Metadata-Version: 2.4
Name: sso-cli
Version: 1.2.7
Summary: CLI tool to fetch SSO tokens from Keycloak realms
Author: SSO CLI Maintainers
License: Proprietary
Keywords: sso,authentication,keycloak,cli
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Topic :: Security
Classifier: Topic :: System :: Systems Administration
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.7
Description-Content-Type: text/markdown
Requires-Dist: httpx>=0.24.0
Requires-Dist: pyyaml>=6.0.0
Requires-Dist: pyperclip>=1.8.2
Requires-Dist: rich>=13.0.0
Requires-Dist: inquirer>=3.0.0
Requires-Dist: keyring>=24.0.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0.0; extra == "dev"
Requires-Dist: black>=23.0.0; extra == "dev"
Requires-Dist: flake8>=6.0.0; extra == "dev"

# SSO Tool

Lightweight CLI to fetch tokens from your Keycloak/SSO realms.

- Interactive and non-interactive modes
- Supports `user` (password flow) and `client` (client_credentials flow)
- Simple YAML config; secrets stored in your OS keyring, never on disk

## Quick Start

```bash
# Install
pip install --upgrade sso-cli

# First run -- launches setup wizard automatically
sso
```

## Configuration

Run the wizard to create/manage your config interactively:

```bash
sso --setup   # add or edit environments and users
sso --reset   # backup existing config and start fresh
```

The wizard stores passwords and client secrets in your **OS keyring** (macOS Keychain,
Windows Credential Manager, or the system Secret Service on Linux). They are never
written to disk.

The generated `sso_config.yaml` only contains non-secret fields:

```yaml
environments:
  dev:
    name: dev
    sso_url: https://sso.dev.example.com/realms/internal
    users:
      admin@example.com:
        auth_type: user
        email: admin@example.com
      my-client-id:
        auth_type: client
        client_id: my-client-id
  prod:
    name: prod
    sso_url: https://sso.example.com/realms/main
    users:
      ops@example.com:
        auth_type: user
        email: ops@example.com
```

`auth_type` is either `user` (email + password) or `client` (client_id + secret).

By default the config is read from `~/sso_config.yaml`. Override with:

```bash
export SSO_CONFIG_PATH=/path/to/sso_config.yaml
```

## Usage

Interactive:
```bash
sso
```

Non-interactive (prefix matching supported):
```bash
sso dev admin@example.com
sso d a   # resolves if unambiguous
```

## Development

```bash
make install-dev   # editable install with dev deps
make test          # run tests
make clean         # clean build artifacts
```

## Publishing

```bash
export PYPI_API_TOKEN=pypi-...
make publish
```

## Troubleshooting
- `No config found`: run `sso` or `sso --setup` to create one.
- `No secret found in keyring`: run `sso --setup` to re-enter credentials.
- `Ambiguous environment/user`: use a longer prefix to disambiguate.
