Official Python SDK for PassmanAI OIDC Authentication
Project description
PassmanAI Python SDK
Official Python SDK for integrating "Sign in with Passman" into any Python web framework (FastAPI, Django, Flask, etc.).
PassmanAI is a decentralized, post-quantum password manager with zero-knowledge architecture. This SDK provides a robust, PKCE-secured OpenID Connect (OIDC) client that makes it trivial to authenticate users via Passman.
Quick Start
1. Install
pip install passmanai
2. Configure Environment Variables
Set your Passman API credentials in your environment:
PASSMAN_CLIENT_ID=your_client_id
PASSMAN_CLIENT_SECRET=your_client_secret
PASSMAN_REDIRECT_URI=http://localhost:8000/auth/callback
PASSMAN_ISSUER_URL=http://localhost:4010
Get your client credentials by registering an OIDC client in your PassmanAI dashboard.
3. Basic Usage (Framework Agnostic)
The SDK provides a PassmanClient that handles OIDC discovery, PKCE generation, and token exchange.
from passmanai import PassmanClient
# Initialize the client (automatically loads from env vars)
passman = PassmanClient()
# 1. Generate the authorization URL and PKCE state
auth_url, state, code_verifier = passman.get_authorization_url()
# Save `state` and `code_verifier` in your session, then redirect the user to `auth_url`.
# ... user logs in on Passman and gets redirected to your callback ...
# 2. Exchange the authorization code for a token and user profile
# In your callback route, reconstruct the full URL requested:
callback_url = "http://localhost:8000/auth/callback?code=...&state=..."
profile, tokens = passman.fetch_user_profile(
authorization_response_url=callback_url,
state=saved_state_from_session,
code_verifier=saved_code_verifier_from_session
)
print(f"Logged in as: {profile['preferred_username']} (ID: {profile['sub']})")
Advanced Configuration
You can explicitly pass credentials if you prefer not to use environment variables:
passman = PassmanClient(
client_id="your_client_id",
client_secret="your_client_secret",
redirect_uri="https://myapp.com/auth/callback",
issuer_url="https://passmanai.com" # Defaults to https://passmanai.com if not set
)
Security
- PKCE enforced — Prevents authorization code interception attacks.
- State parameter — Protects against CSRF attacks.
- Built on top of Authlib, the industry standard for Python OAuth/OIDC.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file passmanai-0.1.0.tar.gz.
File metadata
- Download URL: passmanai-0.1.0.tar.gz
- Upload date:
- Size: 4.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ee705201ab6a7aab5bc8fa52fa87ccf4c7e4114ece30bdf380e2e59b06b87bd1
|
|
| MD5 |
26b7a153febf6bad6ebf66fbdce1cf18
|
|
| BLAKE2b-256 |
a74f19d37d5ab3c14c52bd3f451dd62da3eb0e20a77b7f86b2c8dd2516730ea8
|
File details
Details for the file passmanai-0.1.0-py3-none-any.whl.
File metadata
- Download URL: passmanai-0.1.0-py3-none-any.whl
- Upload date:
- Size: 5.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
56dc3683d2c22752e1d787b29d41f53546848e3a3d149824e6333cfc76e8f5df
|
|
| MD5 |
5b43565d31444fdf8d5f320b95e9d4e6
|
|
| BLAKE2b-256 |
f144ae4ddefe8f0a50973729f3a7f6bc808f73057b1e55b9cc37facce7986b82
|
