Service Provider SDK for validating Agent Identity Framework (AIF) tokens
Project description
Heimdall SP Validator SDK
Python SDK for Service Providers to validate Agent Identity Framework (AIF) tokens issued by Heimdall-compliant Issuing Entities. Verify agent tokens with cryptographic signature validation, audience checking, and revocation status - ensuring only authorized AI agents can access your services.
Installation
pip install heimdall-sp-validator-sdk
Quick Start
from heimdall_sp_validator_sdk import AIFTokenValidator, AIFValidatorConfig
# Configure validator
config = AIFValidatorConfig(
aif_core_service_url="https://poc.iamheimdall.com",
expected_sp_audiences=["my-service-api"],
expected_issuer_id="aif://poc-heimdall.example.com"
)
validator = AIFTokenValidator(config)
# Validate token
try:
result = await validator.verify_atk(token_string)
print(f"✅ Valid token for user: {result.user_id_from_aid}")
print(f"Permissions: {result.permissions}")
except Exception as e:
print(f"❌ Invalid token: {e}")
Configuration
Environment Variables (Recommended)
Copy .env.example to .env and configure:
AIF_CORE_SERVICE_URL=https://poc.iamheimdall.com
AIF_EXPECTED_ISSUER_ID=aif://poc-heimdall.example.com
AIF_SP_EXPECTED_AUDIENCES=my-service-api,another-service
Use environment-based configuration:
config = AIFValidatorConfig.from_env()
validator = AIFTokenValidator(config)
Configuration Options
| Parameter | Default | Description |
|---|---|---|
aif_core_service_url |
Required | Base URL of AIF core service |
expected_sp_audiences |
Required | Your service audience ID(s) |
expected_issuer_id |
Required | Trusted issuer identifier |
jwks_cache_ttl_seconds |
86400 | JWKS cache duration (24 hours) |
revocation_check_enabled |
true | Enable revocation checking |
revocation_check_timeout_seconds |
5 | Revocation check timeout |
clock_skew_seconds |
60 | Allowed time skew for validation |
MIT License - see LICENSE file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file heimdall_sp_validator_sdk-0.1.0.tar.gz.
File metadata
- Download URL: heimdall_sp_validator_sdk-0.1.0.tar.gz
- Upload date:
- Size: 16.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
47887ca669e8e206832dc76840870ec38f645400f42047f5d12148b4de15de0a
|
|
| MD5 |
655328244e91b8cdb00e1321806dbbf3
|
|
| BLAKE2b-256 |
90893288fdc2722369dc405c6de8de459619e1d60548960d69029bc00d43c208
|
File details
Details for the file heimdall_sp_validator_sdk-0.1.0-py3-none-any.whl.
File metadata
- Download URL: heimdall_sp_validator_sdk-0.1.0-py3-none-any.whl
- Upload date:
- Size: 13.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6150f78485955537efda0e35fa5603ef80ac58b3229de64e061503130bd177c1
|
|
| MD5 |
c28b585576738b0e3219be549d020eaf
|
|
| BLAKE2b-256 |
5cb6f276bbe72748b1e07c49d9d346928ed393a8124abe139a760e1c5c4f2f06
|
