OIDC bearer authentication provider plugin for Spakky framework

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12
Report project as malware

Project description

spakky-oidc

spakky-oidc authenticates OIDC/OAuth bearer JWT credentials and maps validated claims into spakky.auth.AuthContext.

The provider contributes AuthCapability.AUTHENTICATION through the spakky.contributions.spakky.auth entry point. It intentionally contains no browser login, callback, session, refresh, or logout routes; inbound adapters pass an already-observed bearer credential to the provider-neutral IAuthenticationProvider port.

Capabilities

  • OIDC discovery from issuer/.well-known/openid-configuration or an explicit discovery URL.
  • JWKS key selection by kid and RS256 signature verification.
  • issuer, audience, azp, exp, nbf, iat, and clock skew validation.
  • sub, display name, tenant, role, scope, and selected safe claim mapping to AuthContext.
  • Raw bearer token exclusion from AuthContext.claims, metadata, and credential_carrier.

Installation

pip install spakky-oidc

Usage

from spakky.auth import (
    AuthInvocation,
    CredentialCarrier,
    CredentialCarrierKind,
    CredentialCarrierLocation,
)
from spakky.plugins.oidc import OidcAuthenticationProvider, OidcProviderConfig

provider = OidcAuthenticationProvider(
    config=OidcProviderConfig(
        issuer="https://issuer.example.test",
        audience="api://spakky",
        client_id="spakky-client",
    )
)

auth_context = provider.authenticate(
    CredentialCarrier(
        kind=CredentialCarrierKind.BEARER_TOKEN,
        location=CredentialCarrierLocation.AUTHORIZATION_HEADER,
        material="eyJ...",
        name="Authorization",
        scheme="Bearer",
    ),
    AuthInvocation(boundary="http", operation="GET /documents"),
)

OidcProviderConfig controls claim mapping via roles_claim, scopes_claim, tenant_claim, display_name_claim, and retained_claim_names. The default scope claim accepts the standard space-delimited scope string; role and custom scope claims may also use string arrays.

authenticate_result() is available for boundary adapters that prefer a provider-neutral AuthorizationDecision instead of exception handling.

License

MIT License

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

6.9.1

6.9.0

6.8.0

6.7.0

6.6.1

6.6.0

This version

6.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spakky_oidc-6.5.0.tar.gz (6.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

spakky_oidc-6.5.0-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file spakky_oidc-6.5.0.tar.gz.

File metadata

  • Download URL: spakky_oidc-6.5.0.tar.gz
  • Upload date:
  • Size: 6.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_oidc-6.5.0.tar.gz
Algorithm Hash digest
SHA256 d0e7c989fd20961e7fab980c3b4eb32e62464bc3dc9f12e43162ac5ddd4b1ccd
MD5 696e83e5bac2ffcc1d2fc1f4e0a36b80
BLAKE2b-256 bcbb2fbb752840f800519abe90191306bc19bfc141b9afa1368ee8ee3570d880

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_oidc-6.5.0.tar.gz:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file spakky_oidc-6.5.0-py3-none-any.whl.

File metadata

  • Download URL: spakky_oidc-6.5.0-py3-none-any.whl
  • Upload date:
  • Size: 8.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_oidc-6.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9a0ce9ef88bc0789084092008cd90bea1f50d20e6b12c351a7e8d5050f0d8854
MD5 75f2737fc4242c89a779399903589a80
BLAKE2b-256 96ff75097d422d25b89f753e32264ad381441cf1e73152c8a2aaf50115150af1

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_oidc-6.5.0-py3-none-any.whl:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page