Skip to main content

AWS Cognito OAuth 2.0 / OAuth 2.1 / OIDC 1.0 identity provider implementations for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_auth_idp_cognito


Swarmauri Auth IDP Cognito

AWS Cognito OAuth 2.0, OAuth 2.1, and OIDC 1.0 login and app-client flows packaged for the Swarmauri ecosystem.

Features

  • PKCE-enabled authorization code logins with signed state payloads to prevent tampering.
  • Automatic discovery of Cognito endpoints with resilient HTTP retry semantics.
  • ID token verification against Cognito JWKS with graceful fallback to the UserInfo endpoint.
  • Machine-to-machine app clients supporting shared secrets or JWT-based client assertions.
  • ComponentBase-registered classes for seamless Swarmauri plugin discovery and configuration.

Installation

pip

pip install swarmauri_auth_idp_cognito

uv (project)

uv add swarmauri_auth_idp_cognito

uv (environment)

uv pip install swarmauri_auth_idp_cognito

Usage

Instantiate the login classes with your Cognito issuer, app client credentials, and redirect URI. Persist the returned state between auth_url and exchange* calls to prevent replay attacks.

from pydantic import SecretBytes, SecretStr
from swarmauri_auth_idp_cognito import CognitoOAuth21Login

login = CognitoOAuth21Login(
    issuer="https://example-domain.auth.us-east-1.amazoncognito.com",
    client_id="example-client-id",
    client_secret=SecretStr("example-secret"),
    redirect_uri="https://example.com/callback",
    state_secret=SecretBytes(b"super-secret-state-key"),
)

# Within an async context:
# auth_payload = await login.auth_url()
# identity = await login.exchange_and_identity(code, auth_payload["state"])
print(login.client_id)

Expected Workflow

  1. Call auth_url() and redirect the user agent to the returned authorization URL.
  2. Persist the state value and later validate it when Cognito posts back to your callback.
  3. Call exchange_and_identity() (or exchange() for the OIDC login) to normalize identity claims.
  4. Use the normalized payload to provision sessions, issue downstream tokens, or audit login activity.

App client classes expose the same access_token coroutine to support background services and machine-to-machine integrations.

Entry Points

The distribution registers the following entry points:

  • swarmauri.auth_idp:CognitoOAuth20Login
  • swarmauri.auth_idp:CognitoOAuth21Login
  • swarmauri.auth_idp:CognitoOIDC10Login
  • swarmauri.auth_idp:CognitoOAuth20AppClient
  • swarmauri.auth_idp:CognitoOAuth21AppClient
  • swarmauri.auth_idp:CognitoOIDC10AppClient

Contributing

To contribute to swarmauri-sdk, review the guidelines for contributing, including development workflow, testing, and coding standards.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_auth_idp_cognito-0.1.0.dev30.tar.gz (11.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_auth_idp_cognito-0.1.0.dev30.tar.gz.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.1.0.dev30.tar.gz
  • Upload date:
  • Size: 11.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.4 {"installer":{"name":"uv","version":"0.10.4","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.1.0.dev30.tar.gz
Algorithm Hash digest
SHA256 4aed51291de86813c396a2e418b372eb7fb91e69cf40734c593ae052ac81fa7c
MD5 977ba4e0e84753d3f528de66314b5b9c
BLAKE2b-256 cfe08c171d0e2e3f5ec85d39a08dd5f204e7ada8c43e0c5512c832c4e482a63a

See more details on using hashes here.

File details

Details for the file swarmauri_auth_idp_cognito-0.1.0.dev30-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.1.0.dev30-py3-none-any.whl
  • Upload date:
  • Size: 16.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.4 {"installer":{"name":"uv","version":"0.10.4","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.1.0.dev30-py3-none-any.whl
Algorithm Hash digest
SHA256 0a8fa119acdd2fc9cc59ed3da76c6f96a2fcffa819fa17468c509fcddfc024a6
MD5 3faaf10dcffffc398bf77acadd9cf698
BLAKE2b-256 c8241dff7dd9b9ce694f14d770b60c0792f0ce9ec78b53c3b9cd166343c41509

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page