{ lib
, python3
, fetchPypi
, cookies-samesite-compat
, pyop
}:

python3.pkgs.buildPythonPackage rec {
  pname = "satosa";
  version = "8.4.0";
  pyproject = true;

  src = fetchPypi {
    pname = "SATOSA";
    inherit version;
    hash = "sha256-KREROjb157RJJVRr9YefzoR/eflR/U7ZmG6yOH5DjcU=";
  };

  nativeBuildInputs = [
    python3.pkgs.setuptools
    python3.pkgs.wheel
  ];

  propagatedBuildInputs = with python3.pkgs; [
    chevron
    click
    cookies-samesite-compat
    gunicorn
    importlib-metadata
    pycryptodomex
    pyop
    pysaml2
    pyyaml
    requests
    werkzeug
  ];

  passthru.optional-dependencies = with python3.pkgs; {
    ldap = [
      ldap3
    ];
    pyop_mongo = [
      pyop
    ];
    pyop_redis = [
      pyop
    ];
  };

  passthru.python = python3;

  pythonImportsCheck = [ "satosa" ];

  meta = with lib; {
    description = "Protocol proxy (SAML/OIDC)";
    homepage = "https://pypi.org/project/SATOSA";
    license = licenses.asl20;
    maintainers = with maintainers; [ ];
    mainProgram = "satosa";
  };
}