Metadata-Version: 2.4
Name: tahportal-sso
Version: 1.0.2
Summary: TAHPortal SSO integration for Python web applications (FastAPI and Flask)
Project-URL: Homepage, https://github.com/TraffikAnalysisHub/tahportal-sso-python
Project-URL: Documentation, https://github.com/TraffikAnalysisHub/tahportal-sso-python#readme
Project-URL: Issues, https://github.com/TraffikAnalysisHub/tahportal-sso-python/issues
Author-email: Stop the Traffik <dataandtech@stopthetraffik.org>
License: MIT
License-File: LICENSE
Keywords: authentication,fastapi,flask,sso,tahportal
Classifier: Framework :: FastAPI
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Internet :: WWW/HTTP :: Session
Classifier: Topic :: Security
Requires-Python: >=3.9
Requires-Dist: httpx>=0.26.0
Requires-Dist: pyjwt>=2.8.0
Provides-Extra: dev
Requires-Dist: hatch>=1.9.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Requires-Dist: respx>=0.20.0; extra == 'dev'
Provides-Extra: fastapi
Requires-Dist: fastapi>=0.110.0; extra == 'fastapi'
Provides-Extra: flask
Requires-Dist: flask>=3.0.0; extra == 'flask'
Description-Content-Type: text/markdown

# tahportal-sso

TAHPortal SSO integration package for Python web applications.
Connects your product to the TAHPortal identity gateway with minimal setup.

## Installation

\`\`\`bash
pip install tahportal-sso
# with FastAPI support
pip install tahportal-sso[fastapi]
# with Flask support
pip install tahportal-sso[flask]
\`\`\`

## Quick start

Set three environment variables in your product:

\`\`\`bash
TAHPORTAL_URL=https://your-tahportal-domain.com
TAHPORTAL_PRODUCT_ID=<uuid from products table>
TAHPORTAL_SESSION_SECRET=<random 64-char hex string>
TAHPORTAL_SESSION_TTL=3600  # optional, defaults to 3600 seconds
\`\`\`

### FastAPI

\`\`\`python
from fastapi import FastAPI, Depends
from tahportal_sso import TahPortalSSO, TahPortalConfig, SSOUser

config = TahPortalConfig.from_env()
sso = TahPortalSSO(config)

app = FastAPI()
app.include_router(sso.get_fastapi_router())

@app.get("/dashboard")
async def dashboard(user: SSOUser = Depends(sso.require_user)):
    return {"welcome": user.full_name, "role": user.user_role}
\`\`\`

### Flask

\`\`\`python
from flask import Flask
from tahportal_sso import TahPortalSSO, TahPortalConfig

config = TahPortalConfig.from_env()
sso = TahPortalSSO(config)

app = Flask(__name__)
sso.init_flask(app)

@app.route("/dashboard")
@sso.login_required
def dashboard():
    user = sso.get_current_user()
    return {"welcome": user.full_name}
\`\`\`

## How it works

1. TAHPortal generates a short-lived one-time code when a user
   launches this product
2. This package exchanges the code for the user's identity at
   TAHPortal's /api/sso/exchange endpoint
3. A local session JWT is created and stored in an httpOnly cookie
4. All subsequent requests are validated locally — no network call
   to TAHPortal on every request
5. When the session expires the user is redirected back to TAHPortal
   to re-authenticate

## Session expiry and access revocation

Sessions expire after TAHPORTAL_SESSION_TTL seconds. When a session
expires, the user is redirected to TAHPortal. If their subscription
has been revoked, TAHPortal will deny access at that point.

Set a shorter TTL for higher-security products:
\`\`\`bash
TAHPORTAL_SESSION_TTL=900  # 15 minutes
\`\`\`

## License

MIT — Copyright (c) 2026 STOP THE TRAFFIK / Traffik Analysis Hub