Metadata-Version: 2.1
Name: oidcish
Version: 1.0.1
Summary: Obtain authentication tokens from OIDC providers.
Author: Erik G. Brandt
Author-email: erik.brandt@shaarpec.com
Requires-Python: >=3.10,<4.0
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Requires-Dist: StrEnum (>=0.4.15,<0.5.0)
Requires-Dist: background (>=0.2.1,<0.3.0)
Requires-Dist: beautifulsoup4 (>=4.12.2,<5.0.0)
Requires-Dist: cryptography (>=41.0.1,<42.0.0)
Requires-Dist: httpx (>=0.24.1,<0.25.0)
Requires-Dist: pendulum (>=2.1.2,<3.0.0)
Requires-Dist: pkce (>=1.0.3,<2.0.0)
Requires-Dist: pydantic (>=2.0.2,<3.0.0)
Requires-Dist: pydantic-settings (>=2.0.1,<3.0.0)
Requires-Dist: python-dotenv (>=1.0.0,<2.0.0)
Requires-Dist: python-jose (>=3.3.0,<4.0.0)
Description-Content-Type: text/markdown

# oidcish

- "Oh I Don't Care If Something Happens"
- "OIDC Is Definitely Cool If Someone Helps"

## What?

Library to connect to your OIDC provider via:

- Authentication code flow
- Device code flow
- Client credentials flow

## Usage

```python
>>> from oidcish import DeviceFlow, CodeFlow, CredentialsFlow
>>> auth = DeviceFlow(
...     host="https://idp.example.com",
...     client_id=...,
...     client_secret=...,
...     scope=...,
...     audience=...
...)
Visit https://idp.example.com/device?userCode=594658190 to complete sign-in.
# Or use env file for auth
# auth = DeviceFlow(_env_file="path/to/my/env.file")
# Or use authorization code flow
# auth = CodeFlow(_env_file="path/to/my/env.file")
# Or use client credentials flow
# auth = CredentialsFlow(_env_file="path/to/my/env.file")
>>> print(auth.credentials.access_token)
eyJhbGciOiJSU...
```

## Options

Device flow can be used with the following options:

| Option | Environment variable | Default | Description |
|-|-|-|-|
| host | OIDCISH_HOST | *No default* | The address to the IDP server. |
| client_id | OIDCISH_CLIENT_ID | *No default* | The client id. |
| client_secret | OIDCISH_CLIENT_SECRET | *No default* | The client secret. |
| scope | OIDCISH_SCOPE | openid profile offline_access | A space separated, case-sensitive list of scopes. |
| audience | OIDCISH_AUDIENCE | *No default* | The access claim was designated for this audience. |

The OIDCISH_ prefix can be set with the OIDCISH_ENV_PREFIX environment variable.

Code flow can be used with the following options:

| Option | Environment variable | Default | Description |
|-|-|-|-|
| host | OIDCISH_HOST | *No default* | The address to the IDP server. |
| client_id | OIDCISH_CLIENT_ID | *No default* | The client id. |
| client_secret | OIDCISH_CLIENT_SECRET | *No default* | The client secret. |
| redirect_uri | OIDCISH_REDIRECT_URI | http://localhost | Must exactly match one of the allowed redirect URIs for the client. |
| username | OIDCISH_USERNAME | *No default* | The user name. |
| password | OIDCISH_PASSWORD | *No default* | The user password. |
| scope | OIDCISH_SCOPE | openid profile offline_access | A space separated, case-sensitive list of scopes. |
| audience | OIDCISH_AUDIENCE | *No default* | The access claim was designated for this audience. |

The OIDCISH_ prefix can be set with the OIDCISH_ENV_PREFIX environment variable.

Client credentials flow can be used with the following options:

| Option | Environment variable | Default | Description |
|-|-|-|-|
| host | OIDCISH_HOST | *No default* | The address to the IDP server. |
| client_id | OIDCISH_CLIENT_ID | *No default* | The client id. |
| client_secret | OIDCISH_CLIENT_SECRET | *No default* | The client secret. |
| audience | OIDCISH_AUDIENCE | *No default* | The access claim was designated for this audience. |

The OIDCISH_ prefix can be set with the OIDCISH_ENV_PREFIX environment variable.

