The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.
Authlib is compatible with Python2.7+ and Python3.5+.
authorization_server.register_grant(AuthorizationCodeGrant)
authorization_server.register_grant(ImplicitGrant)
authorization_server.register_grant(ResourceOwnerPasswordGrant)
authorization_server.register_grant(ClientCredentialsGrant)
authorization_server.register_grant(RefreshTokenGrant)
authorization_server.register_grant(OpenIDCodeGrant)
authorization_server.register_grant(OpenIDImplicitGrant)
authorization_server.register_grant(OpenIDHybridGrant)
authorization_server.register_endpoint(RevocationEndpoint)
authorization_server.register_endpoint(IntrospectionEndpoint)
If you want to quickly add secure token-based authentication to Python projects, feel free to check Auth0's Python SDK and free plan at auth0.com/overview. |
- Take a look at Authlib Homepage
- Get more information with Authlib Documentation
- Check other Authlib Repositories
- Learn some skills on Authlib Blog
- Get latest news via Authlib on Twitter
- Ask questions on StackOverflow with Authlib Tag
Lovely features that Authlib has built-in:
🎉 RFC5849: The OAuth 1.0 Protocol
- OAuth1Session for Requests
- OAuth 1.0 Client for Flask
- OAuth 1.0 Client for Django
- OAuth 1.0 Server for Flask
- OAuth 1.0 Server for Django
🎉 RFC6749: The OAuth 2.0 Authorization Framework
- OAuth2Session for Requests
- OAuth 2.0 Client for Flask
- OAuth 2.0 Client for Django
- OAuth 2.0 Server for Flask
- OAuth 2.0 Server for Django
🎉 RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
- Bearer Token for OAuth2Session
- Bearer Token for Flask OAuth 2.0 Server
- Bearer Token for Django OAuth 2.0 Server
🎉 RFC7009: OAuth 2.0 Token Revocation
- Token Revocation for Flask OAuth 2.0 Server
- Token Revocation for Django OAuth 2.0 Server
🎉 RFC7515: JSON Web Signature (JWS)
- Compact serialize and deserialize
- JSON serialize and deserialize
🎉 RFC7516: JSON Web Encryption (JWE)
- Compact serialize and deserialize
- JSON serialize and deserialize
🎉 RFC7517: JSON Web Key (JWK)
- "oct" algorithm via RFC7518
- "RSA" algorithm via RFC7518
- "EC" algorithm via RFC7518
🎉 RFC7518: JSON Web Algorithms (JWA)
- Algorithms for JWS
- Algorithms for JWE (some of them)
- Algorithms for JWK
🎉 RFC7519: JSON Web Token (JWT)
- Use JWS for JWT
- Use JWE for JWT
- Payload claims validation
⏳ RFC7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
RFC7521 implementation is in plan.
⏳ RFC7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC7522 implementation is in plan.
🎉 RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
- Using JWTs as Client Authorization
- Using JWTs as Authorization Grants
🎁 RFC7591: OAuth 2.0 Dynamic Client Registration Protocol
RFC7591 implementation is in plan. However, Flask SQLAlchemy ClientMixin is designed based on it.
⏳ RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol
RFC7592 implementation is in plan.
🎉 RFC7636: Proof Key for Code Exchange by OAuth Public Clients
- Flask/Django client integrations
- Server side grant implementation
🎉 RFC7662: OAuth 2.0 Token Introspection
- Token Introspection for Flask OAuth 2.0 Server
- Token Introspection for Django OAuth 2.0 Server
⏳ RFC7797: JSON Web Signature (JWS) Unencoded Payload Option
RFC7797 implementation is in plan.
🎉 RFC8414: OAuth 2.0 Authorization Server Metadata
- Authorization Server Metadata Model
- Framework integrations
🎉 OpenID Connect 1.0
- OpenID Claims validation
- OpenID Connect for Flask OAuth 2.0 Server
- OpenID Connect for Django OAuth 2.0 Server
⏳ OpenID Connect Discovery 1.0
Developers can create a JSON file himself.
And more will be added.
Framework integrations with current specification implementations:
- Requests OAuth 1 Session
- Requests OAuth 2 Session
- Requests Assertion Session
- Flask OAuth 1/2 Client
- Django OAuth 1/2 Client
- Flask OAuth 1.0 Server
- Flask OAuth 2.0 Server
- Flask OpenID Connect 1.0
- Django OAuth 1.0 Server
- Django OAuth 2.0 Server
- Django OpenID Connect Server
If you found security bugs which can not be public, please send me email at me@lepture.com. Attachment with patch is welcome. My PGP Key fingerprint is:
72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C
You can also find it at https://keybase.io/lepture.
Authlib is licensed under AGPLv3+. Please see LICENSE for licensing details.
If this license does not fit your company, consider to purchase a commercial license. Find more information on Authlib Plans.