Metadata-Version: 2.1
Name: macrostrat.auth_system
Version: 1.0.2
Summary: Authentication system for Macrostrat and related apps
Author: Daven Quinn
Author-email: code@davenquinn.com
Requires-Python: >=3.9,<4.0
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Dist: PyJWT (>=1.7.1,<3.0)
Requires-Dist: bcrypt (>=4.1.1,<5.0.0)
Requires-Dist: fastapi (>=0.104.0,<0.105.0)
Requires-Dist: httpx (>=0.25.0,<0.26.0)
Requires-Dist: macrostrat.database (>=3.3.1,<4.0.0)
Requires-Dist: macrostrat.utils (>=1.2.0,<2.0.0)
Requires-Dist: python-jose[cryptography] (>=3.3.0,<4.0.0)
Requires-Dist: starlette (>=0.27.0,<0.28.0)
Requires-Dist: webargs-starlette (>=2.0.0,<3.0.0)
Requires-Dist: werkzeug (>=2.3.7,<4.0)
Description-Content-Type: text/markdown

# Macrostrat authentication system

This module contains tools to manipulate Macrostrat's user authentication
system. It is divided into two submodules:

- `macrostrat.auth_system.legacy`: A JWT-based authentication system relying on
  local storage of hashed passwords. This system was created as part
  of [Sparrow](https://sparrow-data.org) and is being phased out in favor of a
  more modern system based on ORCID.
- `macrostrat.auth_system.core`: An ORCID-based user
  authentication system. This system will become the primary authentication
  system for Macrostrat, but it is still in development.

We plan to gradually converge the functionality of both versions while phasing
out the legacy system.

The system has tests that can be run with `poetry run pytest auth-system`
(currently, only the legacy system is covered).

## Key planned functionality

- Allow many Macrostrat-hosted services to easily integrate with Macrostrat's
  login and token flow
- Allow APIs to easily validate user credentials and tokens with minimum
  overhead
- Allow access to be checked in multiple ways:
  - Cookies and headers
  - Limited-time JWT tokens and long-duration, cancelable API tokens
  - Verify against Macrostrat "user group" or application-specific criteria (
    e.g., a list of authorized ORCID IDs)


