OIDC bearer authentication provider plugin for Spakky framework

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12
Report project as malware

Project description

spakky-oidc

spakky-oidc authenticates OIDC/OAuth bearer JWT credentials and maps validated claims into spakky.auth.AuthContext.

The provider contributes AuthCapability.AUTHENTICATION through the spakky.contributions.spakky.auth entry point. It intentionally contains no browser login, callback, session, refresh, or logout routes; inbound adapters pass an already-observed bearer credential to the provider-neutral IAuthenticationProvider port.

Capabilities

  • OIDC discovery from issuer/.well-known/openid-configuration or an explicit discovery URL.
  • JWKS key selection by kid and RS256 signature verification.
  • issuer, audience, azp, exp, nbf, iat, and clock skew validation.
  • sub, display name, tenant, role, scope, and selected safe claim mapping to AuthContext.
  • Raw bearer token exclusion from AuthContext.claims, metadata, and credential_carrier.

Installation

pip install spakky-oidc

Usage

from spakky.auth import (
    AuthInvocation,
    CredentialCarrier,
    CredentialCarrierKind,
    CredentialCarrierLocation,
)
from spakky.plugins.oidc import OidcAuthenticationProvider, OidcProviderConfig

provider = OidcAuthenticationProvider(
    config=OidcProviderConfig(
        issuer="https://issuer.example.test",
        audience="api://spakky",
        client_id="spakky-client",
    )
)

auth_context = provider.authenticate(
    CredentialCarrier(
        kind=CredentialCarrierKind.BEARER_TOKEN,
        location=CredentialCarrierLocation.AUTHORIZATION_HEADER,
        material="eyJ...",
        name="Authorization",
        scheme="Bearer",
    ),
    AuthInvocation(boundary="http", operation="GET /documents"),
)

OidcProviderConfig controls claim mapping via roles_claim, scopes_claim, tenant_claim, display_name_claim, and retained_claim_names. The default scope claim accepts the standard space-delimited scope string; role and custom scope claims may also use string arrays.

authenticate_result() is available for boundary adapters that prefer a provider-neutral AuthorizationDecision instead of exception handling.

License

MIT License

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

6.9.1

6.9.0

6.8.0

6.7.0

6.6.1

This version

6.6.0

6.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spakky_oidc-6.6.0.tar.gz (6.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

spakky_oidc-6.6.0-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file spakky_oidc-6.6.0.tar.gz.

File metadata

  • Download URL: spakky_oidc-6.6.0.tar.gz
  • Upload date:
  • Size: 6.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_oidc-6.6.0.tar.gz
Algorithm Hash digest
SHA256 c98417a27bfcf3b3ea646e8112b62fcaa08ce53431f4753b758d82b125b0ca73
MD5 00ef423854c54d77df1fe80f244fdc3f
BLAKE2b-256 426229d2826c493dd43579f54ace2e0a7008008d90fb88fff3f48c764e21f8a0

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_oidc-6.6.0.tar.gz:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file spakky_oidc-6.6.0-py3-none-any.whl.

File metadata

  • Download URL: spakky_oidc-6.6.0-py3-none-any.whl
  • Upload date:
  • Size: 8.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_oidc-6.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6564d1562aa1c8f84d994d5ba3dbc48f3cceee82bd80b9c6e034245581f4c8fa
MD5 9d8ffba75addda33ebd8e9922632715d
BLAKE2b-256 9f181be4ff3663a8a31ab9bea65d28feaf39f44b7d3a9fb38bbfce22571313f3

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_oidc-6.6.0-py3-none-any.whl:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page