Authlib (1.6.8)
Installation
pip install --index-url About this package
The ultimate Python library in building OAuth and OpenID Connect servers and clients.
The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.
Authlib is compatible with Python3.9+.
Migrations
Authlib will deprecate authlib.jose module, please read:
Sponsors
 |
If you want to quickly add secure token-based authentication to Python projects, feel free to check Auth0's Python SDK and free plan at auth0.com/overview. |
 |
A blogging and podcast hosting platform with minimal design but powerful features. Host your blog and Podcast with Typlog.com. |
Fund Authlib to access additional features
Features
Generic, spec-compliant implementation to build clients and providers:
- The OAuth 1.0 Protocol
- The OAuth 2.0 Authorization Framework
- RFC6749: The OAuth 2.0 Authorization Framework
- RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
- RFC7009: OAuth 2.0 Token Revocation
- RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants
- RFC7591: OAuth 2.0 Dynamic Client Registration Protocol
- RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol
- RFC7636: Proof Key for Code Exchange by OAuth Public Clients
- RFC7662: OAuth 2.0 Token Introspection
- RFC8414: OAuth 2.0 Authorization Server Metadata
- RFC8628: OAuth 2.0 Device Authorization Grant
- RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
- RFC9101: The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
- RFC9207: OAuth 2.0 Authorization Server Issuer Identification
- Javascript Object Signing and Encryption
- RFC7515: JSON Web Signature
- RFC7516: JSON Web Encryption
- RFC7517: JSON Web Key
- RFC7518: JSON Web Algorithms
- RFC7519: JSON Web Token
- RFC7638: JSON Web Key (JWK) Thumbprint
- RFC7797: JSON Web Signature (JWS) Unencoded Payload Option
- RFC8037: ECDH in JWS and JWE
- draft-madden-jose-ecdh-1pu-04: Public Key Authenticated Encryption for JOSE: ECDH-1PU
- OpenID Connect 1.0
- OpenID Connect Core 1.0
- OpenID Connect Discovery 1.0
- OpenID Connect Dynamic Client Registration 1.0
Connect third party OAuth providers with Authlib built-in client integrations:
Build your own OAuth 1.0, OAuth 2.0, and OpenID Connect providers:
- Flask
- Django
Useful Links
- Homepage: https://authlib.org/.
- Documentation: https://docs.authlib.org/.
- Purchase Commercial License: https://authlib.org/plans.
- Blog: https://blog.authlib.org/.
- Twitter: https://twitter.com/authlib.
- StackOverflow: https://stackoverflow.com/questions/tagged/authlib.
- Other Repositories: https://github.com/authlib.
- Subscribe Tidelift: https://tidelift.com/subscription/pkg/pypi-authlib.
Security Reporting
If you found security bugs, please do not send a public issue or patch. You can send me email at me@lepture.com. Attachment with patch is welcome. My PGP Key fingerprint is:
72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C
Or, you can use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
License
Authlib offers two licenses:
- BSD LICENSE
- COMMERCIAL-LICENSE
Any project, open or closed source, can use the BSD license. If your company needs commercial support, you can purchase a commercial license at Authlib Plans. You can find more information at https://authlib.org/support.