Skip to main content

DEPRECATED — moved into Vector monorepo as the auth v2 application block (backend/shared/blocks/auth, frontend/src/blocks/auth). Do not use in new projects.

Project description

govector-auth (deprecated)

DEPRECATED. This package is no longer maintained. The auth runtime has moved into the Vector monorepo as the auth v2 application block — see apps/backend/application_blocks/blocks/auth/v2/files/backend/shared/blocks/auth/ in Vultron-AI/vector. New apps import from shared.blocks.auth; do not add govector-auth to new projects.

Django authentication backends and views for Vector-generated apps. Handled JWT verification from Vector's auth proxy, session cookie management, and dev-mode auto-authentication.

Install

# Obsolete — do not install. Kept for old apps still on the legacy auth block.
pip install govector-auth

Setup

Authentication Backends

Add to your Django settings:

REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": [
        "govector_auth.JWTCookieAuthentication",
        "govector_auth.DevAutoAuthentication",
    ],
}
  • JWTCookieAuthentication reads JWT from HttpOnly cookies with CSRF enforcement
  • DevAutoAuthentication provides a fallback dev user when auth is not configured (when VECTOR_AUTH_PROXY_URL is not set)

URL Configuration

Add the auth views to your urls.py:

from govector_auth import AuthTokenView, TokenRefreshView, CurrentUserView, LogoutView

urlpatterns = [
    path("api/accounts/auth/token", AuthTokenView.as_view()),
    path("api/accounts/auth/refresh", TokenRefreshView.as_view()),
    path("api/accounts/me/", CurrentUserView.as_view()),
    path("api/accounts/logout/", LogoutView.as_view()),
]

Middleware (CHIPS / Partitioned cookies)

Vector apps run inside a 3p iframe on govector.ai. Chrome (especially incognito) drops 3p cookies unless they carry the Partitioned (CHIPS) attribute. The auth views in this package already stamp Partitioned on the auth cookies they set/delete, but Django's CsrfViewMiddleware sets csrftoken independently — so add PartitionedCsrfCookieMiddleware to wrap it:

MIDDLEWARE = [
    # ...
    # Must come BEFORE CsrfViewMiddleware. process_response runs bottom-up,
    # so being above it in the list means this runs AFTER it on the response
    # side and can stamp the csrftoken cookie it just set.
    "govector_auth.PartitionedCsrfCookieMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    # ...
]

Required Settings

# Cookie names
ACCESS_TOKEN_COOKIE = "access_token"
REFRESH_TOKEN_COOKIE = "refresh_token"

# Cookie config
ACCESS_TOKEN_COOKIE_MAX_AGE = 60 * 5  # 5 minutes
ACCESS_TOKEN_COOKIE_HTTPONLY = True
ACCESS_TOKEN_COOKIE_SECURE = True  # False for local dev
ACCESS_TOKEN_COOKIE_SAMESITE = "Lax"
ACCESS_TOKEN_COOKIE_PATH = "/"

REFRESH_TOKEN_COOKIE_MAX_AGE = 60 * 60 * 24 * 7  # 7 days
REFRESH_TOKEN_COOKIE_HTTPONLY = True
REFRESH_TOKEN_COOKIE_SECURE = True  # False for local dev
REFRESH_TOKEN_COOKIE_SAMESITE = "Lax"
REFRESH_TOKEN_COOKIE_PATH = "/"

Required Environment Variables

VECTOR_AUTH_PROXY_URL=https://auth.govector.ai  # Vector's hosted auth proxy
DEV_USER_EMAIL=dev@localhost                     # Fallback email when auth is disabled

User Model

Your User model should include these fields for full compatibility:

class User(AbstractBaseUser):
    email = models.EmailField(unique=True)
    first_name = models.CharField(max_length=150, blank=True)
    last_name = models.CharField(max_length=150, blank=True)
    picture = models.URLField(max_length=500, blank=True, default="")
    vector_uga_user_id = models.CharField(max_length=255, blank=True, default="")
    is_active = models.BooleanField(default=True)

    @property
    def full_name(self) -> str:
        return f"{self.first_name} {self.last_name}".strip() or self.email

Auth Flow

  1. Frontend POSTs JWT from auth proxy to AuthTokenView
  2. View fetches RS256 public key from VECTOR_AUTH_PROXY_URL/.well-known/jwks.json
  3. Verifies JWT signature, extracts user claims
  4. Creates or updates local User record
  5. Issues SimpleJWT access + refresh tokens as HttpOnly cookies
  6. Subsequent requests authenticated via JWTCookieAuthentication
  7. TokenRefreshView rotates tokens when access token expires

API

JWTCookieAuthentication

DRF authentication backend. Reads JWT from the ACCESS_TOKEN_COOKIE cookie, falls back to Authorization header. Enforces CSRF on unsafe methods when using cookies.

DevAutoAuthentication

DRF authentication backend. When VECTOR_AUTH_PROXY_URL is not set, auto-authenticates with a shared dev user. When auth is enabled, returns None (passes through to 401).

Views

View Method Path Description
AuthTokenView POST /api/accounts/auth/token Exchange auth proxy JWT for session
TokenRefreshView POST /api/accounts/auth/refresh Rotate refresh token
CurrentUserView GET /api/accounts/me/ Get current user
LogoutView POST /api/accounts/logout/ Clear auth cookies

Middleware

Middleware Description
PartitionedCsrfCookieMiddleware Stamps Partitioned (CHIPS) on Django's csrftoken cookie so Chrome accepts it in 3p iframe context.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

govector_auth-0.1.8.tar.gz (51.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

govector_auth-0.1.8-py3-none-any.whl (10.5 kB view details)

Uploaded Python 3

File details

Details for the file govector_auth-0.1.8.tar.gz.

File metadata

  • Download URL: govector_auth-0.1.8.tar.gz
  • Upload date:
  • Size: 51.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.15 {"installer":{"name":"uv","version":"0.11.15","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for govector_auth-0.1.8.tar.gz
Algorithm Hash digest
SHA256 a9b9ed1ab863d19751b231d8139706e97237e9bb779bd7af5cdc56d84537e1d0
MD5 f4a7cbd244b360aa3d149994a9d0a430
BLAKE2b-256 8775ada95fd7d5eff4607a9b7bba43d3b9a96843621b17bea1ea08a35645df5f

See more details on using hashes here.

File details

Details for the file govector_auth-0.1.8-py3-none-any.whl.

File metadata

  • Download URL: govector_auth-0.1.8-py3-none-any.whl
  • Upload date:
  • Size: 10.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.15 {"installer":{"name":"uv","version":"0.11.15","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for govector_auth-0.1.8-py3-none-any.whl
Algorithm Hash digest
SHA256 f148c43b8dff42da5ce340dc95b961c3356ef17b4b09fb9c76a7a4cf10cda35d
MD5 8e6efb6256959c797e398733079ec443
BLAKE2b-256 60d98b640064472a6ebf21f9151aba5be537122148a898a579b8217c7188dbb2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page