auth-guardian

v0.1.34 suspicious
5.0
Medium Risk

Libreria de autenticacion OIDC con Keycloak para FastAPI, Flask y Django

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate network usage and concerns over its maintenance level, which may suggest potential issues with reliability and security updates.

  • moderate network risk
  • low maintainer activity
Per-check LLM notes
  • Network: Network calls using httpx are common for packages that require internet access to fetch authentication tokens or secrets, but should be reviewed for destinations and data being transmitted.
  • Shell: No shell execution patterns detected, indicating low risk for direct system command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity related to code obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting the package does not pose a risk for stealing secrets or credentials.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, which could indicate it's not well-maintained.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 10 test file(s) found

  • Test runner config found: pyproject.toml
  • 10 test file(s) detected (e.g. test_dependency_errors.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (9559 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 109 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • self._client = httpx.AsyncClient( verify=self._verify,
  • nt_secret async with httpx.AsyncClient(verify=self.config.verify_tls) as client: respon
  • } async with httpx.AsyncClient(verify=self.config.verify_tls) as client: respon
  • _token}"} async with httpx.AsyncClient(verify=self.config.verify_tls) as client: respon
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with auth-guardian 
Create a mini-application named 'SecureBloggingPlatform' using Python's FastAPI framework along with the 'auth-guardian' package. This platform will allow users to create blog posts and comment on them. It should be secured using OAuth2/OIDC authentication provided by Keycloak via the 'auth-guardian' library. Here are the detailed steps and features to implement:

1. **Setup**: Begin by setting up a FastAPI application. Install necessary dependencies including 'auth-guardian', FastAPI, and any other required packages.

2. **User Authentication**: Utilize 'auth-guardian' to integrate OAuth2/OIDC with Keycloak for user authentication. Ensure that all routes requiring user data are protected by authentication.

3. **Blog Posts**: Implement functionality for users to create, read, update, and delete their own blog posts. Only authenticated users should be able to perform these actions on their own posts.

4. **Comments Section**: Allow authenticated users to add comments to blog posts. Users should not be able to edit or delete other users' comments.

5. **Profile Management**: Enable users to view and manage their profile information through a secure route.

6. **Error Handling**: Implement proper error handling to manage cases where authentication fails or when invalid requests are made.

7. **Testing**: Write tests to ensure all functionalities work as expected, especially around authentication and authorization.

8. **Documentation**: Provide comprehensive documentation detailing how to set up the application, including configuring 'auth-guardian' with Keycloak.

This project aims to showcase the seamless integration of 'auth-guardian' into a FastAPI application, demonstrating its capabilities in securing web applications with OAuth2/OIDC.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!