Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Authlib
The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.
Authlib is compatible with Python2.7+ and Python3.5+.
authorization_server.register_grant(AuthorizationCodeGrant)
authorization_server.register_grant(ImplicitGrant)
authorization_server.register_grant(ResourceOwnerPasswordGrant)
authorization_server.register_grant(ClientCredentialsGrant)
authorization_server.register_grant(RefreshTokenGrant)
authorization_server.register_grant(OpenIDCodeGrant)
authorization_server.register_grant(OpenIDImplicitGrant)
authorization_server.register_grant(OpenIDHybridGrant)
authorization_server.register_endpoint(RevocationEndpoint)
authorization_server.register_endpoint(IntrospectionEndpoint)Sponsors
 |
Get professionally-supported Authlib with the Tidelift Subscription. |
 |
If you want to quickly add secure token-based authentication to Python projects, feel free to check Auth0's Python SDK and free plan at auth0.com/overview. |
Useful Links
- Homepage: https://authlib.org/.
- Documentation: https://docs.authlib.org/.
- Blog: https://blog.authlib.org/.
- Twitter: https://twitter.com/authlib.
- StackOverflow: https://stackoverflow.com/questions/tagged/authlib.
- Other Repositories: https://github.com/authlib.
- Subscribe Tidelift: https://tidelift.com/subscription/pkg/pypi-authlib.
Spec Implementations
Lovely features that Authlib has built-in:
π RFC5849: The OAuth 1.0 Protocol
- OAuth1Session for Requests
- OAuth 1.0 Client for Flask
- OAuth 1.0 Client for Django
- OAuth 1.0 Server for Flask
- OAuth 1.0 Server for Django
π RFC6749: The OAuth 2.0 Authorization Framework
- OAuth2Session for Requests
- OAuth 2.0 Client for Flask
- OAuth 2.0 Client for Django
- OAuth 2.0 Server for Flask
- OAuth 2.0 Server for Django
π RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
- Bearer Token for OAuth2Session
- Bearer Token for Flask OAuth 2.0 Server
- Bearer Token for Django OAuth 2.0 Server
π RFC7009: OAuth 2.0 Token Revocation
- Token Revocation for Flask OAuth 2.0 Server
- Token Revocation for Django OAuth 2.0 Server
π RFC7515: JSON Web Signature (JWS)
- Compact serialize and deserialize
- JSON serialize and deserialize
π RFC7516: JSON Web Encryption (JWE)
- Compact serialize and deserialize
- JSON serialize and deserialize
π RFC7517: JSON Web Key (JWK)
- "oct" algorithm via RFC7518
- "RSA" algorithm via RFC7518
- "EC" algorithm via RFC7518
π RFC7518: JSON Web Algorithms (JWA)
- Algorithms for JWS
- Algorithms for JWE (some of them)
- Algorithms for JWK
π RFC7519: JSON Web Token (JWT)
- Use JWS for JWT
- Use JWE for JWT
- Payload claims validation
π RFC7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
- Common Client for Assertion Framework
- Common Server for Assertion Framework
β³ RFC7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
RFC7522 implementation is in plan.
π RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
- Using JWTs as Client Authorization
- Using JWTs as Authorization Grants
π RFC7591: OAuth 2.0 Dynamic Client Registration Protocol
RFC7591 implementation is in plan. However, Flask SQLAlchemy ClientMixin is designed based on it.
β³ RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol
RFC7592 implementation is in plan.
π RFC7636: Proof Key for Code Exchange by OAuth Public Clients
- Flask/Django client integrations
- Server side grant implementation
π RFC7662: OAuth 2.0 Token Introspection
- Token Introspection for Flask OAuth 2.0 Server
- Token Introspection for Django OAuth 2.0 Server
β³ RFC7797: JSON Web Signature (JWS) Unencoded Payload Option
RFC7797 implementation is in plan.
π RFC8414: OAuth 2.0 Authorization Server Metadata
- Authorization Server Metadata Model
- Well Known URI
- Framework integrations
π OpenID Connect 1.0
- OpenID Claims validation
- OpenID Connect for Flask OAuth 2.0 Server
- OpenID Connect for Django OAuth 2.0 Server
π OpenID Connect Discovery 1.0
- OpenID Provider Metadata Model
- Well Known URI
- Framework integrations
And more will be added.
Framework Integrations
Framework integrations with current specification implementations:
- Requests OAuth 1 Session
- Requests OAuth 2 Session
- Requests Assertion Session
- Flask OAuth 1/2 Client
- Django OAuth 1/2 Client
- Flask OAuth 1.0 Server
- Flask OAuth 2.0 Server
- Flask OpenID Connect 1.0
- Django OAuth 1.0 Server
- Django OAuth 2.0 Server
- Django OpenID Connect Server
Security Reporting
If you found security bugs, please do not send a public issue or patch. You can send me email at me@lepture.com. Attachment with patch is welcome. My PGP Key fingerprint is:
72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C
Or, you can use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
License
Authlib is licensed under BSD. Please see LICENSE for licensing details.
There is also a commercial license which you can purchase at Authlib Plans page.
Support
If you need any help, you can always ask questions on StackOverflow with a tag of "Authlib". DO NOT ASK HELP IN GITHUB ISSUES.
We also provide commercial consulting and supports. You can find more information at https://authlib.org/support.