import asyncio
from ri import (
RiAuthModule,
RiAuthConfig,
RiJWTManager,
RiJWTClaims,
RiJWTValidationOptions,
RiSessionManager,
RiSession,
RiPermissionManager,
RiPermission,
RiRole,
RiOAuthManager,
RiOAuthToken,
RiOAuthUserInfo,
RiOAuthProvider,
RiJWTRevocationList,
RiRevokedTokenInfo,
)
async def main():
import os
auth_config = RiAuthConfig()
auth_config.jwt_secret = os.getenv("RI_JWT_SECRET", "CHANGE-ME-IN-PRODUCTION")
if auth_config.jwt_secret == "CHANGE-ME-IN-PRODUCTION":
print("WARNING: Using default JWT secret. Set RI_JWT_SECRET environment variable in production!")
auth_config.jwt_algorithm = "HS256"
auth_config.token_expiry_seconds = 3600
auth_config.refresh_token_expiry_seconds = 86400
auth_config.enable_oauth = True
auth_config.enable_session = True
auth_module = RiAuthModule(auth_config)
jwt_manager = RiJWTManager()
claims = RiJWTClaims()
claims.sub = "user123"
claims.iss = "ri-auth"
claims.aud = "ri-api"
claims.exp = 3600
claims.iat = 0
claims.custom_claims = {"role": "admin", "department": "engineering"}
print("Generating JWT token...")
token = jwt_manager.generate_token(claims)
print(f"Generated token: {token[:50]}...")
print("\nValidating JWT token...")
validation_options = RiJWTValidationOptions()
validation_options.validate_exp = True
validation_options.validate_nbf = True
validation_options.validate_aud = True
validation_options.expected_audience = "ri-api"
validation_options.leeway_seconds = 60
validated_claims = jwt_manager.validate_token(token, validation_options)
if validated_claims:
print(f"Token validated successfully!")
print(f"Subject: {validated_claims.sub}")
print(f"Custom claims: {validated_claims.custom_claims}")
perm_manager = RiPermissionManager()
read_perm = RiPermission()
read_perm.name = "read:users"
read_perm.description = "Can read user data"
write_perm = RiPermission()
write_perm.name = "write:users"
write_perm.description = "Can modify user data"
admin_role = RiRole()
admin_role.name = "admin"
admin_role.permissions = ["read:users", "write:users"]
user_role = RiRole()
user_role.name = "user"
user_role.permissions = ["read:users"]
print("\nChecking permissions...")
has_read = perm_manager.check_permission("user123", "read:users")
print(f"User has read permission: {has_read}")
has_write = perm_manager.check_permission("user123", "write:users")
print(f"User has write permission: {has_write}")
session_manager = RiSessionManager()
print("\nCreating session...")
session = RiSession()
session.session_id = "sess_123456"
session.user_id = "user123"
session.data = {"login_time": "2025-01-01T00:00:00Z", "ip": "192.168.1.1"}
session.expires_at = 3600
session_manager.create_session(session)
print(f"Session created: {session.session_id}")
retrieved_session = session_manager.get_session("sess_123456")
if retrieved_session:
print(f"Retrieved session for user: {retrieved_session.user_id}")
oauth_manager = RiOAuthManager()
google_provider = RiOAuthProvider()
google_provider.name = "google"
google_provider.client_id = os.getenv("GOOGLE_CLIENT_ID", "your-google-client-id")
google_provider.client_secret = os.getenv("GOOGLE_CLIENT_SECRET", "your-google-client-secret")
google_provider.auth_url = "https://accounts.google.com/o/oauth2/auth"
google_provider.token_url = "https://oauth2.googleapis.com/token"
google_provider.scopes = ["openid", "email", "profile"]
github_provider = RiOAuthProvider()
github_provider.name = "github"
github_provider.client_id = os.getenv("GITHUB_CLIENT_ID", "your-github-client-id")
github_provider.client_secret = os.getenv("GITHUB_CLIENT_SECRET", "your-github-client-secret")
github_provider.auth_url = "https://github.com/login/oauth/authorize"
github_provider.token_url = "https://github.com/login/oauth/access_token"
github_provider.scopes = ["user:email", "read:user"]
oauth_token = RiOAuthToken()
oauth_token.access_token = "example_oauth_access_token"
oauth_token.refresh_token = "example_oauth_refresh_token"
oauth_token.token_type = "Bearer"
oauth_token.expires_in = 3600
oauth_token.scope = "openid email profile"
print("\nOAuth configuration completed!")
revocation_list = RiJWTRevocationList()
revoked_info = RiRevokedTokenInfo()
revoked_info.token_id = "token_123"
revoked_info.revoked_at = 0
revoked_info.reason = "User logout"
revocation_list.revoke_token(revoked_info)
print(f"Token revoked: {revoked_info.token_id}")
is_revoked = revocation_list.is_revoked("token_123")
print(f"Token is revoked: {is_revoked}")
print("\nAuthentication operations completed successfully!")
if __name__ == "__main__":
asyncio.run(main())