Warrant Lite

1.0.4 verified Fri May 01 auth: no python

A lightweight Python library for processing SRP (Secure Remote Password) requests for AWS Cognito User Pools. Extracted from the Warrant library, it provides only the low-level SRP authentication logic without the higher-level helpers. Current version 1.0.4 supports Python 3.6+.

pip install warrant-lite

Common errors

error ModuleNotFoundError: No module named 'warrant_lite' ↓

cause Installed the wrong package name ('warrant-lite' vs 'warrant_lite').

fix

Run: pip install warrant-lite

error ImportError: cannot import name 'Cognito' from 'warrant_lite' ↓

cause Cognito class is not exposed at the top-level __init__.py.

fix

Use: from warrant_lite.client import Cognito

error botocore.exceptions.NoCredentialsError: Unable to locate credentials ↓

cause AWS credentials not configured for boto3.

fix

Set environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, or configure a boto3 session before using the library.

Warnings

gotcha The library is intentionally minimal: it does NOT provide methods for token refresh, user management, or AWS Cognito admin APIs. There is no 'authenticate()' convenience method; you must implement the SRP protocol steps manually. ↓

fix Use the full Warrant library if you need higher-level features, or implement SRP yourself using the provided primitives.

gotcha SRP authentication requires an authenticated boto3 session. You must set up AWS credentials (via environment variables, IAM role, or boto3 session) before using Cognito methods that call AWS APIs. ↓

fix Ensure boto3 has valid credentials: either set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, or configure a boto3 session before creating Cognito.

deprecated The original 'warrant-lite' package may have been superseded by 'warrant' (full) or 'cognitojwt' (token verification). Check the latest PyPI status. ↓

fix Consider using 'warrant' (https://pypi.org/project/warrant/) for a more complete solution.

Imports

client
wrong
```
from warrant_lite import warrant_lite
```
correct
```
from warrant_lite import client
```
The module is 'warrant_lite', not 'warrant' or the package name.

WarrantLite

wrong

from warrant_lite import Cognito

correct

from warrant_lite.client import Cognito

Cognito class is in the client module, not top-level.

Quickstart

Initialize Cognito client with pool and client IDs. The library only handles SRP; higher-level auth (e.g., initiate_auth with AWS credentials) is not included.

import os
from warrant_lite.client import Cognito

pool_id = os.environ.get('POOL_ID', 'us-east-1_xxxxx')
client_id = os.environ.get('CLIENT_ID', 'xxx')

cognito = Cognito(pool_id=pool_id, client_id=client_id)
# SRP authentication requires extra steps; see docs for full flow.