docs and cicd

cleanenergyexchange · Dec 5, 2024 · 773f3e0 · 773f3e0
1 parent c1d9a57
commit 773f3e0
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 33 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -12,7 +12,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v3
+        uses: astral-sh/setup-uv@v4
         with:
           enable-cache: true
           cache-dependency-glob: uv.lock

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -33,6 +33,5 @@ jobs:
       - name: Upload coverage reports to Codecov
         uses: codecov/codecov-action@v5
         with:
-          file: ./coverage.xml
           fail_ci_if_error: true
           token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/README.md b/README.md
@@ -2,16 +2,11 @@
 
 Protect FastAPI endpoints using [Zitadel](https://zitadel.com/).
 
-Features:
-
-* Authorization Code Flow with PKCE
-* JWT signature validation using JWKS obtained from Zitadel
-* Service User authentication using JWT Profiles
-* Swagger UI integration
-* Zitadel roles as scopes
-
-<a href="https://python.org">
-    <img src="https://img.shields.io/badge/python-v3.10+-blue.svg?logo=python&logoColor=white&label=python" alt="Python version">
+<a href="https://github.com/cleanenergyexchange/fastapi-zitadel-auth/actions/workflows/test.yml" target="_blank">
+    <img src="https://github.com/cleanenergyexchange/fastapi-zitadel-auth/actions/workflows/test.yml/badge.svg" alt="Test status">
+</a>
+<a href="https://pypi.org/project/fastapi-zitadel-auth" target="_blank">
+    <img src="https://img.shields.io/pypi/pyversions/fastapi-zitadel-auth.svg?color=%2334D058" alt="Supported Python versions">
 </a>
 <a href="https://pypi.org/pypi/fastapi-zitadel-auth">
     <img src="https://img.shields.io/pypi/v/fastapi-zitadel-auth.svg?logo=pypi&logoColor=white&label=pypi" alt="Package version">
@@ -20,9 +15,19 @@ Features:
     <img src="https://codecov.io/gh/cleanenergyexchange/fastapi-zitadel-auth/graph/badge.svg?token=A3TSXDVLQT" alt="Code coverage"/> 
 </a>
 
+## Features
+
+* Authorization Code Flow with PKCE
+* JWT signature validation using JWKS obtained from Zitadel
+* Service User authentication using JWT Profiles
+* Swagger UI integration
+* Zitadel roles as scopes
+
 
-> [!WARNING]
-> This repo is a work in progress and should not be used in production just yet.
+> [!INFO]
+> This library implements JWT, locally validated using JWKS, as it prioritizes performance, 
+> see [Zitadel docs on Opaque tokens vs JWT](https://zitadel.com/docs/concepts/knowledge/opaque-tokens#use-cases-and-trade-offs).
+> If you need to validate opaque tokens using Introspection, please open an issue – PRs are welcome!
 
 
 ## Installation

diff --git a/docs/ZITADEL_SETUP.md b/docs/ZITADEL_SETUP.md
@@ -2,33 +2,30 @@
 
 ### Project
 * Create a new project.
-* in the General settings, tick "Assert Roles on Authentication" and "Check authorization on Authentication"
-* Note the project ID (also called "resource Id") as `ZITADEL_PROJECT_ID`
-* Under Roles, create a new role with key: `user` and Display Name "user" and assign it to the project.
+* in the General settings, tick **"Assert Roles on Authentication"** and **"Check authorization on Authentication"**
+* Note the **project ID** (also called "resource Id")
+* Under Roles, **create a new role** with key: `user` and Display Name "user" and assign it to the project.
 
 ### App 1: API
-* Create a new application in the project of type "API" and Authentication Method "JWT (Private Key JWT)"
+* Create a new application in the project of **type "API"** and **Authentication Method "JWT (Private Key JWT)"**
 * Create a key of type "JSON"
 
 ### App 2: User Agent
-* Create a new application in the project of type "User Agent" and Authentication Method "PKCE".
+* Create a new application in the project of **type "User Agent"** and **Authentication Method "PKCE"**.
 * Toggle "Development Mode" to allow non-https redirect URIs
-* Under "Redirect URIs", add:
-  * `http://localhost:8001/`
-  * `http://localhost:8001/oauth2-redirect`
+* Under **"Redirect URIs"**, add `http://localhost:8001/oauth2-redirect`
 * Token settings
-  * Change "Auth Token Type" from "Bearer Token" to "JWT"
-  * Tick "Add user roles to the access token"
-  * Tick "User roles inside ID token"
-* Note the Client Id (as `OAUTH_CLIENT_ID`)
+  * Change **"Auth Token Type"** from "Bearer Token" to **"JWT"**
+  * Tick **"Add user roles to the access token"**
+  * Tick **"User roles inside ID token"**
+* Note the **Client Id**
 
 ### User creation
-* Create a new User in the Zitadel instance.
-* Under Authorizations, create new authorization by searching for the project name and assign the "user" role to the new user
-
+* Create a **new User** in the Zitadel instance.
+* Under Authorizations, create **new authorization** by searching for the project name and **assign the "user" role** to the new user
 
 ### Service User creation
-* Create a new Service User in the zitadel instance and select the Access Token Type to be "JWT".
-* Under Authorizations, create new authorization by searching for the project name and assign the "user" role to the new service user
-* Under Keys, create a new key of type "JSON" and note the key ID and download the key (JSON file).
-* Update the config in `demo_project/service_user.py`
+* Create a **new Service User** in the Zitadel instance and select the **Access Token Type to be "JWT".**
+* Under Authorizations, create **new authorization** by searching for the project name and **assign the "user" role** to the new service user
+* Under Keys, **create a new key of type "JSON"** and note the key ID and **download** the key (JSON file).
+* **Update the config** in `demo_project/service_user.py`