authplane-sdk

v0.2.0 safe
3.0
Low Risk

Authplane SDK for Python — OAuth 2.1 JWT validation and token operations for protected resources

🤖 AI Analysis

Final verdict: SAFE

The package shows minimal signs of potential risks, with low scores across all categories except for metadata risk due to its newness and lack of widespread use.

  • Low network, shell, obfuscation, and credential risks.
  • New repository with no indications of malicious activity.
Per-check LLM notes
  • Network: The observed network calls using httpx are typical for packages that require internet access to communicate with external services or fetch data.
  • Shell: No shell execution patterns detected, which is normal and expected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating secure handling of sensitive information.
  • Metadata: The repository is new and not widely used, but there's no clear indication of malicious intent.

📦 Package Quality Overall: Low (4.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1435 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 96 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 5 commits in AuthPlane/python-sdk
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • r call async with httpx.AsyncClient(timeout=self._settings.timeout) as client: r
  • oded") async with httpx.AsyncClient(timeout=fetch_settings.timeout) as client: e
  • d response.""" async with httpx.AsyncClient( timeout=httpx.Timeout(timeout), follow_redi
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Authplane Team" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with authplane-sdk 
Create a mini-application called 'SecureResourceAccess' that acts as a simple API gateway for accessing protected resources. This application will use OAuth 2.1 JWT tokens for authentication and authorization. Your task is to implement a server-side Python script using the 'authplane-sdk' package to validate incoming JWT tokens and control access to these resources based on the token's claims. Here are the steps and features you should include in your project:

1. Set up a basic Flask web server.
2. Implement a route '/protected' which requires a valid JWT token for access. Use the 'authplane-sdk' package to validate the token against a specified issuer and audience.
3. Add a '/token_info' endpoint that returns information about the validated token (e.g., username, expiration time).
4. Include error handling for cases where the token is missing, invalid, expired, or does not match the expected issuer or audience.
5. Integrate logging to record successful and failed attempts to access the protected resource.
6. Optionally, provide a simple client-side HTML form that allows users to input a JWT token and receive feedback about its validity and the information contained within it.
7. Document your code thoroughly, explaining how each part of the 'authplane-sdk' package is utilized in your application.

Your goal is to create a functional, secure, and well-documented mini-application that demonstrates the capabilities of the 'authplane-sdk' package.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!