Metadata-Version: 2.4
Name: typsa-sso-client
Version: 0.2.2
Summary: Desktop Typsa SSO helper client for Lambda-based Microsoft auth flows.
Author: TYPSA
License-Expression: MIT
Project-URL: Homepage, https://pypi.org/project/typsa-sso-client/
Project-URL: Repository, https://github.com/adtTEyS/SSO-Package-Pip.git
Project-URL: Issues, https://github.com/adtTEyS/SSO-Package-Pip.git/issues
Keywords: sso,desktop,oauth,openid,microsoft,lambda
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Dynamic: license-file

# SSO-Package-Pip

Package to integrate a desktop application with an existing Lambda-based SSO flow.

## URL contract

This client builds the SSO trigger URL using only:
- `email`
- `redirect_uri`

## Configuration (environment variables)

The library **does not** call `load_dotenv()`; your app can load a `.env` before calling `TypsaSSOClient.set_config()`.

**Authorize URL:** The package includes the corporate SSO endpoint URL by default (`DEFAULT_SSO_AUTHORIZE_URL` in `sso_typsa.defaults`).  
It is not mandatory to define `SSO_AUTHORIZE_URL` unless you want to **override it** (eg., another environment, staging, etc.).

| Variable | Required | Purpose |
|----------|----------|---------|
| `SSO_AUTHORIZE_URL` or `TYPSA_SSO_AUTHORIZE_URL` | No | Overrides the authorization URL embedded in the package |
| `SSO_REDIRECT_URI`, `TYPSA_SSO_REDIRECT_URI`, or `SSO_CALLBACK_URL` | No | Local callback URL (default: `http://127.0.0.1:8765/callback`) |

See `.env.example` in this repository for optional overrides.

Example:

```python
from sso_typsa import TypsaSSOClient

client = TypsaSSOClient.set_config()
tokens = client.authenticate_strict(email="user@company.com")
```

## Install (local development)

```bash
pip install -e .
```

## Quick start

```python
from sso_typsa import TypsaSSOClient

client = TypsaSSOClient(
    authorize_url="https://your-lambda-domain/sso",
    default_redirect_uri="http://127.0.0.1:8765/callback",
)

tokens = client.authenticate(email="user@company.com")

print(tokens.id_token)
print(tokens.refresh_token)
```

## What `authenticate(...)` does

- opens the browser to your Lambda SSO URL
- sends `email` and `redirect_uri` as query params
- waits for redirect callback on localhost
- returns parsed tokens

## Separate desktop app entity

Desktop UI is now kept separate from the package in `desktop_app/app.py`.

Run from this repository:

```bash
pip install -e .
python desktop_app/app.py
```

This keeps `desktop-sso-client` as a clean reusable package, while the UI app is a consumer of that package.

### Windows custom protocol registration (optional)

If you want browser to redirect directly to installed app, register your scheme in Windows.
Example for scheme `mydesktopapp`:

```powershell
reg add "HKCU\Software\Classes\mydesktopapp" /ve /d "URL:mydesktopapp Protocol" /f
reg add "HKCU\Software\Classes\mydesktopapp" /v "URL Protocol" /d "" /f
reg add "HKCU\Software\Classes\mydesktopapp\shell\open\command" /ve /d "\"python\" \"C:\path\to\desktop_app\app.py\" --callback-url \"%1\"" /f
```

After this, a redirect like `mydesktopapp://auth/callback?...` can open the app.

## Web mapping

If web app uses:

```typescript
const loginUrl = `${environment.ssoUrl}?email=${email}&redirect_uri=${redirectUri}`;
window.location.href = loginUrl;
```

desktop app equivalent:

```python
tokens = client.authenticate(email="user@company.com")
```
