Metadata-Version: 2.4
Name: ton-devtools-auth-sdk
Version: 0.1.0
Summary: Server-side TON Connect 2.0 proof verification for ICP-compatible services
Project-URL: Homepage, https://github.com/ismaildalgatov/ton-devtools
Project-URL: Repository, https://github.com/ismaildalgatov/ton-devtools
Project-URL: Documentation, https://ismaildalgatov.github.io/ton-devtools/
Project-URL: Bug Tracker, https://github.com/ismaildalgatov/ton-devtools/issues
Project-URL: Changelog, https://github.com/ismaildalgatov/ton-devtools/blob/main/packages/ton-devtools-auth-sdk/CHANGELOG.md
License: MIT
License-File: LICENSE
Keywords: authentication,blockchain,ed25519,icp,ton,tonconnect
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.11
Requires-Dist: cryptography>=42.0
Requires-Dist: httpx>=0.27
Requires-Dist: pydantic<3,>=2.7
Provides-Extra: dev
Requires-Dist: mypy>=1.10; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.24; extra == 'dev'
Requires-Dist: pytest>=8.3; extra == 'dev'
Requires-Dist: ruff>=0.4; extra == 'dev'
Description-Content-Type: text/markdown

# ton-devtools-auth-sdk

> Server-side TON Connect 2.0 proof verification for ICP-compatible services.

Part of the [ton-devtools](https://github.com/ismaildalgatov/ton-devtools) monorepo.

[![PyPI](https://img.shields.io/pypi/v/ton-devtools-auth-sdk)](https://pypi.org/project/ton-devtools-auth-sdk/)
[![Python](https://img.shields.io/pypi/pyversions/ton-devtools-auth-sdk)](https://pypi.org/project/ton-devtools-auth-sdk/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)

## What it does

Implements the server-side authentication pipeline:

- **§5.2** — TON proof message construction and ed25519 verification
- **§5.3** — On-chain public key resolution via Toncenter API v2 (or TRMS)
- **§5.6** — Single-use nonce management with TTL (replay attack prevention)
- **§10.2** — Timestamp skew enforcement (±300 s)

## Installation

```bash
pip install ton-devtools-auth-sdk
```

## Quick Start

```python
from ton_devtools_auth import ICPAuthenticator

auth = ICPAuthenticator(
    rpc_base_url="https://toncenter.com/api/v2",
    rpc_api_key="YOUR_KEY",
    domain="id.yourapp.com",
)

# POST /auth/ton/connect
nonce = auth.issue_nonce()          # store and return to client

# POST /auth/ton/verify
result = await auth.verify(
    wallet_address=body.wallet_address,
    nonce=body.nonce,
    signature=body.signature,
    public_key=body.public_key,
    timestamp=body.timestamp,
    domain=body.domain,
)
# result.wallet_address, result.public_key, result.on_chain_verified
```

## Nonce storage backends

```python
from ton_devtools_auth.nonce import NonceManager, InMemoryNonceStore

# Testing / single-replica
auth = ICPAuthenticator(nonce_store=InMemoryNonceStore())

# Production: bring your own Redis client
class RedisNonceStore:
    def __init__(self, redis): self._r = redis
    def set(self, key, value, ttl): self._r.set(key, value, ex=ttl)
    def get(self, key): return self._r.get(key)
    def delete(self, key): return bool(self._r.delete(key))

auth = ICPAuthenticator(nonce_store=RedisNonceStore(redis_client))
```

## Pointing at TRMS for testing

```python
auth = ICPAuthenticator(
    rpc_base_url="http://localhost:8080",  # ton-devtools-rpc-mock
    domain="localhost",
)
```

## License

MIT
