AWS Cognito OAuth 2.0 / OAuth 2.1 / OIDC 1.0 identity provider implementations for Swarmauri
Project description
Swarmauri Auth IDP Cognito
AWS Cognito OAuth 2.0, OAuth 2.1, and OIDC 1.0 login and app-client flows packaged for the Swarmauri ecosystem.
Features
- PKCE-enabled authorization code logins with signed state payloads to prevent tampering.
- Automatic discovery of Cognito endpoints with resilient HTTP retry semantics.
- ID token verification against Cognito JWKS with graceful fallback to the UserInfo endpoint.
- Machine-to-machine app clients supporting shared secrets or JWT-based client assertions.
- ComponentBase-registered classes for seamless Swarmauri plugin discovery and configuration.
Installation
pip
pip install swarmauri_auth_idp_cognito
uv (project)
uv add swarmauri_auth_idp_cognito
uv (environment)
uv pip install swarmauri_auth_idp_cognito
Usage
Instantiate the login classes with your Cognito issuer, app client credentials, and redirect URI.
Persist the returned state between auth_url and exchange* calls to prevent replay attacks.
from pydantic import SecretBytes, SecretStr
from swarmauri_auth_idp_cognito import CognitoOAuth21Login
login = CognitoOAuth21Login(
issuer="https://example-domain.auth.us-east-1.amazoncognito.com",
client_id="example-client-id",
client_secret=SecretStr("example-secret"),
redirect_uri="https://example.com/callback",
state_secret=SecretBytes(b"super-secret-state-key"),
)
# Within an async context:
# auth_payload = await login.auth_url()
# identity = await login.exchange_and_identity(code, auth_payload["state"])
print(login.client_id)
Expected Workflow
- Call
auth_url()and redirect the user agent to the returned authorization URL. - Persist the state value and later validate it when Cognito posts back to your callback.
- Call
exchange_and_identity()(orexchange()for the OIDC login) to normalize identity claims. - Use the normalized payload to provision sessions, issue downstream tokens, or audit login activity.
App client classes expose the same access_token coroutine to support background services
and machine-to-machine integrations.
Entry Points
The distribution registers the following entry points:
swarmauri.auth_idp:CognitoOAuth20Loginswarmauri.auth_idp:CognitoOAuth21Loginswarmauri.auth_idp:CognitoOIDC10Loginswarmauri.auth_idp:CognitoOAuth20AppClientswarmauri.auth_idp:CognitoOAuth21AppClientswarmauri.auth_idp:CognitoOIDC10AppClient
Contributing
To contribute to swarmauri-sdk, review the guidelines for contributing, including development workflow, testing, and coding standards.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file swarmauri_auth_idp_cognito-0.11.0.dev2.tar.gz.
File metadata
- Download URL: swarmauri_auth_idp_cognito-0.11.0.dev2.tar.gz
- Upload date:
- Size: 11.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3706e842862ea4cd8810068be633835f1e73dd1d4c95748601391c05087d1e42
|
|
| MD5 |
b04c21437a55ce08f6fe7d9b9703e0a5
|
|
| BLAKE2b-256 |
2ead1050d2c5f8f180579acf282e1c50cc791866cac2232d027f1f2b83664105
|
File details
Details for the file swarmauri_auth_idp_cognito-0.11.0.dev2-py3-none-any.whl.
File metadata
- Download URL: swarmauri_auth_idp_cognito-0.11.0.dev2-py3-none-any.whl
- Upload date:
- Size: 16.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec98d2712a3839677dc96d97da49dcac178b2a9d67b1f39bda5d59fbf3d90aa2
|
|
| MD5 |
e5d85d848653412fb7f796f718009447
|
|
| BLAKE2b-256 |
3439bb57772139621ebfa78046c981f8ee80ecc80a2ed096d3dc47e871c4ceef
|