Skip to main content

Python bindings for oidc-exchange - OIDC token exchange service

Project description

oidc-exchange

PyPI Python License: MIT

Python binding for oidc-exchange — a Rust service that validates ID tokens from third-party OIDC providers (Google, Apple, …) and exchanges them for self-issued access and refresh tokens.

The service is embedded in-process as a native extension (built with PyO3 + maturin). Handle requests synchronously or with async, or mount the built-in ASGI/WSGI apps in FastAPI, Starlette, Flask, or Django.

Install

pip install oidc-exchange

Ships as an abi3 wheel — one wheel per platform works on Python 3.10+: manylinux_2_28 x86_64/aarch64, win_amd64, and macosx_11_0_arm64. An sdist is published alongside for other platforms (needs a Rust toolchain to build).

Usage

ASGI (FastAPI / Starlette)

from fastapi import FastAPI
from oidc_exchange import OidcExchange

oidc = OidcExchange(config="./config.toml")
app = FastAPI()
app.mount("/auth", oidc.asgi_app())

WSGI (Flask / Django)

from oidc_exchange import OidcExchange

oidc = OidcExchange(config_string="""
[server]
issuer = "https://auth.example.com"

""")
application = oidc.wsgi_app()

Direct request handling

resp = oidc.handle_request_sync({
    "method": "POST",
    "path": "/token",
    "headers": {"content-type": "application/json"},
    "body": b'{"grant_type": "authorization_code", "code": "…", "provider": "google"}',
})
# resp -> {"status": 200, "headers": {...}, "body": b"…"}

# or await the async variant (runs the blocking call in the default executor):
resp = await oidc.handle_request(request)

API

class OidcExchange:
    def __init__(self, *, config: str | None = None, config_string: str | None = None) -> None: ...
    def handle_request_sync(self, request: dict) -> dict: ...
    async def handle_request(self, request: dict) -> dict: ...
    def asgi_app(self) -> Any: ...   # mountable ASGI application
    def wsgi_app(self) -> Any: ...   # mountable WSGI application
    def shutdown(self) -> None: ...

A request dict is {"method", "path", "headers": dict[str, str], "body": bytes}; the response is {"status", "headers": dict[str, str], "body": bytes}. The full service is exposed — /token, /revoke, /keys, /.well-known/openid-configuration, /health, and the internal admin API.

Framework examples

See the main repo's Python examples: FastAPI, Flask, Django.

Configuration

TOML config — providers, token TTLs, registration policy, key management, and storage. See the configuration guide.

Links

Published to PyPI via OIDC trusted publishing. MIT licensed.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

oidc_exchange-0.2.0.tar.gz (254.8 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

oidc_exchange-0.2.0-cp310-abi3-win_amd64.whl (11.9 MB view details)

Uploaded CPython 3.10+Windows x86-64

oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_x86_64.whl (14.8 MB view details)

Uploaded CPython 3.10+manylinux: glibc 2.28+ x86-64

oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_aarch64.whl (14.3 MB view details)

Uploaded CPython 3.10+manylinux: glibc 2.28+ ARM64

oidc_exchange-0.2.0-cp310-abi3-macosx_11_0_arm64.whl (13.0 MB view details)

Uploaded CPython 3.10+macOS 11.0+ ARM64

File details

Details for the file oidc_exchange-0.2.0.tar.gz.

File metadata

  • Download URL: oidc_exchange-0.2.0.tar.gz
  • Upload date:
  • Size: 254.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for oidc_exchange-0.2.0.tar.gz
Algorithm Hash digest
SHA256 d549e2b8590a09342081d4068b957fd93840938c591f26b3958b0cd5282663c3
MD5 703f2c5530b49c83dd8f6e47a97d430a
BLAKE2b-256 f09af891f251d74385f5c2e9f1c27696dbd7d723ea7c29ac0e29efbddbd5381b

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.2.0.tar.gz:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file oidc_exchange-0.2.0-cp310-abi3-win_amd64.whl.

File metadata

File hashes

Hashes for oidc_exchange-0.2.0-cp310-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 0cbaef7a8a8103b404302da9ad3ec3b636df67f289152dfaf9ac898cfb181ee7
MD5 af801f01f0546a0cbaaf3c2ad82b48ba
BLAKE2b-256 4d9f1c319558fe248ca596b3c7cb0387cc9bc2a620c27ca8ff4beeedadbdb0b3

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.2.0-cp310-abi3-win_amd64.whl:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_x86_64.whl.

File metadata

File hashes

Hashes for oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_x86_64.whl
Algorithm Hash digest
SHA256 0ee76531b4381f8847a6379dfa60020af1519f03c1e20fbd041a94814a8efbfb
MD5 e9bd0c1cc6752d9c1d91b7d62567c31c
BLAKE2b-256 14dcd0617b5ceb4f7dc1f732f3ec08bccafcf1bf44c958493bf513db44e54c90

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_x86_64.whl:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 bf5cdbd7e4f7ded64c21e1042bb07a8080c1cd77306909c01120a9bad74a1d6c
MD5 f791f4767aafda6f5393cfbb8985c25e
BLAKE2b-256 a618e8cbd09b452dc8506550af7ee6ac82d0fe9e2ea777be1073b32d9d101dc6

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_aarch64.whl:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file oidc_exchange-0.2.0-cp310-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for oidc_exchange-0.2.0-cp310-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 5e0a09ddd94255ffc60770170110527dbc30d1e9cfd3435dc01cc7a8de2a89b0
MD5 8a7f6b1216211af6271a437d1fc8ee46
BLAKE2b-256 1ce87ca0e18cb4a9d3df8c6ffed5e8894f19718bac7a80f11b07258971d79b00

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.2.0-cp310-abi3-macosx_11_0_arm64.whl:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page