OIDC bearer authentication provider plugin for Spakky framework

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12
Report project as malware

Project description

spakky-oidc

spakky-oidc는 OIDC/OAuth bearer JWT credential을 검증하는 인증 provider 플러그인입니다. 검증된 claim을 spakky.auth.AuthContext로 매핑하고 bearer authentication capability를 제공합니다.

이 플러그인은 spakky.contributions.spakky.auth entry point로 AuthCapability.AUTHENTICATION을 제공합니다. Browser login, callback, session, refresh, logout route는 포함하지 않습니다. FastAPI, gRPC, Typer 같은 inbound adapter가 경계에서 bearer credential을 읽고 provider-neutral IAuthenticationProvider port로 전달합니다.

제공 기능

  • issuer/.well-known/openid-configuration 또는 명시적 discovery URL 기반 OIDC discovery
  • kid 기반 JWKS key 선택과 RS256 signature 검증
  • issuer, audience, azp, exp, nbf, iat, clock skew 검증
  • sub, 표시 이름, tenant, role, scope, 선택된 safe claim의 AuthContext 매핑
  • raw bearer token을 AuthContext.claims, metadata, credential_carrier에 남기지 않음

설치

pip install spakky-auth spakky-oidc spakky-fastapi

사용법

from fastapi import FastAPI
from spakky.auth import protected, require_scope
from spakky.core.application.application import SpakkyApplication
from spakky.core.application.application_context import ApplicationContext
from spakky.core.pod.annotations.pod import Pod
from spakky.plugins.fastapi.routes import get
from spakky.plugins.fastapi.stereotypes.api_controller import ApiController
import spakky.auth
import spakky.plugins.fastapi
import spakky.plugins.oidc


@ApiController("/documents")
class DocumentController:
    @get("/{document_id}")
    @require_scope("documents:read")
    @protected
    def read(self, document_id: str) -> dict[str, str]:
        return {"id": document_id}


@Pod()
def get_api() -> FastAPI:
    return FastAPI()


app = (
    SpakkyApplication(ApplicationContext())
    .load_plugins(
        include={
            spakky.auth.PLUGIN_NAME,
            spakky.plugins.fastapi.PLUGIN_NAME,
            spakky.plugins.oidc.PLUGIN_NAME,
        }
    )
    .add(get_api)
    .add(DocumentController)
    .start()
)
api = app.container.get(FastAPI)

OidcProviderConfig는 Spakky @Configuration Pod입니다. SPAKKY_OIDC_ISSUER, SPAKKY_OIDC_AUDIENCE, SPAKKY_OIDC_CLIENT_IDSPAKKY_OIDC_ROLES_CLAIM, SPAKKY_OIDC_SCOPES_CLAIM, SPAKKY_OIDC_TENANT_CLAIM, SPAKKY_OIDC_DISPLAY_NAME_CLAIM 같은 claim 매핑 환경변수로 설정합니다. 기본 scope claim은 표준 공백 구분 scope 문자열을 허용하며, role과 custom scope claim은 문자열 배열도 허용합니다.

Inbound adapter는 boundary에서 bearer credential을 관찰하고 provider-neutral auth port를 호출해 AuthContext를 저장합니다. 애플리케이션 코드는 provider를 직접 호출하지 않고 spakky-auth decorator로 요구사항을 선언합니다.

라이선스

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

6.9.1

6.9.0

6.8.0

This version

6.7.0

6.6.1

6.6.0

6.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spakky_oidc-6.7.0.tar.gz (7.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

spakky_oidc-6.7.0-py3-none-any.whl (9.5 kB view details)

Uploaded Python 3

File details

Details for the file spakky_oidc-6.7.0.tar.gz.

File metadata

  • Download URL: spakky_oidc-6.7.0.tar.gz
  • Upload date:
  • Size: 7.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_oidc-6.7.0.tar.gz
Algorithm Hash digest
SHA256 23d395ee7d29477fd0e5a07d57ca8b27a3e50e65a84fe644a9181849836ddadb
MD5 19cd63bd98a28b66df702a87a75d1e4e
BLAKE2b-256 8b4df03db417b5ab1e222fe0870da65fa48e038ed02a7ecc6fe4562e2fdb559e

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_oidc-6.7.0.tar.gz:

Publisher: release.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file spakky_oidc-6.7.0-py3-none-any.whl.

File metadata

  • Download URL: spakky_oidc-6.7.0-py3-none-any.whl
  • Upload date:
  • Size: 9.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_oidc-6.7.0-py3-none-any.whl
Algorithm Hash digest
SHA256 88b82e948679455a3a5dbac14e63905116b51a1578b28e157cf5e56fce0f46f8
MD5 17a5b97ca91bc11a6fa4e488aff586e0
BLAKE2b-256 65624b09356dbc0be135a6fd17c65fd324b21067dbd28193acbadef2e26dbbc6

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_oidc-6.7.0-py3-none-any.whl:

Publisher: release.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page