# TroveSuite Auth Service
A comprehensive authentication and authorization service for ERP systems. This package provides JWT token validation, user authorization, and permission checking capabilities.
## Features
- **JWT Token Validation**: Secure token decoding and validation
- **User Authorization**: Multi-level authorization with tenant verification
- **Permission Checking**: Hierarchical permission system (organization > business > app > location > resource)
- **Database Integration**: PostgreSQL support with connection pooling
- **Logging**: Comprehensive logging with multiple output formats
- **Azure Integration**: Support for Azure Storage Queues and Managed Identity
- **FastAPI Ready**: Built for FastAPI applications
## Installation
### From GitHub Packages
#### Using pip
```bash
pip install trovesuite-auth-service --index-url https://pypi.org/simple/ --extra-index-url https://pypi.pkg.github.com/deladetech/simple/
```
#### Using Poetry
```bash
# Add GitHub Packages as a source
poetry source add --priority=supplemental github https://pypi.pkg.github.com/deladetech/simple/
# Install the package
poetry add trovesuite-auth-service
```
### From Source
#### Using pip
```bash
git clone https://github.com/deladetech/trovesuite-auth-service.git
cd trovesuite-auth-service
pip install -e .
```
#### Using Poetry
```bash
git clone https://github.com/deladetech/trovesuite-auth-service.git
cd trovesuite-auth-service
poetry install
```
### Development Installation
#### Using pip
```bash
git clone https://github.com/deladetech/trovesuite-auth-service.git
cd trovesuite-auth-service
pip install -e ".[dev]"
```
#### Using Poetry
```bash
git clone https://github.com/deladetech/trovesuite-auth-service.git
cd trovesuite-auth-service
poetry install --with dev
```
## Quick Start
### Basic Usage
```python
from trovesuite_auth_service import AuthService, AuthServiceReadDto
from trovesuite_auth_service.configs.settings import db_settings
# Configure your database settings
db_settings.DB_HOST = "localhost"
db_settings.DB_PORT = 5432
db_settings.DB_NAME = "your_database"
db_settings.DB_USER = "your_user"
db_settings.DB_PASSWORD = "your_password"
db_settings.SECRET_KEY = "your-secret-key"
# Initialize the auth service
auth_service = AuthService()
# Authorize a user
result = auth_service.authorize(user_id="user123", tenant_id="tenant456")
if result.success:
print("User authorized successfully")
for role in result.data:
print(f"Role: {role.role_id}, Permissions: {role.permissions}")
else:
print(f"Authorization failed: {result.detail}")
```
### JWT Token Decoding
```python
from trovesuite_auth_service import AuthService
from fastapi import Depends
from fastapi.security import OAuth2PasswordBearer
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
@app.get("/protected")
async def protected_route(token: str = Depends(oauth2_scheme)):
# Decode and validate token
user_data = AuthService.decode_token(token)
user_id = user_data["user_id"]
tenant_id = user_data["tenant_id"]
# Authorize user
auth_result = AuthService.authorize(user_id, tenant_id)
return auth_result
```
### Convenience Methods
```python
from trovesuite_auth_service import AuthService
# Get user info directly from token
user_info = AuthService.get_user_info_from_token(token)
print(f"User: {user_info['user_id']}, Tenant: {user_info['tenant_id']}")
# Authorize user directly from token (combines decode + authorize)
auth_result = AuthService.authorize_user_from_token(token)
if auth_result.success:
# Get all user permissions
all_permissions = AuthService.get_user_permissions(auth_result.data)
print(f"User has permissions: {all_permissions}")
# Check if user has any of the required permissions
has_any = AuthService.has_any_permission(
auth_result.data,
["read", "write", "admin"]
)
# Check if user has all required permissions
has_all = AuthService.has_all_permissions(
auth_result.data,
["read", "write"]
)
```
### Permission Checking
```python
from trovesuite_auth_service import AuthService
# After getting user roles from authorization
user_roles = auth_result.data
# Check specific permission
has_permission = AuthService.check_permission(
user_roles=user_roles,
action="read",
org_id="org123",
bus_id="bus456",
app_id="app789"
)
if has_permission:
print("User has permission to read from this resource")
```
## Configuration
### Quick Configuration Check
```python
from trovesuite_auth_service.configs.settings import db_settings
# Check your configuration
config_summary = db_settings.get_configuration_summary()
print("Current configuration:")
for key, value in config_summary.items():
print(f" {key}: {value}")
# The service will automatically validate configuration on import
# and show warnings for potential issues
```
### Environment Variables
The service uses environment variables for configuration. Set these in your environment or `.env` file:
```bash
# Database Configuration
DB_HOST=localhost
DB_PORT=5432
DB_NAME=your_database
DB_USER=your_user
DB_PASSWORD=your_password
DATABASE_URL=postgresql://user:password@localhost:5432/database
# Security
SECRET_KEY=your-secret-key-here
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=60
# Application
APP_NAME=Auth Service
ENVIRONMENT=production
DEBUG=false
# Logging
LOG_LEVEL=INFO
LOG_FORMAT=detailed
LOG_TO_FILE=true
# Table Names (customize as needed)
TENANTS_TABLE=tenants
LOGIN_SETTINGS_TABLE=login_settings
USER_GROUPS_TABLE=user_groups
ASSIGN_ROLES_TABLE=assign_roles
ROLE_PERMISSIONS_TABLE=role_permissions
# Azure (optional - for queue functionality)
STORAGE_ACCOUNT_NAME=your-storage-account
USER_ASSIGNED_MANAGED_IDENTITY=your-managed-identity
```
### Database Schema
The service expects the following database tables:
#### Main Schema Tables
- `tenants` - Tenant information and verification status
- `role_permissions` - Role-permission mappings
#### Tenant Schema Tables (per tenant)
- `login_settings` - User login configurations (working days, suspension status, etc.)
- `user_groups` - User-group memberships
- `assign_roles` - Role assignments to users/groups with resource hierarchy
## API Reference
### AuthService
#### `authorize(user_id: str, tenant_id: str) -> Respons[AuthServiceReadDto]`
Authorizes a user and returns their roles and permissions.
**Parameters:**
- `user_id`: The user identifier (must be a non-empty string)
- `tenant_id`: The tenant identifier (must be a non-empty string)
**Returns:**
- `Respons[AuthServiceReadDto]`: Authorization result with user roles and permissions
**Error Codes:**
- `INVALID_USER_ID`: Invalid or empty user_id
- `INVALID_TENANT_ID`: Invalid or empty tenant_id
- `TENANT_NOT_FOUND`: Tenant doesn't exist or is deleted
- `TENANT_NOT_VERIFIED`: Tenant exists but is not verified
- `USER_NOT_FOUND`: User doesn't exist in tenant or is inactive
- `USER_SUSPENDED`: User account is suspended
- `LOGIN_TIME_RESTRICTED`: Login not allowed at current time
#### `decode_token(token: str) -> dict`
Decodes and validates a JWT token.
**Parameters:**
- `token`: The JWT token to decode
**Returns:**
- `dict`: Token payload with user_id and tenant_id
**Raises:**
- `HTTPException`: If token is invalid
#### `check_permission(user_roles: list, action: str, **kwargs) -> bool`
Checks if a user has a specific permission for a resource.
**Parameters:**
- `user_roles`: List of user roles from authorization
- `action`: The permission action to check
- `org_id`, `bus_id`, `app_id`, `resource_id`, `shared_resource_id`: Resource identifiers
**Returns:**
- `bool`: True if user has permission, False otherwise
#### `get_user_info_from_token(token: str) -> dict`
Convenience method to get user information from a JWT token.
**Parameters:**
- `token`: JWT token string
**Returns:**
- `dict`: User information including user_id and tenant_id
#### `authorize_user_from_token(token: str) -> Respons[AuthServiceReadDto]`
Convenience method to authorize a user directly from a JWT token.
**Parameters:**
- `token`: JWT token string
**Returns:**
- `Respons[AuthServiceReadDto]`: Authorization result with user roles and permissions
#### `get_user_permissions(user_roles: list) -> list`
Get all unique permissions for a user across all their roles.
**Parameters:**
- `user_roles`: List of user roles from authorization
**Returns:**
- `list`: Unique list of permissions
#### `has_any_permission(user_roles: list, required_permissions: list) -> bool`
Check if user has any of the required permissions.
**Parameters:**
- `user_roles`: List of user roles from authorization
- `required_permissions`: List of permissions to check for
**Returns:**
- `bool`: True if user has any of the required permissions
#### `has_all_permissions(user_roles: list, required_permissions: list) -> bool`
Check if user has all of the required permissions.
**Parameters:**
- `user_roles`: List of user roles from authorization
- `required_permissions`: List of permissions to check for
**Returns:**
- `bool`: True if user has all of the required permissions
### Data Models
#### `AuthServiceReadDto`
```python
class AuthServiceReadDto(BaseModel):
org_id: Optional[str] = None
bus_id: Optional[str] = None
app_id: Optional[str] = None
shared_resource_id: Optional[str] = None
user_id: Optional[str] = None
group_id: Optional[str] = None
role_id: Optional[str] = None
tenant_id: Optional[str] = None
permissions: Optional[List[str]] = None
resource_id: Optional[str] = None
```
#### `Respons[T]`
```python
class Respons[T](BaseModel):
detail: Optional[str] = None
error: Optional[str] = None
data: Optional[List[T]] = None
status_code: int = 200
success: bool = True
pagination: Optional[PaginationMeta] = None
```
## Error Handling
The service provides comprehensive error handling with specific error codes and user-friendly messages:
### Common Error Scenarios
```python
from trovesuite_auth_service import AuthService
# Example: Handle authorization errors
result = AuthService.authorize("user123", "tenant456")
if not result.success:
if result.error == "TENANT_NOT_FOUND":
print("Tenant doesn't exist")
elif result.error == "USER_SUSPENDED":
print("User account is suspended")
elif result.error == "LOGIN_TIME_RESTRICTED":
print("Login not allowed at this time")
else:
print(f"Authorization failed: {result.detail}")
else:
print("Authorization successful!")
```
### Best Practices
1. **Always check the `success` field** before accessing `data`
2. **Use specific error codes** for programmatic error handling
3. **Display user-friendly messages** from the `detail` field
4. **Log errors** for debugging purposes
5. **Validate input parameters** before calling service methods
### Configuration Validation
The service automatically validates configuration on import and shows warnings for potential issues:
```python
# Configuration validation happens automatically
from trovesuite_auth_service.configs.settings import db_settings
# Check configuration summary
config = db_settings.get_configuration_summary()
print("Configuration loaded successfully")
# Common warnings you might see:
# - Default SECRET_KEY in production
# - Missing database configuration
# - Inconsistent environment settings
```
## Development
### Running Tests
#### Using pip
```bash
pytest
```
#### Using Poetry
```bash
poetry run pytest
```
### Code Formatting
#### Using pip
```bash
black trovesuite_auth_service/
```
#### Using Poetry
```bash
poetry run black trovesuite_auth_service/
```
### Type Checking
#### Using pip
```bash
mypy trovesuite_auth_service/
```
#### Using Poetry
```bash
poetry run mypy trovesuite_auth_service/
```
### Linting
#### Using pip
```bash
flake8 trovesuite_auth_service/
```
#### Using Poetry
```bash
poetry run flake8 trovesuite_auth_service/
```
### Poetry Configuration
If you're using Poetry in your project, you can add this package to your `pyproject.toml`:
```toml
[tool.poetry.dependencies]
trovesuite-auth-service = "^1.0.0"
[[tool.poetry.source]]
name = "github"
url = "https://pypi.pkg.github.com/deladetech/simple/"
priority = "supplemental"
```
Then run:
```bash
poetry install
```
## Contributing
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add some amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## Support
For support, email brightgclt@gmail.com or create an issue in the [GitHub repository](https://github.com/deladetech/trovesuite-auth-service/issues).
## Changelog
### 1.0.0
- Initial release
- JWT token validation
- User authorization with tenant verification
- Hierarchical permission checking
- PostgreSQL database integration
- Comprehensive logging
- Azure integration support
Raw data
{
"_id": null,
"home_page": "https://github.com/deladetech/trovesuite-auth-service",
"name": "trovesuite-auth-service",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.12",
"maintainer_email": "Bright Debrah Owusu <owusu.debrah@deladetech.com>",
"keywords": "authentication, authorization, jwt, erp, fastapi, security",
"author": "Bright Debrah Owusu",
"author_email": "Bright Debrah Owusu <owusu.debrah@deladetech.com>",
"download_url": "https://files.pythonhosted.org/packages/b4/2c/eeb32f39962accfb762f9294f2a193580a5ca138c690fa59f407ff8f3dc7/trovesuite_auth_service-1.0.7.tar.gz",
"platform": null,
"description": "# TroveSuite Auth Service\n\nA comprehensive authentication and authorization service for ERP systems. This package provides JWT token validation, user authorization, and permission checking capabilities.\n\n## Features\n\n- **JWT Token Validation**: Secure token decoding and validation\n- **User Authorization**: Multi-level authorization with tenant verification\n- **Permission Checking**: Hierarchical permission system (organization > business > app > location > resource)\n- **Database Integration**: PostgreSQL support with connection pooling\n- **Logging**: Comprehensive logging with multiple output formats\n- **Azure Integration**: Support for Azure Storage Queues and Managed Identity\n- **FastAPI Ready**: Built for FastAPI applications\n\n## Installation\n\n### From GitHub Packages\n\n#### Using pip\n```bash\npip install trovesuite-auth-service --index-url https://pypi.org/simple/ --extra-index-url https://pypi.pkg.github.com/deladetech/simple/\n```\n\n#### Using Poetry\n```bash\n# Add GitHub Packages as a source\npoetry source add --priority=supplemental github https://pypi.pkg.github.com/deladetech/simple/\n\n# Install the package\npoetry add trovesuite-auth-service\n```\n\n### From Source\n\n#### Using pip\n```bash\ngit clone https://github.com/deladetech/trovesuite-auth-service.git\ncd trovesuite-auth-service\npip install -e .\n```\n\n#### Using Poetry\n```bash\ngit clone https://github.com/deladetech/trovesuite-auth-service.git\ncd trovesuite-auth-service\npoetry install\n```\n\n### Development Installation\n\n#### Using pip\n```bash\ngit clone https://github.com/deladetech/trovesuite-auth-service.git\ncd trovesuite-auth-service\npip install -e \".[dev]\"\n```\n\n#### Using Poetry\n```bash\ngit clone https://github.com/deladetech/trovesuite-auth-service.git\ncd trovesuite-auth-service\npoetry install --with dev\n```\n\n## Quick Start\n\n### Basic Usage\n\n```python\nfrom trovesuite_auth_service import AuthService, AuthServiceReadDto\nfrom trovesuite_auth_service.configs.settings import db_settings\n\n# Configure your database settings\ndb_settings.DB_HOST = \"localhost\"\ndb_settings.DB_PORT = 5432\ndb_settings.DB_NAME = \"your_database\"\ndb_settings.DB_USER = \"your_user\"\ndb_settings.DB_PASSWORD = \"your_password\"\ndb_settings.SECRET_KEY = \"your-secret-key\"\n\n# Initialize the auth service\nauth_service = AuthService()\n\n# Authorize a user\nresult = auth_service.authorize(user_id=\"user123\", tenant_id=\"tenant456\")\n\nif result.success:\n print(\"User authorized successfully\")\n for role in result.data:\n print(f\"Role: {role.role_id}, Permissions: {role.permissions}\")\nelse:\n print(f\"Authorization failed: {result.detail}\")\n```\n\n### JWT Token Decoding\n\n```python\nfrom trovesuite_auth_service import AuthService\nfrom fastapi import Depends\nfrom fastapi.security import OAuth2PasswordBearer\n\noauth2_scheme = OAuth2PasswordBearer(tokenUrl=\"token\")\n\n@app.get(\"/protected\")\nasync def protected_route(token: str = Depends(oauth2_scheme)):\n # Decode and validate token\n user_data = AuthService.decode_token(token)\n user_id = user_data[\"user_id\"]\n tenant_id = user_data[\"tenant_id\"]\n \n # Authorize user\n auth_result = AuthService.authorize(user_id, tenant_id)\n return auth_result\n```\n\n### Convenience Methods\n\n```python\nfrom trovesuite_auth_service import AuthService\n\n# Get user info directly from token\nuser_info = AuthService.get_user_info_from_token(token)\nprint(f\"User: {user_info['user_id']}, Tenant: {user_info['tenant_id']}\")\n\n# Authorize user directly from token (combines decode + authorize)\nauth_result = AuthService.authorize_user_from_token(token)\n\nif auth_result.success:\n # Get all user permissions\n all_permissions = AuthService.get_user_permissions(auth_result.data)\n print(f\"User has permissions: {all_permissions}\")\n \n # Check if user has any of the required permissions\n has_any = AuthService.has_any_permission(\n auth_result.data, \n [\"read\", \"write\", \"admin\"]\n )\n \n # Check if user has all required permissions\n has_all = AuthService.has_all_permissions(\n auth_result.data, \n [\"read\", \"write\"]\n )\n```\n\n### Permission Checking\n\n```python\nfrom trovesuite_auth_service import AuthService\n\n# After getting user roles from authorization\nuser_roles = auth_result.data\n\n# Check specific permission\nhas_permission = AuthService.check_permission(\n user_roles=user_roles,\n action=\"read\",\n org_id=\"org123\",\n bus_id=\"bus456\",\n app_id=\"app789\"\n)\n\nif has_permission:\n print(\"User has permission to read from this resource\")\n```\n\n## Configuration\n\n### Quick Configuration Check\n\n```python\nfrom trovesuite_auth_service.configs.settings import db_settings\n\n# Check your configuration\nconfig_summary = db_settings.get_configuration_summary()\nprint(\"Current configuration:\")\nfor key, value in config_summary.items():\n print(f\" {key}: {value}\")\n\n# The service will automatically validate configuration on import\n# and show warnings for potential issues\n```\n\n### Environment Variables\n\nThe service uses environment variables for configuration. Set these in your environment or `.env` file:\n\n```bash\n# Database Configuration\nDB_HOST=localhost\nDB_PORT=5432\nDB_NAME=your_database\nDB_USER=your_user\nDB_PASSWORD=your_password\nDATABASE_URL=postgresql://user:password@localhost:5432/database\n\n# Security\nSECRET_KEY=your-secret-key-here\nALGORITHM=HS256\nACCESS_TOKEN_EXPIRE_MINUTES=60\n\n# Application\nAPP_NAME=Auth Service\nENVIRONMENT=production\nDEBUG=false\n\n# Logging\nLOG_LEVEL=INFO\nLOG_FORMAT=detailed\nLOG_TO_FILE=true\n\n# Table Names (customize as needed)\nTENANTS_TABLE=tenants\nLOGIN_SETTINGS_TABLE=login_settings\nUSER_GROUPS_TABLE=user_groups\nASSIGN_ROLES_TABLE=assign_roles\nROLE_PERMISSIONS_TABLE=role_permissions\n\n# Azure (optional - for queue functionality)\nSTORAGE_ACCOUNT_NAME=your-storage-account\nUSER_ASSIGNED_MANAGED_IDENTITY=your-managed-identity\n```\n\n### Database Schema\n\nThe service expects the following database tables:\n\n#### Main Schema Tables\n- `tenants` - Tenant information and verification status\n- `role_permissions` - Role-permission mappings\n\n#### Tenant Schema Tables (per tenant)\n- `login_settings` - User login configurations (working days, suspension status, etc.)\n- `user_groups` - User-group memberships\n- `assign_roles` - Role assignments to users/groups with resource hierarchy\n\n## API Reference\n\n### AuthService\n\n#### `authorize(user_id: str, tenant_id: str) -> Respons[AuthServiceReadDto]`\n\nAuthorizes a user and returns their roles and permissions.\n\n**Parameters:**\n- `user_id`: The user identifier (must be a non-empty string)\n- `tenant_id`: The tenant identifier (must be a non-empty string)\n\n**Returns:**\n- `Respons[AuthServiceReadDto]`: Authorization result with user roles and permissions\n\n**Error Codes:**\n- `INVALID_USER_ID`: Invalid or empty user_id\n- `INVALID_TENANT_ID`: Invalid or empty tenant_id\n- `TENANT_NOT_FOUND`: Tenant doesn't exist or is deleted\n- `TENANT_NOT_VERIFIED`: Tenant exists but is not verified\n- `USER_NOT_FOUND`: User doesn't exist in tenant or is inactive\n- `USER_SUSPENDED`: User account is suspended\n- `LOGIN_TIME_RESTRICTED`: Login not allowed at current time\n\n#### `decode_token(token: str) -> dict`\n\nDecodes and validates a JWT token.\n\n**Parameters:**\n- `token`: The JWT token to decode\n\n**Returns:**\n- `dict`: Token payload with user_id and tenant_id\n\n**Raises:**\n- `HTTPException`: If token is invalid\n\n#### `check_permission(user_roles: list, action: str, **kwargs) -> bool`\n\nChecks if a user has a specific permission for a resource.\n\n**Parameters:**\n- `user_roles`: List of user roles from authorization\n- `action`: The permission action to check\n- `org_id`, `bus_id`, `app_id`, `resource_id`, `shared_resource_id`: Resource identifiers\n\n**Returns:**\n- `bool`: True if user has permission, False otherwise\n\n#### `get_user_info_from_token(token: str) -> dict`\n\nConvenience method to get user information from a JWT token.\n\n**Parameters:**\n- `token`: JWT token string\n\n**Returns:**\n- `dict`: User information including user_id and tenant_id\n\n#### `authorize_user_from_token(token: str) -> Respons[AuthServiceReadDto]`\n\nConvenience method to authorize a user directly from a JWT token.\n\n**Parameters:**\n- `token`: JWT token string\n\n**Returns:**\n- `Respons[AuthServiceReadDto]`: Authorization result with user roles and permissions\n\n#### `get_user_permissions(user_roles: list) -> list`\n\nGet all unique permissions for a user across all their roles.\n\n**Parameters:**\n- `user_roles`: List of user roles from authorization\n\n**Returns:**\n- `list`: Unique list of permissions\n\n#### `has_any_permission(user_roles: list, required_permissions: list) -> bool`\n\nCheck if user has any of the required permissions.\n\n**Parameters:**\n- `user_roles`: List of user roles from authorization\n- `required_permissions`: List of permissions to check for\n\n**Returns:**\n- `bool`: True if user has any of the required permissions\n\n#### `has_all_permissions(user_roles: list, required_permissions: list) -> bool`\n\nCheck if user has all of the required permissions.\n\n**Parameters:**\n- `user_roles`: List of user roles from authorization\n- `required_permissions`: List of permissions to check for\n\n**Returns:**\n- `bool`: True if user has all of the required permissions\n\n### Data Models\n\n#### `AuthServiceReadDto`\n\n```python\nclass AuthServiceReadDto(BaseModel):\n org_id: Optional[str] = None\n bus_id: Optional[str] = None \n app_id: Optional[str] = None \n shared_resource_id: Optional[str] = None\n user_id: Optional[str] = None\n group_id: Optional[str] = None\n role_id: Optional[str] = None\n tenant_id: Optional[str] = None\n permissions: Optional[List[str]] = None\n resource_id: Optional[str] = None\n```\n\n#### `Respons[T]`\n\n```python\nclass Respons[T](BaseModel):\n detail: Optional[str] = None\n error: Optional[str] = None\n data: Optional[List[T]] = None\n status_code: int = 200\n success: bool = True\n pagination: Optional[PaginationMeta] = None\n```\n\n## Error Handling\n\nThe service provides comprehensive error handling with specific error codes and user-friendly messages:\n\n### Common Error Scenarios\n\n```python\nfrom trovesuite_auth_service import AuthService\n\n# Example: Handle authorization errors\nresult = AuthService.authorize(\"user123\", \"tenant456\")\n\nif not result.success:\n if result.error == \"TENANT_NOT_FOUND\":\n print(\"Tenant doesn't exist\")\n elif result.error == \"USER_SUSPENDED\":\n print(\"User account is suspended\")\n elif result.error == \"LOGIN_TIME_RESTRICTED\":\n print(\"Login not allowed at this time\")\n else:\n print(f\"Authorization failed: {result.detail}\")\nelse:\n print(\"Authorization successful!\")\n```\n\n### Best Practices\n\n1. **Always check the `success` field** before accessing `data`\n2. **Use specific error codes** for programmatic error handling\n3. **Display user-friendly messages** from the `detail` field\n4. **Log errors** for debugging purposes\n5. **Validate input parameters** before calling service methods\n\n### Configuration Validation\n\nThe service automatically validates configuration on import and shows warnings for potential issues:\n\n```python\n# Configuration validation happens automatically\nfrom trovesuite_auth_service.configs.settings import db_settings\n\n# Check configuration summary\nconfig = db_settings.get_configuration_summary()\nprint(\"Configuration loaded successfully\")\n\n# Common warnings you might see:\n# - Default SECRET_KEY in production\n# - Missing database configuration\n# - Inconsistent environment settings\n```\n\n## Development\n\n### Running Tests\n\n#### Using pip\n```bash\npytest\n```\n\n#### Using Poetry\n```bash\npoetry run pytest\n```\n\n### Code Formatting\n\n#### Using pip\n```bash\nblack trovesuite_auth_service/\n```\n\n#### Using Poetry\n```bash\npoetry run black trovesuite_auth_service/\n```\n\n### Type Checking\n\n#### Using pip\n```bash\nmypy trovesuite_auth_service/\n```\n\n#### Using Poetry\n```bash\npoetry run mypy trovesuite_auth_service/\n```\n\n### Linting\n\n#### Using pip\n```bash\nflake8 trovesuite_auth_service/\n```\n\n#### Using Poetry\n```bash\npoetry run flake8 trovesuite_auth_service/\n```\n\n### Poetry Configuration\n\nIf you're using Poetry in your project, you can add this package to your `pyproject.toml`:\n\n```toml\n[tool.poetry.dependencies]\ntrovesuite-auth-service = \"^1.0.0\"\n\n[[tool.poetry.source]]\nname = \"github\"\nurl = \"https://pypi.pkg.github.com/deladetech/simple/\"\npriority = \"supplemental\"\n```\n\nThen run:\n```bash\npoetry install\n```\n\n## Contributing\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit your changes (`git commit -m 'Add some amazing feature'`)\n4. Push to the branch (`git push origin feature/amazing-feature`)\n5. Open a Pull Request\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Support\n\nFor support, email brightgclt@gmail.com or create an issue in the [GitHub repository](https://github.com/deladetech/trovesuite-auth-service/issues).\n\n## Changelog\n\n### 1.0.0\n- Initial release\n- JWT token validation\n- User authorization with tenant verification\n- Hierarchical permission checking\n- PostgreSQL database integration\n- Comprehensive logging\n- Azure integration support\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A comprehensive authentication and authorization service for ERP systems",
"version": "1.0.7",
"project_urls": {
"Bug Tracker": "https://github.com/deladetech/trovesuite-auth-service/issues",
"Documentation": "https://github.com/deladetech/trovesuite-auth-service#readme",
"Homepage": "https://github.com/deladetech/trovesuite-auth-service",
"Repository": "https://github.com/deladetech/trovesuite-auth-service"
},
"split_keywords": [
"authentication",
" authorization",
" jwt",
" erp",
" fastapi",
" security"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "fbb35ecd24946b2b1409b48ad164e09f8f0747c6fa10ecf454090ca498196ccd",
"md5": "8e038d3575d9ad4b1360f76b416da699",
"sha256": "f4a1cb885b887a5f5b445eccd89264a00d28634deaa7ff9ed1682e3c1f3d9333"
},
"downloads": -1,
"filename": "trovesuite_auth_service-1.0.7-py3-none-any.whl",
"has_sig": false,
"md5_digest": "8e038d3575d9ad4b1360f76b416da699",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.12",
"size": 20335,
"upload_time": "2025-10-16T18:41:08",
"upload_time_iso_8601": "2025-10-16T18:41:08.139118Z",
"url": "https://files.pythonhosted.org/packages/fb/b3/5ecd24946b2b1409b48ad164e09f8f0747c6fa10ecf454090ca498196ccd/trovesuite_auth_service-1.0.7-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "b42ceeb32f39962accfb762f9294f2a193580a5ca138c690fa59f407ff8f3dc7",
"md5": "641e7938ae53aff6dc704d9eddd02bb4",
"sha256": "2000b4b8fae5fd2cb1e869b2c032628ebd075f627ffc0fdf13913e4550156a39"
},
"downloads": -1,
"filename": "trovesuite_auth_service-1.0.7.tar.gz",
"has_sig": false,
"md5_digest": "641e7938ae53aff6dc704d9eddd02bb4",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.12",
"size": 23958,
"upload_time": "2025-10-16T18:41:09",
"upload_time_iso_8601": "2025-10-16T18:41:09.434037Z",
"url": "https://files.pythonhosted.org/packages/b4/2c/eeb32f39962accfb762f9294f2a193580a5ca138c690fa59f407ff8f3dc7/trovesuite_auth_service-1.0.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-16 18:41:09",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "deladetech",
"github_project": "trovesuite-auth-service",
"github_not_found": true,
"lcname": "trovesuite-auth-service"
}
JSON
