Skip to main content

AWS Cognito OAuth 2.0 / OAuth 2.1 / OIDC 1.0 identity provider implementations for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_auth_idp_cognito


Swarmauri Auth IDP Cognito

AWS Cognito OAuth 2.0, OAuth 2.1, and OIDC 1.0 login and app-client flows packaged for the Swarmauri ecosystem.

Features

  • PKCE-enabled authorization code logins with signed state payloads to prevent tampering.
  • Automatic discovery of Cognito endpoints with resilient HTTP retry semantics.
  • ID token verification against Cognito JWKS with graceful fallback to the UserInfo endpoint.
  • Machine-to-machine app clients supporting shared secrets or JWT-based client assertions.
  • ComponentBase-registered classes for seamless Swarmauri plugin discovery and configuration.

Installation

pip

pip install swarmauri_auth_idp_cognito

uv (project)

uv add swarmauri_auth_idp_cognito

uv (environment)

uv pip install swarmauri_auth_idp_cognito

Usage

Instantiate the login classes with your Cognito issuer, app client credentials, and redirect URI. Persist the returned state between auth_url and exchange* calls to prevent replay attacks.

from pydantic import SecretBytes, SecretStr
from swarmauri_auth_idp_cognito import CognitoOAuth21Login

login = CognitoOAuth21Login(
    issuer="https://example-domain.auth.us-east-1.amazoncognito.com",
    client_id="example-client-id",
    client_secret=SecretStr("example-secret"),
    redirect_uri="https://example.com/callback",
    state_secret=SecretBytes(b"super-secret-state-key"),
)

# Within an async context:
# auth_payload = await login.auth_url()
# identity = await login.exchange_and_identity(code, auth_payload["state"])
print(login.client_id)

Expected Workflow

  1. Call auth_url() and redirect the user agent to the returned authorization URL.
  2. Persist the state value and later validate it when Cognito posts back to your callback.
  3. Call exchange_and_identity() (or exchange() for the OIDC login) to normalize identity claims.
  4. Use the normalized payload to provision sessions, issue downstream tokens, or audit login activity.

App client classes expose the same access_token coroutine to support background services and machine-to-machine integrations.

Entry Points

The distribution registers the following entry points:

  • swarmauri.auth_idp:CognitoOAuth20Login
  • swarmauri.auth_idp:CognitoOAuth21Login
  • swarmauri.auth_idp:CognitoOIDC10Login
  • swarmauri.auth_idp:CognitoOAuth20AppClient
  • swarmauri.auth_idp:CognitoOAuth21AppClient
  • swarmauri.auth_idp:CognitoOIDC10AppClient

Contributing

To contribute to swarmauri-sdk, review the guidelines for contributing, including development workflow, testing, and coding standards.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_auth_idp_cognito-0.2.0.dev4.tar.gz (11.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_auth_idp_cognito-0.2.0.dev4-py3-none-any.whl (16.5 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_auth_idp_cognito-0.2.0.dev4.tar.gz.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.2.0.dev4.tar.gz
  • Upload date:
  • Size: 11.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.2.0.dev4.tar.gz
Algorithm Hash digest
SHA256 71a9748afb1fb87bc532820a8d53c7e0f8c5aa92cf22fcf1fea8605d9024a160
MD5 801968a2cc0f4eebf5c3140956884ffc
BLAKE2b-256 8ce5402594874abe4e564fc8a191ef0ccc66476efde7dba96facfb679667e406

See more details on using hashes here.

File details

Details for the file swarmauri_auth_idp_cognito-0.2.0.dev4-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_auth_idp_cognito-0.2.0.dev4-py3-none-any.whl
  • Upload date:
  • Size: 16.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_auth_idp_cognito-0.2.0.dev4-py3-none-any.whl
Algorithm Hash digest
SHA256 a508bf11826dbdd6ddf6d611ad6c8bf552ea8ace8f400ed2ada2b98a5540f834
MD5 424ff8e6b2647fc51dd64f000c8f8d9a
BLAKE2b-256 7d9e68ff8ed660c32cf1b1411b319d71c50fba3340305d078530117bf3846444

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page