{"id":47661191,"url":"https://github.com/chintakjoshi/authsdk","last_synced_at":"2026-04-16T02:00:57.718Z","repository":{"id":339688879,"uuid":"1162219202","full_name":"chintakjoshi/authSDK","owner":"chintakjoshi","description":"This AuthSDK functions as a SDK that supports integration with multiple services.","archived":false,"fork":false,"pushed_at":"2026-04-16T00:13:13.000Z","size":1289,"stargazers_count":0,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-16T01:16:05.268Z","etag":null,"topics":["authentication-backend","authentication-service","authsdk","authservice","gdpr-compliant","iam","identitymanagement","jwks","jwt","m2m","mfa","oauth2","rbac","saml","sdk","webhookdelivery"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chintakjoshi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-20T02:00:26.000Z","updated_at":"2026-04-16T00:08:59.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/chintakjoshi/authSDK","commit_stats":null,"previous_names":["chintakjoshi/authsdk"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/chintakjoshi/authSDK","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chintakjoshi%2FauthSDK","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chintakjoshi%2FauthSDK/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chintakjoshi%2FauthSDK/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chintakjoshi%2FauthSDK/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chintakjoshi","download_url":"https://codeload.github.com/chintakjoshi/authSDK/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chintakjoshi%2FauthSDK/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31867712,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"online","status_checked_at":"2026-04-16T02:00:06.042Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication-backend","authentication-service","authsdk","authservice","gdpr-compliant","iam","identitymanagement","jwks","jwt","m2m","mfa","oauth2","rbac","saml","sdk","webhookdelivery"],"created_at":"2026-04-02T11:14:22.554Z","updated_at":"2026-04-16T02:00:57.713Z","avatar_url":"https://github.com/chintakjoshi.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AuthSDK\n\n[![Unit Tests](https://img.shields.io/github/check-runs/chintakjoshi/authSDK/main?nameFilter=Unit%20Tests\u0026label=unit%20tests)](https://github.com/chintakjoshi/authSDK/actions/workflows/ci.yml)\n[![Integration Tests](https://img.shields.io/github/check-runs/chintakjoshi/authSDK/main?nameFilter=Integration%20Tests\u0026label=integration%20tests)](https://github.com/chintakjoshi/authSDK/actions/workflows/ci.yml)\n[![Build Packages](https://img.shields.io/github/check-runs/chintakjoshi/authSDK/main?nameFilter=Build%20Packages\u0026label=build%20packages)](https://github.com/chintakjoshi/authSDK/actions/workflows/ci.yml)\n[![Container Publish](https://github.com/chintakjoshi/authSDK/actions/workflows/release.yml/badge.svg)](https://github.com/chintakjoshi/authSDK/actions/workflows/release.yml)\n[![Lint](https://img.shields.io/github/check-runs/chintakjoshi/authSDK/main?nameFilter=Lint\u0026label=lint)](https://github.com/chintakjoshi/authSDK/actions/workflows/ci.yml)\n\nAuthSDK is a central authentication platform plus a reusable Python SDK for\ndownstream services.\n\nFor browser applications, the recommended integration path is now same-origin\ncookie sessions backed by `HttpOnly` cookies. Non-browser consumers can keep\nusing the existing bearer-token contracts.\n\nThe repository contains two closely related deliverables:\n\n- `app/`: a FastAPI auth service that owns identity, sessions, token issuance,\n  API keys, OTP, lifecycle flows, admin APIs, key rotation, audit logging, and\n  webhooks\n- `sdk/`: the `auth-service-sdk` package used by other services to validate JWTs\n  and API keys and enforce authorization locally\n\n## Why This Repo Exists\n\nThis project is meant for a multi-service architecture where authentication\nstate lives in one place and application services consume that trust boundary\nthrough the SDK.\n\nTypical use cases:\n\n- centralize sign-in, refresh, logout, and session revocation\n- issue audience-scoped JWTs for multiple downstream services\n- support OTP, password reset, email verification, OAuth, and SAML in one\n  deployable service\n- give consuming services a thin, reusable middleware layer instead of\n  duplicating auth code\n\n## System Overview\n\n```text\n                           +----------------------+\n                           |   Downstream App     |\n                           |  (FastAPI/Starlette) |\n                           +----------+-----------+\n                                      |\n                        auth-service-sdk middleware/dependencies\n                                      |\n                                      v\n+-----------+                +--------+--------+                +-----------+\n| User/App  +---------------\u003e+   auth-service   +--------------\u003e+ Postgres  |\n+-----------+                +--------+--------+                +-----------+\n                                      |\n                                      +--------------\u003e Redis\n                                      |\n                                      +--------------\u003e webhook worker\n                                      |\n                                      +--------------\u003e scheduler / retention\n```\n\nThe auth service exposes public auth endpoints, admin endpoints, JWKS, token\nvalidation, API-key introspection, webhook management, and health probes.\nDownstream services install `auth-service-sdk` and trust the auth service for\nverification and session state.\n\n## Feature Set\n\n- email/password signup and login\n- JWT access and refresh tokens\n- browser-cookie sessions for first-party web apps\n- audience-scoped access tokens for downstream APIs\n- server-side session validation and logout\n- API key issuance and introspection\n- OTP login and step-up action tokens\n- email verification and password reset flows\n- Google OAuth and SAML entry points\n- admin APIs for users, clients, API keys, audit log, signing keys, and\n  webhooks\n- signing-key rotation with overlap windows and JWKS publishing\n- rate limiting, structured logging, correlation IDs, tracing, metrics, and\n  security headers\n- background webhook delivery and scheduled retention purge\n\n## Repository Layout\n\n```text\napp/          FastAPI service, routers, schemas, services, middleware\nsdk/          publishable Python SDK for consuming services\ndocs/         architecture, configuration, API, operations, troubleshooting\ntests/        unit and integration coverage\nloadtests/    Locust scenarios and result artifacts\ndocker/       Dockerfile and local compose stack\nmigrations/   Alembic environment and revisions\nworkers/      background job entrypoints\n```\n\n## Quick Start\n\n1. Copy the local environment template.\n\n```powershell\nCopy-Item .env-sample .env\n```\n\n2. Start the local stack.\n\n```powershell\ndocker compose -f docker/docker-compose.yml up --build\n```\n\n3. Verify the service is healthy.\n\n```powershell\ncurl http://localhost:8000/health/ready\n```\n\nLocal URLs:\n\n- auth service: `http://localhost:8000`\n- Swagger UI: `http://localhost:8000/docs` when `APP__EXPOSE_DOCS=true`\n- Mailhog: `http://localhost:8025`\n- Adminer: `http://localhost:8080`\n\n## Documentation Map\n\nStart here based on what you need:\n\n- repository docs hub: `docs/README.md`\n- local development: `DEVELOPMENT.md`\n- browser app quickstart: `docs/browser-consumer-quickstart.md`\n- system architecture: `docs/architecture.md`\n- configuration reference: `docs/configuration.md`\n- service API guide: `docs/service-api.md`\n- SDK integration: `docs/integrate-sdk.md`\n- testing guide: `docs/testing.md`\n- operations and deployment: `docs/operations.md`\n- troubleshooting: `docs/troubleshooting.md`\n- SDK package guide: `sdk/README.md`\n- load tests: `loadtests/README.md`\n\n## SDK At A Glance\n\nThe SDK package is published as `auth-service-sdk` and imported as `sdk`.\n\nIt provides:\n\n- `JWTAuthMiddleware`\n- `APIKeyAuthMiddleware`\n- `require_role(...)`\n- `require_action_token(...)`\n- `require_fresh_auth(...)`\n- `AuthClient`\n\nInstall options:\n\n```bash\npip install auth-service-sdk\npip install /path/to/authSDK/sdk\npip install \"git+https://github.com/\u003corg\u003e/\u003crepo\u003e.git#subdirectory=sdk\"\n```\n\n## Development Workflow\n\nThe repo includes:\n\n- linting with Ruff\n- formatting checks with Black\n- unit and integration tests with Pytest\n- Alembic migration validation\n- service and SDK package builds\n\nCommon commands:\n\n```bash\npython -m ruff check .\npython -m black --check .\npython -m pytest -q\npython -m alembic upgrade head\npython -m build\npython -m build sdk\n```\n\nFor a fuller contributor workflow, see `CONTRIBUTING.md`.\n\nBrowser-app integrators should start with `docs/browser-consumer-quickstart.md`\nand then use `docs/service-api.md` plus `docs/integrate-sdk.md` for the exact\nservice and SDK contracts.\n\n## Operational Entry Points\n\nRotate signing keys:\n\n```bash\npython -m app.cli rotate-signing-key\n```\n\nRun background processes outside Docker:\n\n```bash\npython worker.py\npython scheduler.py\n```\n\n## CI/CD\n\nGitHub Actions currently covers:\n\n- lint and formatting checks\n- unit and integration tests\n- Alembic offline and online migration validation\n- service package build\n- SDK package build and wheel smoke test\n- container image publication to GHCR\n\nSee `.github/workflows/ci.yml` and `.github/workflows/release.yml` for the\nauthoritative workflow definitions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchintakjoshi%2Fauthsdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchintakjoshi%2Fauthsdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchintakjoshi%2Fauthsdk/lists"}