Skip to main content

A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.

Project description

🛡️ USSO Python Client SDK

The USSO Python Client SDK (usso) provides a universal, secure JWT authentication layer for Python microservices and web frameworks.
It’s designed to integrate seamlessly with the USSO Identity Platform — or any standards-compliant token issuer.


🔗 Relationship to the USSO Platform

This SDK is the official verification client for the USSO identity service, which provides multi-tenant authentication, RBAC, token flows, and more.
You can use the SDK with:

  • Self-hosted USSO via Docker
  • Any identity provider that issues signed JWTs (with proper config)

✨ Features

  • Token verification for EdDSA, RS256, HS256, and more
  • Claim validation (exp, nbf, aud, iss)
  • Remote JWK support for key rotation
  • Typed payload parsing via UserData (Pydantic)
  • Token extraction from:
    • Authorization header
    • Cookies
    • Custom headers
  • FastAPI integration with dependency injection
  • Django middleware for request-based user resolution
  • 🧪 90% tested with pytest and tox

📦 Installation

pip install usso

With framework extras:

pip install "usso[fastapi]"     # for FastAPI integration
pip install "usso[django]"      # for Django integration

🚀 Quick Start (FastAPI)

from usso.fastapi.integration import get_authenticator
from usso.schemas import JWTConfig, JWTHeaderConfig, UserData
from usso.jwt.enums import Algorithm

config = JWTConfig(
    key="your-ed25519-public-key",
    issuer="https://sso.example.com",
    audience="api.example.com",
    type=Algorithm.EdDSA,
    header=JWTHeaderConfig(type="Authorization")
)

authenticator = get_authenticator(config)

@app.get("/me")
def get_me(user: UserData = Depends(authenticator)):
    return {"user_id": user.sub, "roles": user.roles}

🧱 Project Structure

src/usso/
├── fastapi/            # FastAPI adapter
├── django/             # Django middleware
├── jwt/                # Core JWT logic and algorithms
├── session/            # Stateless session support
├── models/             # JWTConfig, UserData, etc.
├── exceptions/         # Shared exceptions
├── authenticator.py    # High-level API (token + user resolution)

🐳 Integrate with USSO (Docker)

Run your own identity provider:

docker run -p 8000:8000 ghcr.io/ussoio/usso:latest

Then configure your app to verify tokens issued by this service, using its public JWKS endpoint:

JWTConfig(
    jwks_url="http://localhost:8000/.well-known/jwks.json",
    ...
)

🧪 Testing

pytest
tox

🤝 Contributing

We welcome contributions!


📝 License

MIT License © [mahdikiani]

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

usso-0.31.2.tar.gz (36.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

usso-0.31.2-py3-none-any.whl (40.0 kB view details)

Uploaded Python 3

File details

Details for the file usso-0.31.2.tar.gz.

File metadata

  • Download URL: usso-0.31.2.tar.gz
  • Upload date:
  • Size: 36.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for usso-0.31.2.tar.gz
Algorithm Hash digest
SHA256 cbc2e1abc4bd77b389872f668dc7431c28afe206b995c244c934cfaf1c3c8537
MD5 8db4227f5ef04d7ff95a4b6bec84da2c
BLAKE2b-256 7b307f2b8d4678848af4d866d07ab8ac2aeb95a5ebeac333d215565c8f137d38

See more details on using hashes here.

File details

Details for the file usso-0.31.2-py3-none-any.whl.

File metadata

  • Download URL: usso-0.31.2-py3-none-any.whl
  • Upload date:
  • Size: 40.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for usso-0.31.2-py3-none-any.whl
Algorithm Hash digest
SHA256 596c4602a2ec8a41026e090f5717693e0779511c82a4fc77dab71834205cb847
MD5 ee7318fff41c63ec266539c183ae6670
BLAKE2b-256 61aed1bf5dc60224f0a4ab6406365eba2293d807e3cd3d50ec7ee2dc944845f2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page