Python bindings for oidc-exchange - OIDC token exchange service
Project description
oidc-exchange
Python binding for oidc-exchange — a Rust service that validates ID tokens from third-party OIDC providers (Google, Apple, …) and exchanges them for self-issued access and refresh tokens.
The service is embedded in-process as a native extension (built with PyO3 + maturin). Handle requests synchronously or with async, or mount the built-in ASGI/WSGI apps in FastAPI, Starlette, Flask, or Django.
Install
pip install oidc-exchange
Ships as an abi3 wheel — one wheel per platform works on Python 3.10+: manylinux_2_28 x86_64/aarch64, win_amd64, and macosx_11_0_arm64. An sdist is published alongside for other platforms (needs a Rust toolchain to build).
Usage
ASGI (FastAPI / Starlette)
from fastapi import FastAPI
from oidc_exchange import OidcExchange
oidc = OidcExchange(config="./config.toml")
app = FastAPI()
app.mount("/auth", oidc.asgi_app())
WSGI (Flask / Django)
from oidc_exchange import OidcExchange
oidc = OidcExchange(config_string="""
[server]
issuer = "https://auth.example.com"
…
""")
application = oidc.wsgi_app()
Direct request handling
resp = oidc.handle_request_sync({
"method": "POST",
"path": "/token",
"headers": {"content-type": "application/json"},
"body": b'{"grant_type": "authorization_code", "code": "…", "provider": "google"}',
})
# resp -> {"status": 200, "headers": {...}, "body": b"…"}
# or await the async variant (runs the blocking call in the default executor):
resp = await oidc.handle_request(request)
API
class OidcExchange:
def __init__(self, *, config: str | None = None, config_string: str | None = None) -> None: ...
def handle_request_sync(self, request: dict) -> dict: ...
async def handle_request(self, request: dict) -> dict: ...
def asgi_app(self) -> Any: ... # mountable ASGI application
def wsgi_app(self) -> Any: ... # mountable WSGI application
def shutdown(self) -> None: ...
A request dict is {"method", "path", "headers": dict[str, str], "body": bytes}; the response is {"status", "headers": dict[str, str], "body": bytes}. The full service is exposed — /token, /revoke, /keys, /.well-known/openid-configuration, /health, and the internal admin API.
Framework examples
See the main repo's Python examples: FastAPI, Flask, Django.
Configuration
TOML config — providers, token TTLs, registration policy, key management, and storage. See the configuration guide.
Links
Published to PyPI via OIDC trusted publishing. MIT licensed.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file oidc_exchange-0.2.0.tar.gz.
File metadata
- Download URL: oidc_exchange-0.2.0.tar.gz
- Upload date:
- Size: 254.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d549e2b8590a09342081d4068b957fd93840938c591f26b3958b0cd5282663c3
|
|
| MD5 |
703f2c5530b49c83dd8f6e47a97d430a
|
|
| BLAKE2b-256 |
f09af891f251d74385f5c2e9f1c27696dbd7d723ea7c29ac0e29efbddbd5381b
|
Provenance
The following attestation bundles were made for oidc_exchange-0.2.0.tar.gz:
Publisher:
release.yml on antstanley/oidc-exchange
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
oidc_exchange-0.2.0.tar.gz -
Subject digest:
d549e2b8590a09342081d4068b957fd93840938c591f26b3958b0cd5282663c3 - Sigstore transparency entry: 2060705206
- Sigstore integration time:
-
Permalink:
antstanley/oidc-exchange@987c5a38551af293d3758be87556ae349607884e -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/antstanley
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@987c5a38551af293d3758be87556ae349607884e -
Trigger Event:
push
-
Statement type:
File details
Details for the file oidc_exchange-0.2.0-cp310-abi3-win_amd64.whl.
File metadata
- Download URL: oidc_exchange-0.2.0-cp310-abi3-win_amd64.whl
- Upload date:
- Size: 11.9 MB
- Tags: CPython 3.10+, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0cbaef7a8a8103b404302da9ad3ec3b636df67f289152dfaf9ac898cfb181ee7
|
|
| MD5 |
af801f01f0546a0cbaaf3c2ad82b48ba
|
|
| BLAKE2b-256 |
4d9f1c319558fe248ca596b3c7cb0387cc9bc2a620c27ca8ff4beeedadbdb0b3
|
Provenance
The following attestation bundles were made for oidc_exchange-0.2.0-cp310-abi3-win_amd64.whl:
Publisher:
release.yml on antstanley/oidc-exchange
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
oidc_exchange-0.2.0-cp310-abi3-win_amd64.whl -
Subject digest:
0cbaef7a8a8103b404302da9ad3ec3b636df67f289152dfaf9ac898cfb181ee7 - Sigstore transparency entry: 2060705550
- Sigstore integration time:
-
Permalink:
antstanley/oidc-exchange@987c5a38551af293d3758be87556ae349607884e -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/antstanley
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@987c5a38551af293d3758be87556ae349607884e -
Trigger Event:
push
-
Statement type:
File details
Details for the file oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_x86_64.whl.
File metadata
- Download URL: oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_x86_64.whl
- Upload date:
- Size: 14.8 MB
- Tags: CPython 3.10+, manylinux: glibc 2.28+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0ee76531b4381f8847a6379dfa60020af1519f03c1e20fbd041a94814a8efbfb
|
|
| MD5 |
e9bd0c1cc6752d9c1d91b7d62567c31c
|
|
| BLAKE2b-256 |
14dcd0617b5ceb4f7dc1f732f3ec08bccafcf1bf44c958493bf513db44e54c90
|
Provenance
The following attestation bundles were made for oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_x86_64.whl:
Publisher:
release.yml on antstanley/oidc-exchange
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_x86_64.whl -
Subject digest:
0ee76531b4381f8847a6379dfa60020af1519f03c1e20fbd041a94814a8efbfb - Sigstore transparency entry: 2060706669
- Sigstore integration time:
-
Permalink:
antstanley/oidc-exchange@987c5a38551af293d3758be87556ae349607884e -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/antstanley
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@987c5a38551af293d3758be87556ae349607884e -
Trigger Event:
push
-
Statement type:
File details
Details for the file oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_aarch64.whl.
File metadata
- Download URL: oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_aarch64.whl
- Upload date:
- Size: 14.3 MB
- Tags: CPython 3.10+, manylinux: glibc 2.28+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bf5cdbd7e4f7ded64c21e1042bb07a8080c1cd77306909c01120a9bad74a1d6c
|
|
| MD5 |
f791f4767aafda6f5393cfbb8985c25e
|
|
| BLAKE2b-256 |
a618e8cbd09b452dc8506550af7ee6ac82d0fe9e2ea777be1073b32d9d101dc6
|
Provenance
The following attestation bundles were made for oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_aarch64.whl:
Publisher:
release.yml on antstanley/oidc-exchange
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
oidc_exchange-0.2.0-cp310-abi3-manylinux_2_28_aarch64.whl -
Subject digest:
bf5cdbd7e4f7ded64c21e1042bb07a8080c1cd77306909c01120a9bad74a1d6c - Sigstore transparency entry: 2060705899
- Sigstore integration time:
-
Permalink:
antstanley/oidc-exchange@987c5a38551af293d3758be87556ae349607884e -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/antstanley
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@987c5a38551af293d3758be87556ae349607884e -
Trigger Event:
push
-
Statement type:
File details
Details for the file oidc_exchange-0.2.0-cp310-abi3-macosx_11_0_arm64.whl.
File metadata
- Download URL: oidc_exchange-0.2.0-cp310-abi3-macosx_11_0_arm64.whl
- Upload date:
- Size: 13.0 MB
- Tags: CPython 3.10+, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5e0a09ddd94255ffc60770170110527dbc30d1e9cfd3435dc01cc7a8de2a89b0
|
|
| MD5 |
8a7f6b1216211af6271a437d1fc8ee46
|
|
| BLAKE2b-256 |
1ce87ca0e18cb4a9d3df8c6ffed5e8894f19718bac7a80f11b07258971d79b00
|
Provenance
The following attestation bundles were made for oidc_exchange-0.2.0-cp310-abi3-macosx_11_0_arm64.whl:
Publisher:
release.yml on antstanley/oidc-exchange
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
oidc_exchange-0.2.0-cp310-abi3-macosx_11_0_arm64.whl -
Subject digest:
5e0a09ddd94255ffc60770170110527dbc30d1e9cfd3435dc01cc7a8de2a89b0 - Sigstore transparency entry: 2060706263
- Sigstore integration time:
-
Permalink:
antstanley/oidc-exchange@987c5a38551af293d3758be87556ae349607884e -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/antstanley
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@987c5a38551af293d3758be87556ae349607884e -
Trigger Event:
push
-
Statement type: