Skip to main content

AWS Cognito OAuth 2.0 / OAuth 2.1 / OIDC 1.0 identity provider implementations for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_auth_idp_cognito Discord

Swarmauri Auth IDP Cognito

AWS Cognito OAuth 2.0, OAuth 2.1, and OIDC 1.0 login and app-client flows packaged for the Swarmauri ecosystem.

Features

  • PKCE-enabled authorization code logins with signed state payloads to prevent tampering.
  • Automatic discovery of Cognito endpoints with resilient HTTP retry semantics.
  • ID token verification against Cognito JWKS with graceful fallback to the UserInfo endpoint.
  • Machine-to-machine app clients supporting shared secrets or JWT-based client assertions.
  • ComponentBase-registered classes for seamless Swarmauri plugin discovery and configuration.

Installation

pip

pip install swarmauri_auth_idp_cognito

uv (project)

uv add swarmauri_auth_idp_cognito

uv (environment)

uv pip install swarmauri_auth_idp_cognito

Usage

Instantiate the login classes with your Cognito issuer, app client credentials, and redirect URI. Persist the returned state between auth_url and exchange* calls to prevent replay attacks.

from pydantic import SecretBytes, SecretStr
from swarmauri_auth_idp_cognito import CognitoOAuth21Login

login = CognitoOAuth21Login(
    issuer="https://example-domain.auth.us-east-1.amazoncognito.com",
    client_id="example-client-id",
    client_secret=SecretStr("example-secret"),
    redirect_uri="https://example.com/callback",
    state_secret=SecretBytes(b"super-secret-state-key"),
)

# Within an async context:
# auth_payload = await login.auth_url()
# identity = await login.exchange_and_identity(code, auth_payload["state"])
print(login.client_id)

Expected Workflow

  1. Call auth_url() and redirect the user agent to the returned authorization URL.
  2. Persist the state value and later validate it when Cognito posts back to your callback.
  3. Call exchange_and_identity() (or exchange() for the OIDC login) to normalize identity claims.
  4. Use the normalized payload to provision sessions, issue downstream tokens, or audit login activity.

App client classes expose the same access_token coroutine to support background services and machine-to-machine integrations.

Entry Points

The distribution registers the following entry points:

  • swarmauri.auth_idp:CognitoOAuth20Login
  • swarmauri.auth_idp:CognitoOAuth21Login
  • swarmauri.auth_idp:CognitoOIDC10Login
  • swarmauri.auth_idp:CognitoOAuth20AppClient
  • swarmauri.auth_idp:CognitoOAuth21AppClient
  • swarmauri.auth_idp:CognitoOIDC10AppClient

Contributing

To contribute to swarmauri-sdk, review the guidelines for contributing, including development workflow, testing, and coding standards.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_auth_idp_cognito-0.11.0.dev1.tar.gz (11.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_auth_idp_cognito-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 11.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 dda2f61902b7085437bda321c3f0bbdb90cd84a4545c90b6e05363cc8ee12b3f
MD5 82bf6b08fa8cd3681c7a2eb2ddc9ebfd
BLAKE2b-256 0fdb06f2056fb79bdea1554d687ba0beaf97fc1cdd26d408335c884e90a1edce

See more details on using hashes here.

File details

Details for the file swarmauri_auth_idp_cognito-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 16.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 2a9469dbd13d722df39a82b149646bc3ea0091dc08a023211743725496226856
MD5 a603d599900ad146384eefe8513e230f
BLAKE2b-256 55767b2484ff09d01c8bf105dd8a2107e89cd216aa724f4951e782b59bd388e3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page