The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.
Authlib is compatible with Python2.7+ and Python3.6+.
authorization_server.register_grant(AuthorizationCodeGrant)
authorization_server.register_grant(ImplicitGrant)
authorization_server.register_grant(ResourceOwnerPasswordGrant)
authorization_server.register_grant(ClientCredentialsGrant)
authorization_server.register_grant(RefreshTokenGrant)
authorization_server.register_grant(AuthorizationCodeGrant, [OpenIDCode()])
authorization_server.register_grant(OpenIDImplicitGrant)
authorization_server.register_grant(OpenIDHybridGrant)
authorization_server.register_endpoint(RevocationEndpoint)
authorization_server.register_endpoint(IntrospectionEndpoint) |
If you want to quickly add secure token-based authentication to Python projects, feel free to check Auth0's Python SDK and free plan at auth0.com/overview. |
 |
For quickly implementing token-based authentication, feel free to check Authing's Python SDK. |
 |
Get professionally-supported Authlib with the Tidelift Subscription. |
Support Me via GitHub Sponsors.
- Homepage: https://authlib.org/.
- Documentation: https://docs.authlib.org/.
- Purchase Commercial License: https://authlib.org/plans.
- Blog: https://blog.authlib.org/.
- Twitter: https://twitter.com/authlib.
- StackOverflow: https://stackoverflow.com/questions/tagged/authlib.
- Other Repositories: https://github.com/authlib.
- Subscribe Tidelift: https://tidelift.com/subscription/pkg/pypi-authlib.
Lovely features that Authlib has built-in:
π RFC5849: The OAuth 1.0 Protocol
- OAuth1Session for Requests
- OAuth1Client for HTTPX
- OAuth 1.0 Client for Flask
- OAuth 1.0 Client for Django
- OAuth 1.0 Server for Flask
- OAuth 1.0 Server for Django
π RFC6749: The OAuth 2.0 Authorization Framework
- OAuth2Session for Requests
- OAuth2Client for HTTPX
- OAuth 2.0 Client for Flask
- OAuth 2.0 Client for Django
- OAuth 2.0 Server for Flask
- OAuth 2.0 Server for Django
π RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
- Bearer Token for OAuth2Session
- Bearer Token for Flask provider
- Bearer Token for Django provider
π RFC7009: OAuth 2.0 Token Revocation
- Token Revocation for Flask provider
- Token Revocation for Django provider
π RFC7515: JSON Web Signature (JWS)
- Compact serialize and deserialize
- JSON serialize and deserialize
π RFC7516: JSON Web Encryption (JWE)
- Compact serialize and deserialize
- JSON serialize and deserialize
π RFC7517: JSON Web Key (JWK)
- "oct" algorithm via RFC7518
- "RSA" algorithm via RFC7518
- "EC" algorithm via RFC7518
π RFC7518: JSON Web Algorithms (JWA)
- Algorithms for JWS
- Algorithms for JWE (some of them)
- Algorithms for JWK
π RFC7519: JSON Web Token (JWT)
- Use JWS for JWT
- Use JWE for JWT
- Payload claims validation
π RFC7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
- Common Client for Assertion Framework
- Common Server for Assertion Framework
β³ RFC7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC7522 will not be included in Authlib.
π RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
- Using JWTs as Client Authorization
- Using JWTs as Authorization Grants
π RFC7591: OAuth 2.0 Dynamic Client Registration Protocol
- Dynamic Client Registration Endpoint for Flask OAuth 2.0 Server
- Dynamic Client Registration Endpoint for Django OAuth 2.0 Server
β³ RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol
RFC7592 implementation is in plan.
π RFC7636: Proof Key for Code Exchange by OAuth Public Clients
- Requests, HTTPX, Flask, Django, Starlette integrations
- Server side grant implementation
π RFC7662: OAuth 2.0 Token Introspection
- Token Introspection for Flask OAuth 2.0 Server
- Token Introspection for Django OAuth 2.0 Server
β³ RFC7797: JSON Web Signature (JWS) Unencoded Payload Option
RFC7797 implementation is in plan.
π RFC8414: OAuth 2.0 Authorization Server Metadata
- Authorization Server Metadata Model
- Well Known URI
- Framework integrations
π RFC8628: OAuth 2.0 Device Authorization Grant
- Device Authorization Endpoint
- Device Code Grant
π OpenID Connect Core 1.0
- OpenID Code Flow
- OpenID Implicit Flow
- OpenID Hybrid Flow
- OpenID Claims validation
- Form Post Response Mode
- OpenID Connect for Flask OAuth 2.0 Server
- OpenID Connect for Django OAuth 2.0 Server
π OpenID Connect Discovery 1.0
- OpenID Provider Metadata Model
- Well Known URI
- Framework integrations
And more will be added.
Framework integrations with current specification implementations:
- Requests OAuth 1/2 Session
- Requests Assertion Session
- HTTPX sync/async OAuth 1/2 Session
- HTTPX sync/async Assertion Session
- Flask OAuth 1/2 Client
- Django OAuth 1/2 Client
- Starlette OAuth 1/2 Client
- Flask OAuth 1.0 Provider
- Flask OAuth 2.0 Provider
- Flask OpenID Connect 1.0
- Django OAuth 1.0 Provider
- Django OAuth 2.0 Provider
- Django OpenID Connect 1.0
If you found security bugs, please do not send a public issue or patch. You can send me email at me@lepture.com. Attachment with patch is welcome. My PGP Key fingerprint is:
72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C
Or, you can use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Authlib offers two licenses:
- BSD for open source projects
- Commercial license for closed source projects
Companies can purchase a commercial license at Authlib Plans.
If you need any help, you can always ask questions on StackOverflow with a tag of "Authlib". DO NOT ASK HELP IN GITHUB ISSUES.
We also provide commercial consulting and supports. You can find more information at https://authlib.org/support.