,
store_session_principal,
verify_m2m_token_with_jwks,
)
Use submodules directly for admin and CLI-specific work. CLI config handling lives under daylily_auth_cognito.cli.config and is CLI-only.
Runtime Example
from daylily_auth_cognito import CognitoTokenVerifier, create_auth_dependency
verifier = CognitoTokenVerifier(
region="us-west-2",
user_pool_id="us-west-2_example",
app_client_id="client-123",
)
current_principal = create_auth_dependency(verifier)
Browser Session Example
from daylily_auth_cognito import CognitoWebSessionConfig, configure_session_middleware
config = CognitoWebSessionConfig(
domain="auth.example.test",
client_id="client-123",
redirect_uri="https://app.example.test/auth/callback",
logout_uri="https://app.example.test/logout",
session_secret_key="replace-me",
session_cookie_name="app_session",
public_base_url="https://app.example.test",
server_instance_id="server-1",
)
configure_session_middleware(app, config)
Hosted UI callbacks exchange the authorization code asynchronously in the web path and only persist normalized principal data in the session. Raw OAuth tokens are rejected.
CLI
Activate the repo, then use daycog:
source ./activate
daycog --help
daycog status
daycog auth-config print
daycog setup --help
CLI config remains at ~/.config/daycog/config.yaml.
The flat-file config model is implemented in daylily_auth_cognito.cli.config; its internal config helper is not part of the runtime surface.
Layout
daylily_auth_cognito/
runtime/
browser/
admin/
cli/
policy/
Docs
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file daylily_auth_cognito-2.1.1.tar.gz.
File metadata
- Download URL: daylily_auth_cognito-2.1.1.tar.gz
- Upload date:
- Size: 77.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f08cf1127470817989ccfd9777867799f517cf8f0f3865997776cf4feeffc68d
|
|
| MD5 |
b6221a6b6705e9bce61cb4327ecc051f
|
|
| BLAKE2b-256 |
dbc398e599033472e9752b4364fbadd1dfb9d0d5d3fcf680f8fe9eaf1f951699
|
File details
Details for the file daylily_auth_cognito-2.1.1-py3-none-any.whl.
File metadata
- Download URL: daylily_auth_cognito-2.1.1-py3-none-any.whl
- Upload date:
- Size: 49.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ae34194a49cf8083793c9d09b2fe5ce7cb4ada3f45a4fb1cd6ef704cffa5083f
|
|
| MD5 |
601d11418b6b1cb0d4054fd0b53dc9f7
|
|
| BLAKE2b-256 |
727ff4138f12ab22c2532d675f10b69807f15e3956a4a11b3355b9013893dec2
|
