Programming language: Python
License: BSD 3-clause "New" or "Revised" License
Tags: HTTP     Django     Flask     Authentication     OAuth     Internet     WWW     WSGI     Dynamic Content     Application    
Latest version: v0.13

authlib alternatives and similar packages

Based on the "OAuth" category

Do you think we are missing an alternative of authlib or a related project?

Add another 'OAuth' Package



The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.

Authlib is compatible with Python2.7+ and Python3.6+.

authorization_server.register_grant(AuthorizationCodeGrant, [OpenIDCode()])


If you want to quickly add secure token-based authentication to Python projects, feel free to check Auth0's Python SDK and free plan at auth0.com/overview. For quickly implementing token-based authencation, feel free to check Authing's Python SDK. Get professionally-supported Authlib with the Tidelift Subscription.

Support Me via GitHub Sponsors.

  1. Homepage: https://authlib.org/.
  2. Documentation: https://docs.authlib.org/.
  3. Purchase Commercial License: https://authlib.org/plans.
  4. Blog: https://blog.authlib.org/.
  5. Twitter: https://twitter.com/authlib.
  6. StackOverflow: https://stackoverflow.com/questions/tagged/authlib.
  7. Other Repositories: https://github.com/authlib.
  8. Subscribe Tidelift: https://tidelift.com/subscription/pkg/pypi-authlib.

Spec Implementations

Lovely features that Authlib has built-in:

🎉 RFC5849: The OAuth 1.0 Protocol

  • [x] OAuth1Session for Requests
  • [x] OAuth1Client for HTTPX
  • [x] OAuth 1.0 Client for Flask
  • [x] OAuth 1.0 Client for Django
  • [x] OAuth 1.0 Server for Flask
  • [x] OAuth 1.0 Server for Django

🎉 RFC6749: The OAuth 2.0 Authorization Framework

  • [x] OAuth2Session for Requests
  • [x] OAuth2Client for HTTPX
  • [x] OAuth 2.0 Client for Flask
  • [x] OAuth 2.0 Client for Django
  • [x] OAuth 2.0 Server for Flask
  • [x] OAuth 2.0 Server for Django

🎉 RFC6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage

  • [x] Bearer Token for OAuth2Session
  • [x] Bearer Token for Flask provider
  • [x] Bearer Token for Django provider

🎉 RFC7009: OAuth 2.0 Token Revocation

  • [x] Token Revocation for Flask provider
  • [x] Token Revocation for Django provider

🎉 RFC7515: JSON Web Signature (JWS)

  • [x] Compact serialize and deserialize
  • [x] JSON serialize and deserialize

🎉 RFC7516: JSON Web Encryption (JWE)

  • [x] Compact serialize and deserialize
  • [ ] JSON serialize and deserialize

🎉 RFC7517: JSON Web Key (JWK)

  • [x] "oct" algorithm via RFC7518
  • [x] "RSA" algorithm via RFC7518
  • [x] "EC" algorithm via RFC7518

🎉 RFC7518: JSON Web Algorithms (JWA)

  • [x] Algorithms for JWS
  • [x] Algorithms for JWE (some of them)
  • [x] Algorithms for JWK

🎉 RFC7519: JSON Web Token (JWT)

  • [x] Use JWS for JWT
  • [x] Use JWE for JWT
  • [x] Payload claims validation

🎉 RFC7521: Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants

  • [x] Common Client for Assertion Framework
  • [ ] Common Server for Assertion Framework

⏳ RFC7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants RFC7522 will not be included in Authlib.

🎉 RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants

  • [x] Using JWTs as Client Authorization
  • [x] Using JWTs as Authorization Grants

🎉 RFC7591: OAuth 2.0 Dynamic Client Registration Protocol

  • [x] Dynamic Client Registration Endpoint for Flask OAuth 2.0 Server
  • [x] Dynamic Client Registration Endpoint for Django OAuth 2.0 Server

⏳ RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol RFC7592 implementation is in plan.

🎉 RFC7636: Proof Key for Code Exchange by OAuth Public Clients

  • [x] Requests, HTTPX, Flask, Django, Starlette integrations
  • [x] Server side grant implementation

🎉 RFC7662: OAuth 2.0 Token Introspection

  • [x] Token Introspection for Flask OAuth 2.0 Server
  • [x] Token Introspection for Django OAuth 2.0 Server

⏳ RFC7797: JSON Web Signature (JWS) Unencoded Payload Option RFC7797 implementation is in plan.

🎉 RFC8414: OAuth 2.0 Authorization Server Metadata

  • [x] Authorization Server Metadata Model
  • [x] Well Known URI
  • [x] Framework integrations

🎉 RFC8628: OAuth 2.0 Device Authorization Grant

  • [x] Device Authorization Endpoint
  • [x] Device Code Grant

🎉 OpenID Connect Core 1.0

  • [x] OpenID Code Flow
  • [x] OpenID Implicit Flow
  • [x] OpenID Hybrid Flow
  • [x] OpenID Claims validation
  • [x] Form Post Response Mode
  • [x] OpenID Connect for Flask OAuth 2.0 Server
  • [x] OpenID Connect for Django OAuth 2.0 Server

🎉 OpenID Connect Discovery 1.0

  • [x] OpenID Provider Metadata Model
  • [x] Well Known URI
  • [x] Framework integrations

And more will be added.

Framework Integrations

Framework integrations with current specification implementations:

  • [x] Requests OAuth 1/2 Session
  • [x] Requests Assertion Session
  • [x] HTTPX sync/async OAuth 1/2 Session
  • [x] HTTPX sync/async Assertion Session
  • [x] Flask OAuth 1/2 Client
  • [x] Django OAuth 1/2 Client
  • [x] Starlette OAuth 1/2 Client
  • [x] Flask OAuth 1.0 Provider
  • [x] Flask OAuth 2.0 Provider
  • [x] Flask OpenID Connect 1.0
  • [x] Django OAuth 1.0 Provider
  • [x] Django OAuth 2.0 Provider
  • [x] Django OpenID Connect 1.0

Security Reporting

If you found security bugs, please do not send a public issue or patch. You can send me email at me@lepture.com. Attachment with patch is welcome. My PGP Key fingerprint is:

72F8 E895 A70C EBDF 4F2A DFE0 7E55 E3E0 118B 2B4C

Or, you can use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.


Authlib offers two licenses:

  1. BSD for open source projects
  2. Commercial license for closed source projects

Companies can purchase a commercial license at Authlib Plans.


If you need any help, you can always ask questions on StackOverflow with a tag of "Authlib". DO NOT ASK HELP IN GITHUB ISSUES.

We also provide commercial consulting and supports. You can find more information at https://authlib.org/support.

*Note that all licence references and agreements mentioned in the authlib README section above are relevant to that project's source code only.