Skip to main content

OAuth 2.0 Token Introspection service for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_tokens_introspection Discord

swarmauri_tokens_introspection

An OAuth 2.0 token introspection service plugin implementing RFC 7662 for verifying opaque access tokens.

Features

  • Asynchronous token verification against a remote introspection endpoint using httpx
  • Supports client_secret_basic, client_secret_post, and bearer authentication schemes
  • Caches positive and negative introspection results with configurable TTLs and expiry-aware caching
  • Validates standard claims (exp, nbf, iat) with optional issuer and audience enforcement
  • Optional JWKS passthrough for issuers that also publish signing keys via jwks_url
  • Strictly verification-only: mint() raises NotImplementedError because opaque tokens are produced by the authorization server

Installation

Choose the toolchain that matches your project:

pip install swarmauri_tokens_introspection
poetry add swarmauri_tokens_introspection
uv add swarmauri_tokens_introspection

The package exposes an async API, so ensure your environment includes an event loop (e.g., asyncio) when calling it.

Usage

The example below demonstrates how to exercise the service with a mocked introspection endpoint. The same API works against a live OAuth 2.0 Authorization Server?simply omit the mock transport and let httpx reach your configured endpoint.

"""Execute the README example with `python README_example.py`."""

import asyncio

import httpx

from swarmauri_tokens_introspection import IntrospectionTokenService


async def main() -> None:
    async def handler(request: httpx.Request) -> httpx.Response:
        assert request.method == "POST"
        assert request.url == httpx.URL("https://auth.example.com/introspect")
        assert request.headers["Authorization"].startswith("Basic ")
        form = dict(httpx.QueryParams(request.content.decode()))
        assert form["token"] == "opaque-token"
        return httpx.Response(
            200,
            json={
                "active": True,
                "sub": "user-123",
                "scope": "profile email",
                "exp": 2_147_483_647,
            },
        )

    transport = httpx.MockTransport(handler)

    service = IntrospectionTokenService(
        "https://auth.example.com/introspect",
        client_id="id",
        client_secret="secret",
        cache_ttl_s=300,
    )

    # Inject the mock transport; in production you would not override the client.
    service._client = httpx.AsyncClient(transport=transport)

    claims = await service.verify("opaque-token")
    print(claims["sub"])  # user-123

    await service.aclose()


if __name__ == "__main__":
    asyncio.run(main())

Caching and validation highlights

  • Positive responses respect both cache_ttl_s and the exp claim (including the configured leeway).
  • Negative introspection results are cached for negative_ttl_s seconds to shield your AS from repeated invalid requests.
  • Local validation enforces exp, nbf, and iat drift using leeway_s, and supports issuer/audience pinning.
  • Configuring jwks_url enables jwks() passthrough for deployments that expose signing keys alongside introspection.

License

Apache-2.0 ? Swarmauri

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_tokens_introspection-0.11.0.dev1.tar.gz (10.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_tokens_introspection-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_tokens_introspection-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 10.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_tokens_introspection-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 20b70ee8452f14c3114f429d784c6e96a2891fc9cf45c6ea842ba1826d0164f9
MD5 9eaeff51daedad3bb3590e814b3a2eef
BLAKE2b-256 5189b397698074ed700e6367bb28c1443193e3441c3d93a079fd653eda36bb9e

See more details on using hashes here.

File details

Details for the file swarmauri_tokens_introspection-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_tokens_introspection-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 11.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_tokens_introspection-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 8063332f60ad71162baea2dd87760869d420eec6cc0f58b7bf70f8a0f3b3a3d8
MD5 cc78d4fd3211f504b93cc2f55c3c9406
BLAKE2b-256 080bc2d23a2521b990f8f450ed66367bfa2eb7c33ec483e2dc6d2e3d8dddf846

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page