go-authgate
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 28 additions & 0 deletions b/‎.github/workflows/release.yml‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎.github/workflows/testing.yml‎
Lines changed: 34 additions & 0 deletions b/‎.github/workflows/testing.yml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 15 additions & 0 deletions b/‎.gitignore‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 42 additions & 0 deletions b/‎CLAUDE.md‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎LICENSE‎
Lines changed: 21 additions & 0 deletions b/‎LICENSE‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 24 additions & 0 deletions b/‎Makefile‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 103 additions & 0 deletions b/‎README.md‎
Lines changed: 103 additions & 0 deletions
diff --git a/‎pyproject.toml‎
Lines changed: 90 additions & 0 deletions b/‎pyproject.toml‎
Lines changed: 90 additions & 0 deletions
@@ -0,0 +1,28 @@
+name: Release
+
+on:
+  push:
+    tags: ["v*"]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build tools
+        run: pip install build
+
+      - name: Build
+        run: python -m build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
@@ -0,0 +1,34 @@
+name: Testing
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: pip install -e ".[dev]"
+
+      - name: Lint
+        run: make lint
+
+      - name: Type check
+        run: make typecheck
+
+      - name: Test
+        run: make test
@@ -0,0 +1,15 @@
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+dist/
+build/
+*.egg
+.mypy_cache/
+.pytest_cache/
+.ruff_cache/
+.coverage
+htmlcov/
+*.so
+.venv/
+venv/
@@ -0,0 +1,42 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code when working with the Python SDK.
+
+## Project Overview
+
+Python SDK for AuthGate — mirrors the Go SDK's architecture using idiomatic Python patterns.
+
+Package: `authgate` (Python 3.10+, src layout with hatchling build)
+
+## Common Commands
+
+```bash
+make install       # Install in editable mode with dev deps
+make test          # Run all tests with pytest
+make lint          # Run ruff linter
+make fmt           # Format code with ruff
+make typecheck     # Run mypy strict
+```
+
+## Code Style
+
+- ruff for linting and formatting (line length 100)
+- mypy strict mode
+- Dataclasses over Pydantic (zero extra deps)
+- Sync + Async dual API in separate client classes
+- Framework-specific middleware: users only import what they need
+- `from __future__ import annotations` in all modules
+
+## Architecture
+
+- `oauth/` — Pure HTTP client layer (sync: `OAuthClient`, async: `AsyncOAuthClient`)
+- `discovery/` — OIDC auto-discovery with caching
+- `credstore/` — Generic credential storage (file, keyring, composite secure store)
+- `authflow/` — Device Code flow, Auth Code + PKCE, auto-refresh TokenSource
+- `middleware/` — Framework adapters (FastAPI, Flask, Django)
+- `clientcreds/` — M2M Client Credentials with auto-caching
+- `__init__.py` — `authenticate()` / `async_authenticate()` entry points
+
+## Before Committing
+
+All code must pass `make lint`, `make fmt`, and `make typecheck` before committing.
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 AuthGate Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,24 @@
+.PHONY: test lint fmt typecheck install clean
+
+install:
+	pip install -e ".[dev]"
+
+test:
+	python -m pytest tests/ -v --tb=short
+
+coverage:
+	python -m coverage run -m pytest tests/ -v --tb=short
+	python -m coverage report -m
+
+lint:
+	python -m ruff check src/ tests/
+
+fmt:
+	python -m ruff format src/ tests/
+	python -m ruff check --fix src/ tests/
+
+typecheck:
+	python -m mypy src/authgate/
+
+clean:
+	rm -rf build/ dist/ *.egg-info src/*.egg-info .mypy_cache .pytest_cache .ruff_cache .coverage htmlcov/
@@ -0,0 +1,103 @@
+# AuthGate Python SDK
+
+Python SDK for [AuthGate](https://github.com/go-authgate) — OAuth 2.0 authentication and token management.
+
+## Installation
+
+```bash
+pip install authgate
+```
+
+With framework support:
+
+```bash
+pip install authgate[fastapi]
+pip install authgate[flask]
+pip install authgate[django]
+```
+
+## Quick Start
+
+```python
+from authgate import authenticate
+
+client, token = authenticate(
+    "https://auth.example.com",
+    "my-client-id",
+    scopes=["profile", "email"],
+)
+
+print(f"Access token: {token.access_token}")
+```
+
+## Async Usage
+
+```python
+from authgate import async_authenticate
+
+client, token = await async_authenticate(
+    "https://auth.example.com",
+    "my-client-id",
+    scopes=["profile", "email"],
+)
+```
+
+## Client Credentials (M2M)
+
+```python
+from authgate.oauth import OAuthClient, Endpoints
+from authgate.clientcreds import TokenSource, BearerAuth
+import httpx
+
+client = OAuthClient("my-service", endpoints, client_secret="secret")
+ts = TokenSource(client, scopes=["api"])
+
+# Auto-attaches Bearer token to every request
+with httpx.Client(auth=BearerAuth(ts)) as http:
+    resp = http.get("https://api.example.com/data")
+```
+
+## Middleware
+
+### FastAPI
+
+```python
+from fastapi import FastAPI, Depends
+from authgate.middleware.fastapi import BearerAuth
+from authgate.middleware.models import TokenInfo
+
+app = FastAPI()
+auth = BearerAuth(oauth_client)
+
+@app.get("/protected")
+async def protected(info: TokenInfo = Depends(auth)):
+    return {"user": info.user_id}
+```
+
+### Flask
+
+```python
+from flask import Flask
+from authgate.middleware.flask import bearer_auth, get_token_info
+
+app = Flask(__name__)
+
+@app.route("/protected")
+@bearer_auth(oauth_client)
+def protected():
+    info = get_token_info()
+    return {"user": info.user_id}
+```
+
+## Development
+
+```bash
+pip install -e ".[dev]"
+make test
+make lint
+make typecheck
+```
+
+## License
+
+MIT
@@ -0,0 +1,90 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "authgate"
+dynamic = ["version"]
+description = "Python SDK for AuthGate — OAuth 2.0 authentication and token management"
+readme = "README.md"
+license = "MIT"
+requires-python = ">=3.10"
+authors = [{ name = "AuthGate Contributors" }]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Typing :: Typed",
+]
+dependencies = ["httpx>=0.27,<1", "keyring>=25,<27"]
+
+[project.optional-dependencies]
+fastapi = ["fastapi>=0.100"]
+flask = ["flask>=2.3"]
+django = ["django>=4.2"]
+dev = [
+    "pytest>=8",
+    "pytest-asyncio>=0.23",
+    "pytest-httpx>=0.30",
+    "coverage>=7",
+    "mypy>=1.10",
+    "ruff>=0.5",
+]
+
+[tool.hatch.version]
+path = "src/authgate/_version.py"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/authgate"]
+
+[tool.ruff]
+target-version = "py310"
+line-length = 100
+
+[tool.ruff.lint]
+select = [
+    "E",
+    "F",
+    "W",
+    "I",
+    "N",
+    "UP",
+    "B",
+    "A",
+    "SIM",
+    "RUF",
+]
+
+[tool.ruff.lint.isort]
+known-first-party = ["authgate"]
+
+[tool.mypy]
+python_version = "3.10"
+strict = true
+warn_return_any = true
+warn_unused_configs = true
+
+[[tool.mypy.overrides]]
+module = ["keyring", "keyring.errors"]
+ignore_missing_imports = true
+
+[[tool.mypy.overrides]]
+module = ["fastapi", "fastapi.*"]
+ignore_missing_imports = true
+
+[[tool.mypy.overrides]]
+module = ["flask", "flask.*"]
+ignore_missing_imports = true
+
+[[tool.mypy.overrides]]
+module = ["django", "django.*"]
+ignore_missing_imports = true
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+asyncio_mode = "auto"