Skip to main content

Python bindings for oidc-exchange - OIDC token exchange service

Project description

oidc-exchange

PyPI Python License: MIT

Python binding for oidc-exchange — a Rust service that validates ID tokens from third-party OIDC providers (Google, Apple, …) and exchanges them for self-issued access and refresh tokens.

The service is embedded in-process as a native extension (built with PyO3 + maturin). Handle requests synchronously or with async, or mount the built-in ASGI/WSGI apps in FastAPI, Starlette, Flask, or Django.

Install

pip install oidc-exchange

Ships as an abi3 wheel — one wheel per platform works on Python 3.10+: manylinux_2_28 x86_64/aarch64, win_amd64, and macosx_11_0_arm64. An sdist is published alongside for other platforms (needs a Rust toolchain to build).

Usage

ASGI (FastAPI / Starlette)

from fastapi import FastAPI
from oidc_exchange import OidcExchange

oidc = OidcExchange(config="./config.toml")
app = FastAPI()
app.mount("/auth", oidc.asgi_app())

WSGI (Flask / Django)

from oidc_exchange import OidcExchange

oidc = OidcExchange(config_string="""
[server]
issuer = "https://auth.example.com"

""")
application = oidc.wsgi_app()

Direct request handling

resp = oidc.handle_request_sync({
    "method": "POST",
    "path": "/token",
    "headers": {"content-type": "application/json"},
    "body": b'{"grant_type": "authorization_code", "code": "…", "provider": "google"}',
})
# resp -> {"status": 200, "headers": {...}, "body": b"…"}

# or await the async variant (runs the blocking call in the default executor):
resp = await oidc.handle_request(request)

API

class OidcExchange:
    def __init__(self, *, config: str | None = None, config_string: str | None = None) -> None: ...
    def handle_request_sync(self, request: dict) -> dict: ...
    async def handle_request(self, request: dict) -> dict: ...
    def asgi_app(self) -> Any: ...   # mountable ASGI application
    def wsgi_app(self) -> Any: ...   # mountable WSGI application
    def shutdown(self) -> None: ...

A request dict is {"method", "path", "headers": dict[str, str], "body": bytes}; the response is {"status", "headers": dict[str, str], "body": bytes}. The full service is exposed — /token, /revoke, /keys, /.well-known/openid-configuration, /health, and the internal admin API.

Framework examples

See the main repo's Python examples: FastAPI, Flask, Django.

Configuration

TOML config — providers, token TTLs, registration policy, key management, and storage. See the configuration guide.

Links

Published to PyPI via OIDC trusted publishing. MIT licensed.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

oidc_exchange-0.1.1.tar.gz (139.7 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

oidc_exchange-0.1.1-cp310-abi3-win_amd64.whl (11.4 MB view details)

Uploaded CPython 3.10+Windows x86-64

oidc_exchange-0.1.1-cp310-abi3-manylinux_2_28_x86_64.whl (14.2 MB view details)

Uploaded CPython 3.10+manylinux: glibc 2.28+ x86-64

oidc_exchange-0.1.1-cp310-abi3-manylinux_2_28_aarch64.whl (13.8 MB view details)

Uploaded CPython 3.10+manylinux: glibc 2.28+ ARM64

oidc_exchange-0.1.1-cp310-abi3-macosx_11_0_arm64.whl (12.6 MB view details)

Uploaded CPython 3.10+macOS 11.0+ ARM64

File details

Details for the file oidc_exchange-0.1.1.tar.gz.

File metadata

  • Download URL: oidc_exchange-0.1.1.tar.gz
  • Upload date:
  • Size: 139.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for oidc_exchange-0.1.1.tar.gz
Algorithm Hash digest
SHA256 f382cfa7d42ba6071484dc93d50b098540769d1a7df70b9729c671ca9f8efd20
MD5 9895dd60834e376a691fefccfa5baedb
BLAKE2b-256 a1d3ae1b4000a8ee84a02a0627dc2f84566d9540deab715a3bfce7ee3664d88c

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.1.1.tar.gz:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file oidc_exchange-0.1.1-cp310-abi3-win_amd64.whl.

File metadata

File hashes

Hashes for oidc_exchange-0.1.1-cp310-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 1d13f57a19fa7afb437d47aef9eea5076bf4ebc74cea9961517e3b1c83f08af3
MD5 57daa77f8a4f9f0df28b5bbc1d0ca88c
BLAKE2b-256 9261e059f375ad737d38b4222011283b5e516bf16d9c2defe9e73f75b4abef65

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.1.1-cp310-abi3-win_amd64.whl:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file oidc_exchange-0.1.1-cp310-abi3-manylinux_2_28_x86_64.whl.

File metadata

File hashes

Hashes for oidc_exchange-0.1.1-cp310-abi3-manylinux_2_28_x86_64.whl
Algorithm Hash digest
SHA256 4b0c607fd07f374cb3be51d0936b52f818cbb0a9d777f9ec3e8a26d32f9c293e
MD5 2db00849383ad9370c63d1e61df3c56f
BLAKE2b-256 c017c93d690971a09f6e8b2c291811e67ed3c7d3942846f1ae6c22096bb0636e

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.1.1-cp310-abi3-manylinux_2_28_x86_64.whl:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file oidc_exchange-0.1.1-cp310-abi3-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for oidc_exchange-0.1.1-cp310-abi3-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 cac187bb5ac5542a461249496c21883bc0e7b0bccd57e9c596e2fda897804ea1
MD5 89bf5e06cf2a749355d255a777df1c9f
BLAKE2b-256 ec7a1c776898cded1f08cc5facddd96c3ebb24c7939a852f5b53a5a249818318

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.1.1-cp310-abi3-manylinux_2_28_aarch64.whl:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file oidc_exchange-0.1.1-cp310-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for oidc_exchange-0.1.1-cp310-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 143eb83efa42c4825a9adc407b913f51d84b0788ac69ef080496347c30886d53
MD5 7a9a822d5a450289507131501fef2bec
BLAKE2b-256 2001b1cef8ede2ac6283b3bebaabb1dd2673beeb0cdb6c0bcfdfeb737ecc63bb

See more details on using hashes here.

Provenance

The following attestation bundles were made for oidc_exchange-0.1.1-cp310-abi3-macosx_11_0_arm64.whl:

Publisher: release.yml on antstanley/oidc-exchange

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page