/authlib

The ultimate Python library in building OAuth and OpenID Connect servers. JWS,JWE,JWK,JWA,JWT included.

Primary LanguagePythonBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Authlib

Build Status Coverage Status PyPI Version Release Stage Maintainability Follow Twitter

The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.

Authlib is compatible with Python2.7+ and Python3.5+.

authorization_server.register_grant(AuthorizationCodeGrant)
authorization_server.register_grant(ImplicitGrant)
authorization_server.register_grant(ResourceOwnerPasswordGrant)
authorization_server.register_grant(ClientCredentialsGrant)
authorization_server.register_grant(RefreshTokenGrant)
authorization_server.register_grant(OpenIDCodeGrant)
authorization_server.register_grant(OpenIDImplicitGrant)
authorization_server.register_grant(OpenIDHybridGrant)
authorization_server.register_endpoint(RevocationEndpoint)
authorization_server.register_endpoint(IntrospectionEndpoint)

Sponsors

If you want to quickly add secure token-based authentication to Python projects, feel free to check Auth0's Python SDK and free plan at auth0.com/overview.

Become a backer via Patreon.

Useful Links

  1. Homepage: https://authlib.org/.
  2. Documentation: https://docs.authlib.org/.
  3. Blog: https://blog.authlib.org/.
  4. Twitter: https://twitter.com/authlib.
  5. StackOverflow: https://stackoverflow.com/questions/tagged/authlib.
  6. Other Repositories: https://github.com/authlib.

Spec Implementations

Lovely features that Authlib has built-in:

🎉 RFC5849: The OAuth 1.0 Protocol
  • OAuth1Session for Requests
  • OAuth 1.0 Client for Flask
  • OAuth 1.0 Client for Django
  • OAuth 1.0 Server for Flask
  • OAuth 1.0 Server for Django
🎉 RFC6749: The OAuth 2.0 Authorization Framework
  • OAuth2Session for Requests
  • OAuth 2.0 Client for Flask
  • OAuth 2.0 Client for Django
  • OAuth 2.0 Server for Flask
  • OAuth 2.0 Server for Django
🎉 RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
  • Bearer Token for OAuth2Session
  • Bearer Token for Flask OAuth 2.0 Server
  • Bearer Token for Django OAuth 2.0 Server
🎉 RFC7009: OAuth 2.0 Token Revocation
  • Token Revocation for Flask OAuth 2.0 Server
  • Token Revocation for Django OAuth 2.0 Server
🎉 RFC7515: JSON Web Signature (JWS)
  • Compact serialize and deserialize
  • JSON serialize and deserialize
🎉 RFC7516: JSON Web Encryption (JWE)
  • Compact serialize and deserialize
  • JSON serialize and deserialize
🎉 RFC7517: JSON Web Key (JWK)
  • "oct" algorithm via RFC7518
  • "RSA" algorithm via RFC7518
  • "EC" algorithm via RFC7518
🎉 RFC7518: JSON Web Algorithms (JWA)
  • Algorithms for JWS
  • Algorithms for JWE (some of them)
  • Algorithms for JWK
🎉 RFC7519: JSON Web Token (JWT)
  • Use JWS for JWT
  • Use JWE for JWT
  • Payload claims validation
⏳ RFC7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants

RFC7521 implementation is in plan.

⏳ RFC7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants

RFC7522 implementation is in plan.

🎉 RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
  • Using JWTs as Client Authorization
  • Using JWTs as Authorization Grants
 🎁 RFC7591: OAuth 2.0 Dynamic Client Registration Protocol

RFC7591 implementation is in plan. However, Flask SQLAlchemy ClientMixin is designed based on it.

⏳ RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol

RFC7592 implementation is in plan.

🎉 RFC7636: Proof Key for Code Exchange by OAuth Public Clients
  • Flask/Django client integrations
  • Server side grant implementation
🎉 RFC7662: OAuth 2.0 Token Introspection
  • Token Introspection for Flask OAuth 2.0 Server
  • Token Introspection for Django OAuth 2.0 Server
⏳ RFC7797: JSON Web Signature (JWS) Unencoded Payload Option

RFC7797 implementation is in plan.

🎉 RFC8414: OAuth 2.0 Authorization Server Metadata
  • Authorization Server Metadata Model
  • Framework integrations
🎉 OpenID Connect 1.0
  • OpenID Claims validation
  • OpenID Connect for Flask OAuth 2.0 Server
  • OpenID Connect for Django OAuth 2.0 Server
⏳ OpenID Connect Discovery 1.0

Developers can create a JSON file himself.

And more will be added.

Framework Integrations

Framework integrations with current specification implementations:

  • Requests OAuth 1 Session
  • Requests OAuth 2 Session
  • Requests Assertion Session
  • Flask OAuth 1/2 Client
  • Django OAuth 1/2 Client
  • Flask OAuth 1.0 Server
  • Flask OAuth 2.0 Server
  • Flask OpenID Connect 1.0
  • Django OAuth 1.0 Server
  • Django OAuth 2.0 Server
  • Django OpenID Connect Server

Security Reporting

If you found security bugs which can not be public, please send me email at me@lepture.com. Attachment with patch is welcome. My PGP Key fingerprint is:

72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C

You can also find it at https://keybase.io/lepture.

License

Authlib is licensed under BSD. Please see LICENSE for licensing details.

If this license does not fit your company, consider to purchase a commercial license. Find more information on Authlib Plans.