Skip to main content

AWS Cognito OAuth 2.0 / OAuth 2.1 / OIDC 1.0 identity provider implementations for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_auth_idp_cognito Discord

Swarmauri Auth IDP Cognito

AWS Cognito OAuth 2.0, OAuth 2.1, and OIDC 1.0 login and app-client flows packaged for the Swarmauri ecosystem.

Features

  • PKCE-enabled authorization code logins with signed state payloads to prevent tampering.
  • Automatic discovery of Cognito endpoints with resilient HTTP retry semantics.
  • ID token verification against Cognito JWKS with graceful fallback to the UserInfo endpoint.
  • Machine-to-machine app clients supporting shared secrets or JWT-based client assertions.
  • ComponentBase-registered classes for seamless Swarmauri plugin discovery and configuration.

Installation

pip

pip install swarmauri_auth_idp_cognito

uv (project)

uv add swarmauri_auth_idp_cognito

uv (environment)

uv pip install swarmauri_auth_idp_cognito

Usage

Instantiate the login classes with your Cognito issuer, app client credentials, and redirect URI. Persist the returned state between auth_url and exchange* calls to prevent replay attacks.

from pydantic import SecretBytes, SecretStr
from swarmauri_auth_idp_cognito import CognitoOAuth21Login

login = CognitoOAuth21Login(
    issuer="https://example-domain.auth.us-east-1.amazoncognito.com",
    client_id="example-client-id",
    client_secret=SecretStr("example-secret"),
    redirect_uri="https://example.com/callback",
    state_secret=SecretBytes(b"super-secret-state-key"),
)

# Within an async context:
# auth_payload = await login.auth_url()
# identity = await login.exchange_and_identity(code, auth_payload["state"])
print(login.client_id)

Expected Workflow

  1. Call auth_url() and redirect the user agent to the returned authorization URL.
  2. Persist the state value and later validate it when Cognito posts back to your callback.
  3. Call exchange_and_identity() (or exchange() for the OIDC login) to normalize identity claims.
  4. Use the normalized payload to provision sessions, issue downstream tokens, or audit login activity.

App client classes expose the same access_token coroutine to support background services and machine-to-machine integrations.

Entry Points

The distribution registers the following entry points:

  • swarmauri.auth_idp:CognitoOAuth20Login
  • swarmauri.auth_idp:CognitoOAuth21Login
  • swarmauri.auth_idp:CognitoOIDC10Login
  • swarmauri.auth_idp:CognitoOAuth20AppClient
  • swarmauri.auth_idp:CognitoOAuth21AppClient
  • swarmauri.auth_idp:CognitoOIDC10AppClient

Contributing

To contribute to swarmauri-sdk, review the guidelines for contributing, including development workflow, testing, and coding standards.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_auth_idp_cognito-0.11.0.dev2.tar.gz (11.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_auth_idp_cognito-0.11.0.dev2.tar.gz.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.11.0.dev2.tar.gz
  • Upload date:
  • Size: 11.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.11.0.dev2.tar.gz
Algorithm Hash digest
SHA256 3706e842862ea4cd8810068be633835f1e73dd1d4c95748601391c05087d1e42
MD5 b04c21437a55ce08f6fe7d9b9703e0a5
BLAKE2b-256 2ead1050d2c5f8f180579acf282e1c50cc791866cac2232d027f1f2b83664105

See more details on using hashes here.

File details

Details for the file swarmauri_auth_idp_cognito-0.11.0.dev2-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.11.0.dev2-py3-none-any.whl
  • Upload date:
  • Size: 16.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.11.0.dev2-py3-none-any.whl
Algorithm Hash digest
SHA256 ec98d2712a3839677dc96d97da49dcac178b2a9d67b1f39bda5d59fbf3d90aa2
MD5 e5d85d848653412fb7f796f718009447
BLAKE2b-256 3439bb57772139621ebfa78046c981f8ee80ecc80a2ed096d3dc47e871c4ceef

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page