Metadata-Version: 2.4
Name: tigrbl_auth
Version: 0.3.2.dev8
Summary: A Tigrbl Multi‑tenant OpenID‑Connect / OAuth2 Identity‑Provider server by Swarmauri.
License-Expression: Apache-2.0
License-File: LICENSE
Keywords: oidc,oauth2,fastapi,identity-provider,jwks,jwt,tigrbl,sdk,standards,auth,authentication
Author: Jacob Stewart
Author-email: jacob@swarmauri.com
Requires-Python: >=3.10,<3.13
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Development Status :: 3 - Alpha
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Requires-Dist: aiosqlite (>=0.19,<1.0)
Requires-Dist: asyncpg (>=0.29,<1.0)
Requires-Dist: bcrypt (>=4.1)
Requires-Dist: fastapi (>=0.111)
Requires-Dist: httpx (>=0.27)
Requires-Dist: pydantic (>=2.7,<3.0)
Requires-Dist: pydantic-settings (>=2.2,<3.0)
Requires-Dist: pydantic[email]
Requires-Dist: python-multipart (>=0.0.9)
Requires-Dist: sqlalchemy[asyncio] (>=2.0,<3.0)
Requires-Dist: swarmauri_base
Requires-Dist: swarmauri_core
Requires-Dist: swarmauri_crypto_jwe
Requires-Dist: swarmauri_crypto_paramiko
Requires-Dist: swarmauri_keyprovider_file
Requires-Dist: swarmauri_keyprovider_local
Requires-Dist: swarmauri_signing_dpop
Requires-Dist: swarmauri_signing_ed25519
Requires-Dist: swarmauri_signing_jws
Requires-Dist: swarmauri_standard
Requires-Dist: swarmauri_tokens_jwt
Requires-Dist: tigrbl
Requires-Dist: uvicorn[standard] (>=0.29)
Description-Content-Type: text/markdown

![Tigrbl Logo](https://raw.githubusercontent.com/swarmauri/swarmauri-sdk/master/assets/tigrbl_full_logo.png)

<p align="center">
    <a href="https://pypi.org/project/tigrbl_auth/">
        <img src="https://img.shields.io/pypi/dm/tigrbl_auth" alt="PyPI - Downloads"/></a>
    <a href="https://hits.sh/github.com/swarmauri/swarmauri-sdk/tree/master/pkgs/standards/tigrbl_auth/">
        <img alt="Hits" src="https://hits.sh/github.com/swarmauri/swarmauri-sdk/tree/master/pkgs/standards/tigrbl_auth.svg"/></a>
    <a href="https://pypi.org/project/tigrbl_auth/">
        <img src="https://img.shields.io/pypi/pyversions/tigrbl_auth" alt="PyPI - Python Version"/></a>
    <a href="https://pypi.org/project/tigrbl_auth/">
        <img src="https://img.shields.io/pypi/l/tigrbl_auth" alt="PyPI - License"/></a>
    <a href="https://pypi.org/project/tigrbl_auth/">
        <img src="https://img.shields.io/pypi/v/tigrbl_auth?label=tigrbl_auth&color=green" alt="PyPI - tigrbl_auth"/></a>
</p>

---

# Tigrbl Auth 🔐

Secure, multi-tenant identity services for the Tigrbl ecosystem.

## Terminology 📚

- **Tenant** 🏢 – a namespace used to group related resources such as repositories or clients.
- **Principal** 👤 – an owner of resources, for example an individual user or an organization.

---

## Auto Authn: Multi-Tenant OpenID Connect Provider 🚦

`Auto Authn` is an async, SQL-backed Identity Provider for OpenID Connect 1.0 and OAuth 2.1.
It provides per-tenant isolation and is designed to scale for SaaS deployments.

### Features ✨

- 🏢 Per-tenant issuer URLs with isolated user and client tables.
- 🔐 RSA-based JWT signing with helpers for key rotation.
- 🐅 Powered by Tigrbl.
- 🔎 OIDC discovery endpoints and JWKS generation.
- 🛡️ Configurable PostgreSQL or SQLite storage with optional Redis support.

### Installation 📦

```bash
pip install tigrbl_auth
```

Extras are available for common database drivers:

```bash
# PostgreSQL
pip install tigrbl_auth[postgres]

# SQLite
pip install tigrbl_auth[sqlite]
```

### Quick Start 🚀

```python
from tigrbl.engine import engine
from tigrbl import TigrblApp
from tigrbl_auth.db import dsn
from tigrbl_auth.routers.surface import surface_api

app = TigrblApp(engine=engine(dsn))
surface_api.mount_jsonrpc(prefix="/rpc")
surface_api.attach_diagnostics(prefix="/system")
app.include_router(surface_api)
```

The embedded ``surface_api`` exposes resource and flow operations for in-process usage via
namespaces like ``surface_api.core.User.create``.

Check the documentation for detailed setup and configuration.

To run the API locally with Uvicorn:

```bash
uvicorn tigrbl_auth.app:app --reload
```

The service exposes an OpenID Connect discovery document at
`/.well-known/openid-configuration` and publishes its JSON Web Key Set at
`/.well-known/jwks.json`.

### Configuration ⚙️

`Auto Authn` reads settings from environment variables. Common options include:

- `PG_DSN` or the combination of `PG_HOST`, `PG_PORT`, `PG_DB`, `PG_USER`, `PG_PASS`
  for database connectivity.
- `REDIS_HOST`, `REDIS_PORT`, `REDIS_DB`, and `REDIS_PASSWORD` for Redis session
  storage (optional).
- `JWT_SECRET` for token signing and `LOG_LEVEL` to control logging verbosity.

### Docker 🐳

A lightweight Dockerfile is provided. Build and run the service with:

```bash
docker build -t tigrbl-auth .
docker run -p 8000:8000 tigrbl-auth
```

Visit `http://localhost:8000/docs` to explore the interactive API documentation.

### Contributing 🤝

Contributions are welcome! Please open an issue or submit a pull request to
discuss improvements.

### License 📜

Apache-2.0


