A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
Project description
🛡️ USSO Python Client SDK
The USSO Python Client SDK (usso) provides a universal, secure JWT authentication layer for Python microservices and web frameworks.
It’s designed to integrate seamlessly with the USSO Identity Platform — or any standards-compliant token issuer.
🔗 Relationship to the USSO Platform
This SDK is the official verification client for the USSO identity service, which provides multi-tenant authentication, RBAC, token flows, and more.
You can use the SDK with:
- Self-hosted USSO via Docker
- Any identity provider that issues signed JWTs (with proper config)
✨ Features
- ✅ Token verification for EdDSA, RS256, HS256, and more
- ✅ Claim validation (
exp,nbf,aud,iss) - ✅ Remote JWK support for key rotation
- ✅ Typed payload parsing via
UserData(Pydantic) - ✅ Token extraction from:
Authorizationheader- Cookies
- Custom headers
- ✅ FastAPI integration with dependency injection
- ✅ Django middleware for request-based user resolution
- 🧪 90% tested with
pytestandtox
📦 Installation
pip install usso
With framework extras:
pip install "usso[fastapi]" # for FastAPI integration
pip install "usso[django]" # for Django integration
🚀 Quick Start (FastAPI)
from usso.fastapi.integration import get_authenticator
from usso.schemas import JWTConfig, JWTHeaderConfig, UserData
from usso.jwt.enums import Algorithm
config = JWTConfig(
key="your-ed25519-public-key",
issuer="https://sso.example.com",
audience="api.example.com",
type=Algorithm.EdDSA,
header=JWTHeaderConfig(type="Authorization")
)
authenticator = get_authenticator(config)
@app.get("/me")
def get_me(user: UserData = Depends(authenticator)):
return {"user_id": user.sub, "roles": user.roles}
🧱 Project Structure
src/usso/
├── fastapi/ # FastAPI adapter
├── django/ # Django middleware
├── jwt/ # Core JWT logic and algorithms
├── session/ # Stateless session support
├── models/ # JWTConfig, UserData, etc.
├── exceptions/ # Shared exceptions
├── authenticator.py # High-level API (token + user resolution)
🐳 Integrate with USSO (Docker)
Run your own identity provider:
docker run -p 8000:8000 ghcr.io/ussoio/usso:latest
Then configure your app to verify tokens issued by this service, using its public JWKS endpoint:
JWTConfig(
jwk_url="http://localhost:8000/.well-known/jwks.json",
...
)
🧪 Testing
pytest
tox
🤝 Contributing
We welcome contributions!
📝 License
MIT License © [mahdikiani]
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file usso-0.28.2.tar.gz.
File metadata
- Download URL: usso-0.28.2.tar.gz
- Upload date:
- Size: 14.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8bb1dbe483531bd7b94fe0153efd085d063f3cb8b62de3245f5cc5c58f3b696e
|
|
| MD5 |
77661401bbd5433f441b654cc86fc85f
|
|
| BLAKE2b-256 |
c11108c61cba4e26c99abc1615f3ff1e1c75deb9fd9a203ea000fec6a987d41b
|
File details
Details for the file usso-0.28.2-py3-none-any.whl.
File metadata
- Download URL: usso-0.28.2-py3-none-any.whl
- Upload date:
- Size: 16.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f5441320cd74d00598f4b0c0a3481722749f58b0c991dc4927a4066e210bf630
|
|
| MD5 |
f0cd341b1b73da6d12b7e35fe0f5db02
|
|
| BLAKE2b-256 |
b9bda5a0c46b8488263bcaefd5777c4f26de5a676a78f2c2801ed1d94cfafed7
|
