Skip to main content

A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.

Project description

🛡️ USSO Python Client SDK

The USSO Python Client SDK (usso) provides a universal, secure JWT authentication layer for Python microservices and web frameworks.
It’s designed to integrate seamlessly with the USSO Identity Platform — or any standards-compliant token issuer.


🔗 Relationship to the USSO Platform

This SDK is the official verification client for the USSO identity service, which provides multi-tenant authentication, RBAC, token flows, and more.
You can use the SDK with:

  • Self-hosted USSO via Docker
  • Any identity provider that issues signed JWTs (with proper config)

✨ Features

  • Token verification for EdDSA, RS256, HS256, and more
  • Claim validation (exp, nbf, aud, iss)
  • Remote JWK support for key rotation
  • Typed payload parsing via UserData (Pydantic)
  • Token extraction from:
    • Authorization header
    • Cookies
    • Custom headers
  • FastAPI integration with dependency injection
  • Django middleware for request-based user resolution
  • 🧪 90% tested with pytest and tox

📦 Installation

pip install usso

With framework extras:

pip install "usso[fastapi]"     # for FastAPI integration
pip install "usso[django]"      # for Django integration

🚀 Quick Start (FastAPI)

from usso.fastapi.integration import get_authenticator
from usso.schemas import JWTConfig, JWTHeaderConfig, UserData
from usso.jwt.enums import Algorithm

config = JWTConfig(
    key="your-ed25519-public-key",
    issuer="https://sso.example.com",
    audience="api.example.com",
    type=Algorithm.EdDSA,
    header=JWTHeaderConfig(type="Authorization")
)

authenticator = get_authenticator(config)

@app.get("/me")
def get_me(user: UserData = Depends(authenticator)):
    return {"user_id": user.sub, "roles": user.roles}

🧱 Project Structure

src/usso/
├── fastapi/            # FastAPI adapter
├── django/             # Django middleware
├── jwt/                # Core JWT logic and algorithms
├── session/            # Stateless session support
├── models/             # JWTConfig, UserData, etc.
├── exceptions/         # Shared exceptions
├── authenticator.py    # High-level API (token + user resolution)

🐳 Integrate with USSO (Docker)

Run your own identity provider:

docker run -p 8000:8000 ghcr.io/ussoio/usso:latest

Then configure your app to verify tokens issued by this service, using its public JWKS endpoint:

JWTConfig(
    jwks_url="http://localhost:8000/.well-known/jwks.json",
    ...
)

🧪 Testing

pytest
tox

🤝 Contributing

We welcome contributions!


📝 License

MIT License © [mahdikiani]

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

usso-0.31.3.tar.gz (36.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

usso-0.31.3-py3-none-any.whl (40.0 kB view details)

Uploaded Python 3

File details

Details for the file usso-0.31.3.tar.gz.

File metadata

  • Download URL: usso-0.31.3.tar.gz
  • Upload date:
  • Size: 36.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for usso-0.31.3.tar.gz
Algorithm Hash digest
SHA256 eb3ee32b53cd56f9ecca2201502feb4467a0a7e339c4fda33d8c228b38d5ab91
MD5 91d99306a87d6cb0ac7a78dbf423dec9
BLAKE2b-256 bf90554b163e1106f73d993fd38a7a28d8ac41c554ea292c1d6373c07ce77c13

See more details on using hashes here.

File details

Details for the file usso-0.31.3-py3-none-any.whl.

File metadata

  • Download URL: usso-0.31.3-py3-none-any.whl
  • Upload date:
  • Size: 40.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for usso-0.31.3-py3-none-any.whl
Algorithm Hash digest
SHA256 da645ff228c89eb55c0c70447deedc7257ba131345abad3edf47e3feeb3ccd83
MD5 3602337905c4ff65a1911f1c00fd5196
BLAKE2b-256 23ebaecf5d4e2bdb26316923573bc843f160350bc95dba1c9c725bc1b5fd5f09

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page