{"id":20513331,"url":"https://github.com/nikolaigulatz/oauth-token-cache","last_synced_at":"2025-10-10T17:10:09.924Z","repository":{"id":51527680,"uuid":"217785341","full_name":"NikolaiGulatz/oauth-token-cache","owner":"NikolaiGulatz","description":"Easily obtain and cache OAuth 2.0 JWT tokens from Auth0.","archived":false,"fork":false,"pushed_at":"2022-12-08T07:42:33.000Z","size":93,"stargazers_count":3,"open_issues_count":4,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-01T22:42:51.002Z","etag":null,"topics":["auth0","oauth","oauth2","python","redis"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NikolaiGulatz.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-27T00:21:36.000Z","updated_at":"2021-09-23T17:01:17.000Z","dependencies_parsed_at":"2023-01-25T09:15:13.483Z","dependency_job_id":null,"html_url":"https://github.com/NikolaiGulatz/oauth-token-cache","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/NikolaiGulatz/oauth-token-cache","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NikolaiGulatz%2Foauth-token-cache","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NikolaiGulatz%2Foauth-token-cache/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NikolaiGulatz%2Foauth-token-cache/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NikolaiGulatz%2Foauth-token-cache/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NikolaiGulatz","download_url":"https://codeload.github.com/NikolaiGulatz/oauth-token-cache/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NikolaiGulatz%2Foauth-token-cache/sbom","scorecard":{"id":101680,"data":{"date":"2025-08-11","repo":{"name":"github.com/NikolaiGulatz/oauth-token-cache","commit":"cde854c451649c401588c55f4c43fbd5986b51bd"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 1/21 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"24 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: PYSEC-2022-42986 / GHSA-43fp-rhv2-5gv8","Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7","Warn: Project is vulnerable to: PYSEC-2022-238 / GHSA-h3qr-fjhm-jphw","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: PYSEC-2022-260 / GHSA-v973-fxgf-6xhp","Warn: Project is vulnerable to: GHSA-5vgj-ggm4-fg62","Warn: Project is vulnerable to: PYSEC-2020-92 / GHSA-hj5v-574p-mj7c","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: PYSEC-2020-176 / GHSA-3pqx-4fqf-j49f","Warn: Project is vulnerable to: PYSEC-2020-96 / GHSA-6757-jp84-gxfx","Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2023-74 / GHSA-j8r2-6x86-q33q","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: PYSEC-2020-149 / GHSA-hmv2-79q8-fv6g","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2021-108 / GHSA-q2q7-5pp4-w6pg","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: PYSEC-2020-148 / GHSA-wqvq-5m8c-6g24","Warn: Project is vulnerable to: PYSEC-2024-187 / GHSA-rqc4-2hc7-8c8v","Warn: Project is vulnerable to: GHSA-jfmj-5v4g-7637"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T10:15:39.211Z","repository_id":51527680,"created_at":"2025-08-15T10:15:39.211Z","updated_at":"2025-08-15T10:15:39.211Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279004815,"owners_count":26083783,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth0","oauth","oauth2","python","redis"],"created_at":"2024-11-15T21:10:12.254Z","updated_at":"2025-10-10T17:10:09.893Z","avatar_url":"https://github.com/NikolaiGulatz.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# oauth-token-cache\n\n[![Build Status](https://travis-ci.org/NikolaiGulatz/oauth-token-cache.svg?branch=master)](https://travis-ci.org/NikolaiGulatz/oauth-token-cache) [![codecov](https://codecov.io/gh/NikolaiGulatz/oauth-token-cache/branch/master/graph/badge.svg)](https://codecov.io/gh/NikolaiGulatz/oauth-token-cache) [![Maintainability](https://api.codeclimate.com/v1/badges/0c5868af680f364adafa/maintainability)](https://codeclimate.com/github/NikolaiGulatz/oauth-token-cache/maintainability) [![PyPI version](https://badge.fury.io/py/oauth-token-cache.svg)](https://badge.fury.io/py/oauth-token-cache)\n\nEasily obtain and cache OAuth 2.0 JWT tokens from Auth0.\n\nWhen using external auth providers for obtaining OAuth 2.0 machine-to-machine tokens you may want to share one access\ntoken across several instances (e.g. processes, threads, containers, pods ...) of your application in order to avoid\nhaving to issue new tokens too often.\n\noauth-token-cache makes it easy to obtain, refresh and cache OAuth 2.0 tokens. Obtained tokens are stored both in\nmemory and in Redis with a TTL which corresponds to the time to expire of your token.\n\n```shell\npip install oauth-token-cache\n```\n\n## Quickstart\n\n```python\nfrom oauth_token_cache import OAuthTokenCache\n\ntoken_provider = OAuthTokenCache(\n    client_id=\"XXX\",\n    client_secret=\"XXX\",\n    token_url=\"https://example.com/oauth/token\"\n)\n\n\"\"\"\nThe token will be cached in Redis. A fresh token will automatically be\nfetched when calling `token` the next time in case the old token has expired.\n\"\"\"\nmy_token = token_provider.token(audience=\"test\")\n\nmy_token.access_token\n\u003e\u003e eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlFrVkJOemN6TjBNeFJr...\n\nmy_token.audience\n\u003e\u003e test\n\nmy_token.token_type\n\u003e\u003e Bearer\n\nmy_token.expires_at\n\u003e\u003e 1572169916\n\nmy_token.expired\n\u003e\u003e False\n```\n\n## Configuring Redis\n\nThe `redis_options` argument will be passed on to the redis client. See the [documentation of the redis package](https://pypi.org/project/redis/) on how to configure the client.\n\n```python\nOAuthTokenCache(\n    client_id=\"XXX\",\n    client_secret=\"XXX\",\n    token_url=\"https://example.com/oauth/token\",\n    redis_options={\n        \"host\": \"example.com\",\n        \"port\": 1234,\n    }\n)\n```\n\n### Using your own Redis client\n\nYou can pass your own Redis client at which `redis_options` will be ignored. Make sure to configure the redis client to\nautomatically decode responses using `decode_response=True`.\n\n```python\nredis_client = redis.Redis(decode_response=True)\n\nOAuthTokenCache(\n    client_id=\"XXX\",\n    client_secret=\"XXX\",\n    token_url=\"https://example.com/oauth/token\",\n    redis_client=redis_client,\n)\n```\n\n## Overwriting the returned token\n\nFor CI and testing it is sometimes helpful to overwrite the returned access token and thus bypass the refreshing and caching functionality of OAuthTokenCache.\n\nYou can do so by setting the `OAUTH_TOKEN` environment variable. OAuthTokenCache will then always return the access token given in the environment variable.\n\n## Development\n\n1. Install the dependencies:\n\n```shell\npoetry install\n```\n\n2. Run linters:\n\n```shell\nmake black\nmake pylint\n```\n\n3. Run pytest:\n\n```shell\nmake pytest\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikolaigulatz%2Foauth-token-cache","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnikolaigulatz%2Foauth-token-cache","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikolaigulatz%2Foauth-token-cache/lists"}