The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.
Authlib is compatible with Python2.7+ and Python3.6+.
authorization_server.register_grant(AuthorizationCodeGrant)
authorization_server.register_grant(ImplicitGrant)
authorization_server.register_grant(ResourceOwnerPasswordGrant)
authorization_server.register_grant(ClientCredentialsGrant)
authorization_server.register_grant(RefreshTokenGrant)
authorization_server.register_grant(OpenIDCodeGrant)
authorization_server.register_grant(OpenIDImplicitGrant)
authorization_server.register_grant(OpenIDHybridGrant)
authorization_server.register_endpoint(RevocationEndpoint)
authorization_server.register_endpoint(IntrospectionEndpoint)
Get professionally-supported Authlib with the Tidelift Subscription. | |
If you want to quickly add secure token-based authentication to Python projects, feel free to check Auth0's Python SDK and free plan at auth0.com/overview. |
- Homepage: https://authlib.org/.
- Documentation: https://docs.authlib.org/.
- Blog: https://blog.authlib.org/.
- Twitter: https://twitter.com/authlib.
- StackOverflow: https://stackoverflow.com/questions/tagged/authlib.
- Other Repositories: https://github.com/authlib.
- Subscribe Tidelift: https://tidelift.com/subscription/pkg/pypi-authlib.
Lovely features that Authlib has built-in:
🎉 RFC5849: The OAuth 1.0 Protocol
- OAuth1Session for Requests
- OAuth 1.0 Client for Flask
- OAuth 1.0 Client for Django
- OAuth 1.0 Server for Flask
- OAuth 1.0 Server for Django
🎉 RFC6749: The OAuth 2.0 Authorization Framework
- OAuth2Session for Requests
- OAuth 2.0 Client for Flask
- OAuth 2.0 Client for Django
- OAuth 2.0 Server for Flask
- OAuth 2.0 Server for Django
🎉 RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
- Bearer Token for OAuth2Session
- Bearer Token for Flask OAuth 2.0 Server
- Bearer Token for Django OAuth 2.0 Server
🎉 RFC7009: OAuth 2.0 Token Revocation
- Token Revocation for Flask OAuth 2.0 Server
- Token Revocation for Django OAuth 2.0 Server
🎉 RFC7515: JSON Web Signature (JWS)
- Compact serialize and deserialize
- JSON serialize and deserialize
🎉 RFC7516: JSON Web Encryption (JWE)
- Compact serialize and deserialize
- JSON serialize and deserialize
🎉 RFC7517: JSON Web Key (JWK)
- "oct" algorithm via RFC7518
- "RSA" algorithm via RFC7518
- "EC" algorithm via RFC7518
🎉 RFC7518: JSON Web Algorithms (JWA)
- Algorithms for JWS
- Algorithms for JWE (some of them)
- Algorithms for JWK
🎉 RFC7519: JSON Web Token (JWT)
- Use JWS for JWT
- Use JWE for JWT
- Payload claims validation
🎉 RFC7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
- Common Client for Assertion Framework
- Common Server for Assertion Framework
⏳ RFC7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC7522 implementation is in plan.
🎉 RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
- Using JWTs as Client Authorization
- Using JWTs as Authorization Grants
🎁 RFC7591: OAuth 2.0 Dynamic Client Registration Protocol
RFC7591 implementation is in plan. However, Flask SQLAlchemy ClientMixin is designed based on it.
⏳ RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol
RFC7592 implementation is in plan.
🎉 RFC7636: Proof Key for Code Exchange by OAuth Public Clients
- Flask/Django client integrations
- Server side grant implementation
🎉 RFC7662: OAuth 2.0 Token Introspection
- Token Introspection for Flask OAuth 2.0 Server
- Token Introspection for Django OAuth 2.0 Server
⏳ RFC7797: JSON Web Signature (JWS) Unencoded Payload Option
RFC7797 implementation is in plan.
🎉 RFC8414: OAuth 2.0 Authorization Server Metadata
- Authorization Server Metadata Model
- Well Known URI
- Framework integrations
🎉 RFC8628: OAuth 2.0 Device Authorization Grant
- Device Authorization Endpoint
- Device Code Grant
🎉 OpenID Connect 1.0
- OpenID Code Flow
- OpenID Implicit Flow
- OpenID Hybrid Flow
- OpenID Claims validation
- Form Post Response Mode
- OpenID Connect for Flask OAuth 2.0 Server
- OpenID Connect for Django OAuth 2.0 Server
🎉 OpenID Connect Discovery 1.0
- OpenID Provider Metadata Model
- Well Known URI
- Framework integrations
And more will be added.
Framework integrations with current specification implementations:
- Requests OAuth 1 Session
- Requests OAuth 2 Session
- Requests Assertion Session
- Flask OAuth 1/2 Client
- Django OAuth 1/2 Client
- Flask OAuth 1.0 Server
- Flask OAuth 2.0 Server
- Flask OpenID Connect 1.0
- Django OAuth 1.0 Server
- Django OAuth 2.0 Server
- Django OpenID Connect 1.0
If you found security bugs, please do not send a public issue or patch. You can send me email at [email protected]. Attachment with patch is welcome. My PGP Key fingerprint is:
72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C
Or, you can use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Authlib is licensed under BSD. Please see LICENSE for licensing details.
There is also a commercial license which you can purchase at Authlib Plans page.
If you need any help, you can always ask questions on StackOverflow with a tag of "Authlib". DO NOT ASK HELP IN GITHUB ISSUES.
We also provide commercial consulting and supports. You can find more information at https://authlib.org/support.