Skip to main content

AWS Cognito OAuth 2.0 / OAuth 2.1 / OIDC 1.0 identity provider implementations for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_auth_idp_cognito


Swarmauri Auth IDP Cognito

AWS Cognito OAuth 2.0, OAuth 2.1, and OIDC 1.0 login and app-client flows packaged for the Swarmauri ecosystem.

Features

  • PKCE-enabled authorization code logins with signed state payloads to prevent tampering.
  • Automatic discovery of Cognito endpoints with resilient HTTP retry semantics.
  • ID token verification against Cognito JWKS with graceful fallback to the UserInfo endpoint.
  • Machine-to-machine app clients supporting shared secrets or JWT-based client assertions.
  • ComponentBase-registered classes for seamless Swarmauri plugin discovery and configuration.

Installation

pip

pip install swarmauri_auth_idp_cognito

uv (project)

uv add swarmauri_auth_idp_cognito

uv (environment)

uv pip install swarmauri_auth_idp_cognito

Usage

Instantiate the login classes with your Cognito issuer, app client credentials, and redirect URI. Persist the returned state between auth_url and exchange* calls to prevent replay attacks.

from pydantic import SecretBytes, SecretStr
from swarmauri_auth_idp_cognito import CognitoOAuth21Login

login = CognitoOAuth21Login(
    issuer="https://example-domain.auth.us-east-1.amazoncognito.com",
    client_id="example-client-id",
    client_secret=SecretStr("example-secret"),
    redirect_uri="https://example.com/callback",
    state_secret=SecretBytes(b"super-secret-state-key"),
)

# Within an async context:
# auth_payload = await login.auth_url()
# identity = await login.exchange_and_identity(code, auth_payload["state"])
print(login.client_id)

Expected Workflow

  1. Call auth_url() and redirect the user agent to the returned authorization URL.
  2. Persist the state value and later validate it when Cognito posts back to your callback.
  3. Call exchange_and_identity() (or exchange() for the OIDC login) to normalize identity claims.
  4. Use the normalized payload to provision sessions, issue downstream tokens, or audit login activity.

App client classes expose the same access_token coroutine to support background services and machine-to-machine integrations.

Entry Points

The distribution registers the following entry points:

  • swarmauri.auth_idp:CognitoOAuth20Login
  • swarmauri.auth_idp:CognitoOAuth21Login
  • swarmauri.auth_idp:CognitoOIDC10Login
  • swarmauri.auth_idp:CognitoOAuth20AppClient
  • swarmauri.auth_idp:CognitoOAuth21AppClient
  • swarmauri.auth_idp:CognitoOIDC10AppClient

Contributing

To contribute to swarmauri-sdk, review the guidelines for contributing, including development workflow, testing, and coding standards.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_auth_idp_cognito-0.1.0.dev25.tar.gz (11.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_auth_idp_cognito-0.1.0.dev25.tar.gz.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.1.0.dev25.tar.gz
  • Upload date:
  • Size: 11.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.3 {"installer":{"name":"uv","version":"0.10.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.1.0.dev25.tar.gz
Algorithm Hash digest
SHA256 16c4c7220fadeac8dfe7d69f01977225acb0e315ba9270d067f537c6963194bd
MD5 c60aea21dce50aeb7b8a345773ae19ac
BLAKE2b-256 0f16015a9dc85f7b468b76941e9209ca9c224f6f81651fd4189ef9e6c7eea9c1

See more details on using hashes here.

File details

Details for the file swarmauri_auth_idp_cognito-0.1.0.dev25-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.1.0.dev25-py3-none-any.whl
  • Upload date:
  • Size: 16.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.3 {"installer":{"name":"uv","version":"0.10.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.1.0.dev25-py3-none-any.whl
Algorithm Hash digest
SHA256 330065ad417f6dce8293d0768b31fcca6c2e39f3ca81845a3dd62393150f9dbe
MD5 fbcb231eb1f73a873bd634081cd4a9fe
BLAKE2b-256 c0e27ae3a5b293ea49ccdcc96b0089dc342dc1735e9ab4988b2f26b004a0ce74

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page