Authlib

The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.

Authlib is compatible with Python2.7+ and Python3.5+.

authorization_server.register_grant(AuthorizationCodeGrant)
authorization_server.register_grant(ImplicitGrant)
authorization_server.register_grant(ResourceOwnerPasswordGrant)
authorization_server.register_grant(ClientCredentialsGrant)
authorization_server.register_grant(RefreshTokenGrant)
authorization_server.register_grant(OpenIDCodeGrant)
authorization_server.register_grant(OpenIDImplicitGrant)
authorization_server.register_grant(OpenIDHybridGrant)
authorization_server.register_endpoint(RevocationEndpoint)
authorization_server.register_endpoint(IntrospectionEndpoint)

Useful Links

Take a look at Authlib Homepage
Get more information with Authlib Documentation
Check other Authlib Repositories
Learn some skills on Authlib Blog
Get latest news via Authlib on Twitter
Ask questions on StackOverflow with Authlib Tag

Spec Implementations

Lovely features that Authlib has built-in:

🎉 RFC5849: The OAuth 1.0 Protocol

🎉 RFC6749: The OAuth 2.0 Authorization Framework

🎉 RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage

Bearer Token for OAuth2Session
Bearer Token for Flask OAuth 2.0 Server
Bearer Token for Django OAuth 2.0 Server

🎉 RFC7009: OAuth 2.0 Token Revocation

Token Revocation for Flask OAuth 2.0 Server
Token Revocation for Django OAuth 2.0 Server

🎉 RFC7515: JSON Web Signature (JWS)

Compact serialize and deserialize
JSON serialize and deserialize

⏳ RFC7516: JSON Web Encryption (JWE)

JWE implementation is in plan now.

🎉 RFC7517: JSON Web Key (JWK)

"oct" algorithm via RFC7518
"RSA" algorithm via RFC7518
"EC" algorithm via RFC7518

🎉 RFC7518: JSON Web Algorithms (JWA)

Algorithms for JWS
Algorithms for JWE
Algorithms for JWK

🎉 RFC7519: JSON Web Token (JWT)

JWT shares the same interface with JWS. Besides that, JWT has payload claims validation.

⏳ RFC7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants

RFC7521 implementation is in plan.

⏳ RFC7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants

RFC7522 implementation is in plan.

🎉 RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants

Using JWTs as Client Authorization
Using JWTs as Authorization Grants

🎁 RFC7591: OAuth 2.0 Dynamic Client Registration Protocol

RFC7591 implementation is in plan. However, Flask SQLAlchemy ClientMixin is designed based on it.

⏳ RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol

RFC7592 implementation is in plan.

⏳ RFC7636: Proof Key for Code Exchange by OAuth Public Clients

RFC7636 implementation is in plan.

🎉 RFC7662: OAuth 2.0 Token Introspection

Token Introspection for Flask OAuth 2.0 Server
Token Introspection for Django OAuth 2.0 Server

🎉 OpenID Connect 1.0

OpenID Claims validation
OpenID Connect for Flask OAuth 2.0 Server
OpenID Connect for Django OAuth 2.0 Server

⏳ OpenID Connect Discovery 1.0

Developers can create a JSON file himself.

And more will be added.

Framework Integrations

Framework integrations with current specification implementations:

Security Reporting

If you found security bugs which can not be public, please send me email at me@lepture.com. Attachment with patch is welcome. My PGP Key fingerprint is:

72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C

You can also find it at https://keybase.io/lepture.

License

Authlib is licensed under AGPLv3+. Please see LICENSE for licensing details.

If this license does not fit your company, consider to purchase a commercial license.

Find more information on https://authlib.org/support#commercial-license

About

The ultimate Python library in building OAuth and OpenID Connect servers. JWS,JWK,JWA,JWT included.

https://authlib.org/

Other

Languages

Language:Python 99.9%Language:Makefile 0.1%

steelwalrus / authlib