Metadata-Version: 2.4
Name: tokenkeeper-api
Version: 0.0.3
Summary: A minimal FastAPI service for creating, verifying, and revoking user-scoped API tokens. Uses Argon2 hashing and PostgreSQL for secure token management.
Requires-Python: >=3.12
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: pytest==8.*
Requires-Dist: asgi-lifespan
Requires-Dist: fastapi[standard]
Requires-Dist: asyncpg
Requires-Dist: sqlalchemy[asyncio]
Requires-Dist: pydantic
Requires-Dist: passlib[argon2]
Requires-Dist: cognito-jwt-verifier
Dynamic: license-file

# TokenKeeper API

**TokenKeeper** is a secure, FastAPI-based service for managing and verifying personal access tokens. It integrates with AWS Cognito for user authentication and uses PostgreSQL for persistent storage. Tokens are hashed with Argon2 and optionally support expiration, revocation, and last-used tracking.

## Features

- 🔐 Secure token generation using Argon2 hashing
- 📅 Optional token expiration and usage tracking
- ✅ Verification and revocation of tokens
- 🧾 List non-revoked, non-expired tokens
- 🪪 Cognito-based user authentication
- 🗃️ PostgreSQL + SQLAlchemy (async) backend

## API Endpoints

- `POST /token` — Create a new token
- `POST /token/verify` — Verify token validity
- `POST /token/revoke` — Revoke a token by name
- `GET /token` — List current user’s active tokens

## Requirements

- Python 3.12+
- PostgreSQL
- AWS Cognito User Pool
- `asyncpg`, `sqlalchemy`, `fastapi`, `passlib[argon2]`, `cognito-jwt-verifier`

## Getting Started

1. Update your database URL in db.py:

```python
DATABASE_URL = "postgresql+asyncpg://user:password@localhost/tokenkeeper"
```

2. Set up your Cognito issuer and client ID in auth.py:

```python
ISSUER = "https://cognito-idp.<region>.amazonaws.com/<user_pool_id>"
CLIENT_IDS = ["<app_client_id>"]
```

3. Run the FastAPI app:

```bash
uvicorn tokenkeeper.main:app --reload
```

## License

MIT
