Maintainer of https://github.com/lepture/flask-oauthlib says - use authlib instead? I'm wondering if the migration process would be difficult given the current tie-ins to permissions api and swagger. I kind of need some of the other social login implementations of authlib.

Found an example migration here: opendatateam/udata#1434
and here opendatateam/udata@30f409b

Good point! I am not sure when I will have time to do this myself, so I will be glad if someone sends a PR.

I think I might be doing it. I might have a few questions as I get into it. I'm not sure if I'll be able to do a complete PR - I may just have time to implement the things I need. I'm on an incredibly tight schedule.

Feel free to open a halfway implemented migration PR or just leave pointers along your way in this issue!

Ok - working on it now. The main weird thing is that the grant stuff seems to be handled in OAuth2RequestValidator(provider.OAuth2RequestValidator) without any specific endpoints - seems to be integrated into flask's before request handler, but there's no similar class in authlib. It seems that register_grant has the same affect, but not sure. I really wish the guy had written some kind of migration instructions, rather than just saying - "don't use the old library".

Really having an issue with the Flask_login stuff:

Do you mind telling me if this is behavior specific to the old flask-oauth library?

def load_user_from_request(request):
    """
    Load user from OAuth2 Authentication header.
    """
    from app.extensions import oauth2
    user = None
    if hasattr(request, 'oauth'):
        user = request.oauth.user
    else:
        is_valid, oauth = oauth2.verify_request(scopes=[])
        if is_valid:
            user = oauth.user
    return user

authlib doesn't have verify_request and I don't know the equivalent. I also don't know if authlib adds 'oauth' to the request or even what adding load_user_from_request is for?

That is definitely related to how the old lib operates. I have no idea about how the new one expects this to be organized.

Unfortunately, I don't have time on this project to use authlib. I made an initial attempt which you can see on my forked lib. But I just did the obvious stuff.

I'm writing migration guide posts for Authlib now, feel free to ask me questions on StackOverflow. Here is a guide on the client part: https://blog.authlib.org/2018/migrate-flask-oauthlib-client-to-authlib

I will finish the server part soon.

I think I got some of it working. There were changes to how the scopes were stored, and I made a few changes to flask login.