Awesome
<a href="https://authlib.org/"> <img align="right" width="120" height="120" src="https://authlib.org/assets/logo.svg"> </a>Authlib
<a href="https://github.com/sponsors/lepture"><img src="https://badgen.net/badge/support/authlib/ff69b4?icon=patreon" /></a> <a href="https://github.com/lepture/authlib/actions"><img src="https://github.com/lepture/authlib/workflows/tests/badge.svg" alt="Build Status"></a> <a href="https://codecov.io/gh/lepture/authlib?branch=master"><img src="https://badgen.net/codecov/c/github/lepture/authlib" alt="Coverage Status"></a> <a href="https://pypi.org/project/Authlib/"><img src="https://badgen.net/pypi/v/authlib" alt="PyPI Version"></a> <a href="https://codeclimate.com/github/lepture/authlib/maintainability"><img src="https://badgen.net/codeclimate/maintainability/lepture/authlib?icon=codeclimate" alt="Maintainability" /></a> <a href="https://twitter.com/intent/follow?screen_name=authlib"><img src="https://img.shields.io/twitter/follow/authlib.svg?maxAge=3600&style=social&logo=twitter&label=Follow" alt="Follow Twitter"></a>
The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.
Authlib is compatible with Python3.6+.
Migrating from authlib.jose to joserfc
Sponsors
<table> <tr> <td><img align="middle" width="48" src="https://avatars.githubusercontent.com/u/105941848?s=200&v=4"></td> <td>Kraken is the world's leading customer & culture platform for energy, water & broadband. Licensing enquiries at <a href="https://kraken.tech/">Kraken.tech</a>. </td> </tr> <tr> <td><img align="middle" width="48" src="https://typlog.com/assets/icon-black.svg"></td> <td>A blogging and podcast hosting platform with minimal design but powerful features. Host your blog and Podcast with <a href="https://typlog.com/">Typlog.com</a>. </td> </tr> </table>Fund Authlib to access additional features
Features
Generic, spec-compliant implementation to build clients and providers:
- The OAuth 1.0 Protocol
- The OAuth 2.0 Authorization Framework
- RFC6749: The OAuth 2.0 Authorization Framework
- RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
- RFC7009: OAuth 2.0 Token Revocation
- RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants
- RFC7591: OAuth 2.0 Dynamic Client Registration Protocol
- RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol
- RFC7636: Proof Key for Code Exchange by OAuth Public Clients
- RFC7662: OAuth 2.0 Token Introspection
- RFC8414: OAuth 2.0 Authorization Server Metadata
- RFC8628: OAuth 2.0 Device Authorization Grant
- RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
- Javascript Object Signing and Encryption
- RFC7515: JSON Web Signature
- RFC7516: JSON Web Encryption
- RFC7517: JSON Web Key
- RFC7518: JSON Web Algorithms
- RFC7519: JSON Web Token
- RFC7638: JSON Web Key (JWK) Thumbprint
- RFC7797: JSON Web Signature (JWS) Unencoded Payload Option
- RFC8037: ECDH in JWS and JWE
- draft-madden-jose-ecdh-1pu-04: Public Key Authenticated Encryption for JOSE: ECDH-1PU
- OpenID Connect 1.0
- OpenID Connect Core 1.0
- OpenID Connect Discovery 1.0
Connect third party OAuth providers with Authlib built-in client integrations:
Build your own OAuth 1.0, OAuth 2.0, and OpenID Connect providers:
- Flask
- Django
Useful Links
- Homepage: https://authlib.org/.
- Documentation: https://docs.authlib.org/.
- Purchase Commercial License: https://authlib.org/plans.
- Blog: https://blog.authlib.org/.
- Twitter: https://twitter.com/authlib.
- StackOverflow: https://stackoverflow.com/questions/tagged/authlib.
- Other Repositories: https://github.com/authlib.
- Subscribe Tidelift: https://tidelift.com/subscription/pkg/pypi-authlib.
Security Reporting
If you found security bugs, please do not send a public issue or patch. You can send me email at me@lepture.com. Attachment with patch is welcome. My PGP Key fingerprint is:
72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C
Or, you can use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
License
Authlib offers two licenses:
- BSD (LICENSE)
- COMMERCIAL-LICENSE
Companies can purchase a commercial license at Authlib Plans.
If your company is creating a closed source OAuth provider, it is strongly suggested that your company purchasing a commercial license.
Support
If you need any help, you can always ask questions on StackOverflow with a tag of "Authlib". DO NOT ASK HELP IN GITHUB ISSUES.
We also provide commercial consulting and supports. You can find more information at https://authlib.org/support.