Metadata-Version: 2.1
Name: nexusid
Version: 1.0.0
Summary: NexusID Python SDK — OIDC token validation, app_roles authorization, and Flask + Django integrations for the NexusID identity broker
Author: Adroitts
License: MIT
Project-URL: Homepage, https://github.com/adroitts/nexusid-python-sdk
Project-URL: Documentation, https://github.com/adroitts/nexusid-python-sdk#readme
Project-URL: Repository, https://github.com/adroitts/nexusid-python-sdk
Project-URL: Issues, https://github.com/adroitts/nexusid-python-sdk/issues
Keywords: oauth2,oidc,sso,identity,nexusid,flask,django,pkce
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Internet :: WWW/HTTP :: Session
Classifier: Topic :: Security
Classifier: Framework :: Django
Classifier: Framework :: Flask
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Provides-Extra: all
Requires-Dist: Django>=4.0; extra == "all"
Requires-Dist: Flask>=2.0; extra == "all"
Requires-Dist: PyJWT>=2.0; extra == "all"
Requires-Dist: cryptography>=40.0; extra == "all"
Provides-Extra: django
Requires-Dist: Django>=4.0; extra == "django"
Provides-Extra: flask
Requires-Dist: Flask>=2.0; extra == "flask"
Provides-Extra: jwt
Requires-Dist: PyJWT>=2.0; extra == "jwt"
Requires-Dist: cryptography>=40.0; extra == "jwt"

# NexusID Python SDK

Python client for applications protected by a [NexusID](https://www.npmjs.com/package/@nexusid/sdk) identity broker. Validates OIDC ID tokens, exposes `app_roles` claims as idiomatic role checks, and ships drop-in middleware/decorators for **Flask** and **Django**.

## Install

```bash
pip install nexusid              # core: client + roles
pip install "nexusid[flask]"     # + Flask decorators
pip install "nexusid[django]"    # + Django middleware + decorators
pip install "nexusid[jwt]"       # + RS256 JWT verification (PyJWT, cryptography)
pip install "nexusid[all]"       # everything
```

## Quick start — plain Python

```python
from nexusid import NexusIDClient, NexusRole

client = NexusIDClient(
    issuer="https://idp.example.com",
    client_id="my-app",
    client_secret="...",          # omit for PKCE public clients
)

claims = client.verify_token(id_token)
role   = NexusRole(claims.get("app_roles", []))

if role.has("Admin"):
    ...
```

## Flask

```python
from flask import Flask
from nexusid.flask.decorators import require_role

app = Flask(__name__)

@app.route("/admin")
@require_role("Admin")
def admin():
    return "ok"
```

## Django

```python
# settings.py
MIDDLEWARE = [
    ...,
    "nexusid.django.middleware.NexusIDMiddleware",
]

NEXUSID = {
    "ISSUER": "https://idp.example.com",
    "CLIENT_ID": "my-django-app",
}

# views.py
from nexusid.django.decorators import require_role

@require_role("Admin")
def admin_view(request):
    ...
```

## API surface

- `NexusIDClient(issuer, client_id, client_secret=None)`
- `client.verify_token(id_token) -> dict`
- `NexusRole(roles: list[str])`
- `role.has(name)`, `role.has_any([names])`, `role.has_all([names])`, `role.list()`
- `nexusid.flask.decorators.require_role(name)`
- `nexusid.django.middleware.NexusIDMiddleware`
- `nexusid.django.decorators.require_role(name)`

## Status

`v1.x` — stable surface. Breaking changes will follow semver.

## License

MIT
