The official Python SDK for sgID
Project description
sgid-client-python
The official Python client for sgID.
Installation
pip install sgid-client
Usage
For more detailed instructions on how to register your client and integrate with sgID, please refer to our developer documentation.
Initialization
from sgid_client import SgidClient
sgid_client = SgidClient(
client_id='<Insert your client ID>',
client_secret='<Insert your client secret>',
private_key='<Insert your private key as a string>',
redirect_uri='<Insert your redirect URI>',
)
Generate code challenge and verifier
This is a required step for OIDC (more info).
- The
code_challenge
should be provided inauthorization_url
. - The
code_verifier
should be stored in the user's session so it can be retrieved later for use incallback
. - A unique pair should be generated for each authorization request.
generate_pkce_pair(length=43)
- Args:
length
(int
, optional): The length of the code verifier. Defaults to 43.
- Returns:
NamedTuple
code_verifier
:str
Randomly generated stringcode_challenge
:str
S256 hash of code verifier
Example usage:
pkce_pair = generate_pkce_pair()
code_verifier = pkce_pair['code_verifier']
code_challenge = pkce_pair['code_challenge']
Get authorization URL
authorization_url(
state: str,
code_challenge: str,
redirect_uri: str | None = None,
scope: str | list[str] = "openid myinfo.name",
nonce: str | None = secrets.token_urlsafe(32),
)
- Args:
state
(str
): A string which will be passed back to your application once the end-user logs in. You can also use this to track per-request state.code_challenge
(str
): The code challenge generated from generate_pkce_pair()redirect_uri
(str | None
, optional): The redirect URI used in the authorization request. If this param is provided, it will be used instead of the redirect URI provided in the SgidClient constructor. If not provided in the constructor, the redirect URI must be provided here.. Defaults to None.scope
(str | list[str]
, optional): 'openid' must be provided as a scope. Defaults to"openid myinfo.name"
.nonce
(str | None
, optional): Unique nonce for this request. If this param is not provided, a nonce is generated and returned. To prevent this behaviour, specify None for this param. Defaults tosecrets.token_urlsafe(32)
.
- Returns:
NamedTuple
url
:str
Generated authorization url.nonce
:str | None
Provided nonce, randomly generated nonce, orNone
(based on nonce input). Should be stored in the user's session so it can be retrieved later for use incallback
.
Example usage:
auth_url_and_nonce = sgid_client.authorization_url(
state="state", code_challenge=pkce_pair["code_challenge"]
)
Token exchange
callback(
code: str,
code_verifier: str,
nonce: str | None = None,
redirect_uri: str | None = None,
)
- Args:
code
(str
): The authorization code received from the authorization servercode_verifier
(str
): The code verifier corresponding to the code challenge that was passed toauthorization_url
for this requestnonce
(str | None
, optional): Nonce passed toauthorization_url
for this request. Specify None if no nonce was passed toauthorization_url
. Defaults to None.redirect_uri
(str | None
, optional): The redirect URI used in the authorization request. If not specified, defaults to the one passed to the SgidClient constructor.
- Returns:
NamedTuple
sub
:str
Represents a unique identifer for the end-user.access_token
:str
Access token used to request user info.
Example usage:
sub_and_access_token = sgid_client.callback(
code=auth_code, code_verifier=session["code_verifier"], nonce=session["nonce"]
)
session["access_token"] = sub_and_access_token["access_token"]
session["sub"] = sub_and_access_token["sub"]
User info
userinfo(sub: str, access_token: str)
- Args:
sub
(str
): The sub returned from the callback functionaccess_token
(str
): The access token returned from the callback function
- Returns:
NamedTuple
sub
:str
Represents a unique identifer for the end-user.data
:dict
A dictionary containing end-user info where the keys are the scopes requested inauthorization_url
.
Example usage:
userinfo = sgid_client.userinfo(
sub=session["sub"], access_token=session["access_token"]
)
Supported Runtime and Environment
Python >=3.11
For contributors
Running tests
To run the tests locally,
- Install Poetry.
- Run the following:
poetry run pytest
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sgid_client-0.1.0.tar.gz
(9.7 kB
view hashes)
Built Distribution
Close
Hashes for sgid_client-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 77e3333d166bd39453ecda66f41d496d622147721f33d278baffda6e31b51411 |
|
MD5 | edd9b587423d50bed2a6ede3014f92a0 |
|
BLAKE2b-256 | 88d52c0636bfef1c7c515d5014dd1977136cf3b90941cf0a697c7888e8c91eaf |