diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2a679f8..c824562 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -41,7 +41,7 @@ jobs: - name: Install application run: | - pip install src/core "src/authentication[oidc]" src/build src/log src/permissions src/settings src/web + pip install src/core "src/authentication[all]" src/build src/log src/permissions src/settings src/web - name: Run tests run: pytest --import-mode=importlib diff --git a/CHANGELOG.md b/CHANGELOG.md index b292649..b77deac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,15 @@ and this project adheres to - settings: Support optional section-level documentation via `_doc` in settings definition (#80). - auth: Add `OIDCClient` for OpenID Connect Authorization Code flow (#76). +- auth: Add `[all]` extra on `RFL.authentication` to install all authentication + backends (jwt, ldap, oidc) (#84). + +### Changed +- auth: Move PyJWT and python-ldap from core dependencies to optional `[jwt]` and + `[ldap]` extras on `RFL.authentication`; add `[all]` extra for the full stack + (#84). +- web: Depend on `RFL.authentication[jwt]` so web no longer pulls LDAP + transitively (#84). ## [1.7.0] - 2026-05-08 diff --git a/src/authentication/README.md b/src/authentication/README.md index 5988bce..69ac15b 100644 --- a/src/authentication/README.md +++ b/src/authentication/README.md @@ -1,3 +1,26 @@ # RFL: authentication package -Generate and validate JWT tokens. +User identity types, JWT token management, LDAP authentication, and OpenID +Connect (OIDC) client support. + +## Installation + +The core package installs only `RFL.core`. Optional backends are installed via +pip extras: + +| Extra | Dependencies | Use | +|-------|----------------|-----| +| `jwt` | PyJWT | `rfl.authentication.jwt` | +| `ldap` | python-ldap | `rfl.authentication.ldap` | +| `oidc` | Authlib, Flask, requests | `rfl.authentication.oidc` | +| `all` | All of the above | Full authentication stack | + +Examples: + +```bash +pip install RFL.authentication # user types and errors only +pip install "RFL.authentication[jwt]" # JWT support +pip install "RFL.authentication[ldap]" # LDAP support +pip install "RFL.authentication[oidc]" # OIDC support +pip install "RFL.authentication[all]" # all backends +``` diff --git a/src/authentication/pyproject.toml b/src/authentication/pyproject.toml index 1682df6..9812ae0 100644 --- a/src/authentication/pyproject.toml +++ b/src/authentication/pyproject.toml @@ -14,8 +14,6 @@ authors = [ ] dependencies = [ "RFL.core", - "PyJWT", - "python-ldap", ] classifiers = [ "Development Status :: 5 - Production/Stable", @@ -27,7 +25,16 @@ classifiers = [ readme = "README.md" [project.optional-dependencies] +jwt = ["PyJWT"] +ldap = ["python-ldap"] oidc = ["Authlib", "Flask", "requests"] +all = [ + "PyJWT", + "python-ldap", + "Authlib", + "Flask", + "requests", +] [project.urls] "Homepage" = "https://github.com/rackslab/RFL" diff --git a/src/authentication/rfl/authentication/jwt.py b/src/authentication/rfl/authentication/jwt.py index 9057141..c0b6cc3 100644 --- a/src/authentication/rfl/authentication/jwt.py +++ b/src/authentication/rfl/authentication/jwt.py @@ -10,7 +10,10 @@ import logging from pathlib import Path -import jwt +try: + import jwt +except ImportError as err: + raise ImportError("PyJWT is required for RFL JWT Authentication") from err from .user import AuthenticatedUser from .errors import ( diff --git a/src/authentication/rfl/authentication/ldap.py b/src/authentication/rfl/authentication/ldap.py index 04bd7de..793b548 100644 --- a/src/authentication/rfl/authentication/ldap.py +++ b/src/authentication/rfl/authentication/ldap.py @@ -8,8 +8,11 @@ from pathlib import Path import logging -import ldap -import ldap.filter +try: + import ldap + import ldap.filter +except ImportError as err: + raise ImportError("python-ldap is required for RFL LDAP Authentication") from err from .user import AuthenticatedUser from .errors import LDAPAuthenticationError diff --git a/src/web/pyproject.toml b/src/web/pyproject.toml index 6ac6970..6da6c05 100644 --- a/src/web/pyproject.toml +++ b/src/web/pyproject.toml @@ -15,7 +15,7 @@ authors = [ dependencies = [ "Flask", "RFL.permissions", - "RFL.authentication" + "RFL.authentication[jwt]" ] classifiers = [ "Development Status :: 5 - Production/Stable",