awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
authlib avatar

authlib/authlib

0
View on GitHub↗
5,346 estrellas·541 forks·Python·BSD-3-Clause·4 vistasauthlib.org↗

Authlib

Authlib es una librería integral de Python para construir e integrar clientes y servidores de OAuth 1.0, OAuth 2.0 y OpenID Connect. Proporciona un conjunto unificado de herramientas para gestionar flujos de autenticación y autorización, permitiendo que las aplicaciones actúen como cliente conectándose a proveedores de identidad externos o como proveedor emitiendo tokens y gestionando identidades de usuario.

El proyecto se distingue por una implementación completa de los estándares JOSE, ofreciendo un conjunto de herramientas criptográficas para generar, firmar, cifrar y validar JSON Web Tokens, firmas, cifrado y claves. Admite una amplia gama de algoritmos, incluyendo RSA, ECDSA, EdDSA y HMAC, así como funcionalidad especializada para la gestión de JSON Web Key y descifrado de contenido.

Más allá de los protocolos de identidad principales, la librería cubre la lógica del servidor de autorización, incluyendo despacho de tipos de concesión, gestión del ciclo de vida de tokens y registro dinámico de clientes. También incluye capacidades para la protección del servidor de recursos mediante validación de tokens de portador (bearer), seguridad PKCE e introspección de tokens.

La librería está diseñada con una capa de transporte compatible con asincronía para admitir varios frameworks web de Python.

Features

  • JOSE Specifications - Provides a comprehensive implementation of JOSE standards, including JWS, JWE, and JWK.
  • OAuth 2.0 Authorization Servers - Provides a full authorization server implementation that manages client registrations and issues access tokens.
  • OpenID Connect Support - Provides a comprehensive implementation of the OpenID Connect protocol for user authentication and profile management.
  • Access and Refresh Token Issuances - Generates and stores access and refresh tokens after successful authorization flows.
  • JWT Format Tokens - Generates signed JSON Web Tokens as access tokens containing identity claims and expiration timestamps.
  • OpenID Connect Token Validations - Parses and validates OpenID Connect identity tokens to establish and verify user identity.
  • Metadata Validations - Validates client configurations including allowed grant types and redirect URIs for authorization requests.
  • Token Lifecycle Management - Tracks token expiration and revocation status to manage the validity of active sessions.
  • JWT Parsing - Implements the process of decoding compact token strings and retrieving payloads through signature validation.
  • JWT Claim Validation - Verifies standard claims within JSON Web Tokens to ensure essential payload data is present and valid.
  • JWT Generation - Implements the process of creating signed or encrypted JSON Web Tokens for secure data transmission.
  • Token Generation - Creates token dictionaries including access and refresh tokens based on grant types and requested scopes.
  • OAuth 2.0 Authorization Flows - Implements standard OAuth 2.0 client flows for exchanging authorization codes and managing tokens.
  • Client Registrations - Provides an API endpoint for dynamic OAuth client registration, including support for JWT software statements.
  • OAuth 2.0 Client Implementations - Integrates with external authorization servers to request access tokens and authenticate users across environments.
  • OAuth 2.0 Resource Servers - Provides a full implementation for building OAuth 2.0 resource servers that protect APIs through token validation.
  • OAuth and OpenID Connect Libraries - Serves as a comprehensive Python library for building OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers.
  • OAuth Grant Type Handlers - Routes authorization requests to specific handler logic based on the OAuth 2.0 grant type parameter.
  • OpenID Connect Providers - Implements OpenID Connect providers to issue identity tokens and enable standardized single sign-on.
  • Grant Handling - Implements OpenID Connect authorization request handling with support for code, implicit, and hybrid flows.
  • JWT Signing and Verification - Provides capabilities for creating and validating JSON Web Tokens using HMAC, RSA, and ECDSA signatures.
  • Token Signing Operations - Implements cryptographic signing of tokens using private keys to ensure client authenticity and integrity.
  • Authorization Code Management - Manages the creation and validation of short-lived authorization codes for confidential clients.
  • OAuth Client Metadata Validations - Validates incoming request parameters against registered client configurations to enforce redirect URIs and grant permissions.
  • Stateless Token Validation - Verifies JWT authenticity and claims locally using cryptographic signatures without database lookups.
  • OAuth Bearer Token Middlewares - Provides middleware to validate bearer tokens and verify permissions for protecting API endpoints.
  • OAuth Client Management - Allows editing and deleting registered OAuth clients via an API using the Dynamic Client Registration Management Protocol.
  • OAuth Client Registrations - Exposes standard endpoints for dynamic client registration and discovery according to RFC specifications.
  • OAuth 1.0 Authenticators - Implements the OAuth 1.0 protocol to authenticate requests to legacy APIs.
  • Token Revocation - Implements a dedicated endpoint for invalidating access and refresh tokens to prevent unauthorized continued use.
  • ECDSA JWT Signers - Uses the Elliptic Curve Digital Signature Algorithm to create compact asymmetric signatures for JSON Web Tokens.
  • RSA Signing Implementations - Implements RSA public-key cryptography with PKCS1v15 or PSS padding for asymmetric token signing.
  • Encrypted JWT Generation - Secures token payloads using symmetric or asymmetric encryption algorithms via the JWE standard.
  • JSON Web Key Pair Management - Provides tools to import and export JSON Web Keys using specific curve specifications like Ed25519 and X25519.
  • ECDH-ES Implementations - Implements the Elliptic Curve Diffie-Hellman Ephemeral Static algorithm for JSON Web Encryption.
  • HMAC JWT Signers - Implements symmetric signing for JSON Web Tokens using shared secrets and HMAC-SHA hashing.
  • Service Account Authorization - Handles automatic token authorization for service-to-service account communication using the Assertion Framework.
  • Service Account Authenticators - Obtains authorization grants using assertion-based service accounts to enable non-interactive logins.
  • OAuth Device Flows - Facilitates the OAuth 2.0 Device Authorization Grant for users on input-constrained devices.
  • JSON Web Key Imports - Converts PEM, JSON, or raw bytes into standardized JSON Web Key (JWK) structures.
  • Key Resolution - Identifies and selects the correct public key from a set to verify a specific token signature.
  • JSON Web Signatures - Implements the JWS standard to create and verify signed payloads using symmetric and asymmetric algorithms.
  • JWT Authentication - Verifies the identity of a client using signed JWT assertions with symmetric or asymmetric keys.
  • JSON Web - Configures and manages cryptographic keys following the JSON Web Key (JWK) standard.
  • JSON Web Encryption Decryptions - Decodes compact JWE strings back into their original header and payload using private keys.
  • OAuth 1.0 Authentication Strategies - Manages authorization requests and user approval flows specifically for the OAuth 1.0 protocol.
  • PKCE Authorization Flows - Secures authorization code flows using code challenges and verifiers to protect public clients from interception.
  • OAuth Client Authentications - Verifies client identities using multiple methods, including HTTP Basic, POST parameters, or custom logic.
  • Token Payload Encryption - Secures token content using key wrapping and encryption algorithms such as RSA, AES, and ECDH-ES.
  • Client Registrations - Provides registration and configuration of third-party services as OIDC clients with support for OIDC-specific metadata.
  • UserInfo Endpoints - Exposes UserInfo endpoints to return authenticated user profile information as JSON payloads or signed JWTs.
  • Pluggable Token Persistence - Allows developers to define custom storage logic for access and refresh tokens via callbacks.
  • Bearer Token Validators - Provides tools to verify that bearer access tokens are active and possess the required scopes.
  • JWT Token Validators - Verifies the authenticity, expiration, and claims of incoming JSON Web Tokens to protect resources.
  • Token Introspection - Checks the current validity and metadata of a token by querying a remote introspection endpoint.
  • Token Introspection and Revocation Endpoints - Exposes standard OAuth 2.0 endpoints for checking token validity and metadata.
  • EdDSA Signatures - Uses the Edwards-curve Digital Signature Algorithm to sign payloads within JSON Web Signatures.
  • JWT Grant Validation - Validates signed tokens as authorization grants to issue access tokens without traditional credentials.
  • Device Grant Implementations - Implements the OAuth 2.0 Device Authorization Grant, coordinating device codes and user verification.
  • Async-Sync Compatibility Layers - Provides an architectural bridge allowing authentication logic to work in both synchronous and asynchronous Python environments.
  • Authentication - Listed in the “Authentication” section of the Awesome Python awesome list.
  • Authentication and Permissions - JavaScript Object Signing and Encryption draft implementation.

Historial de estrellas

Gráfico del historial de estrellas de authlib/authlibGráfico del historial de estrellas de authlib/authlib

Búsqueda con IA

Explora más repositorios increíbles

Describe lo que necesitas en lenguaje sencillo: la IA clasifica miles de proyectos open-source curados por relevancia.

Start searching with AI

Alternativas open-source a Authlib

Proyectos open-source similares, clasificados según cuántas características comparten con Authlib.
  • lepture/authlibAvatar de lepture

    lepture/authlib

    5,346Ver en GitHub↗

    Authlib is a comprehensive Python framework for implementing OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a complete toolkit for identity management, spanning the development of authorization servers, resource servers, and client-side integrations. The library distinguishes itself through a full implementation of the JOSE specifications, including JSON Web Tokens, Encryption, Signatures, and Keys. It features specialized capabilities for non-interactive authentication via service account assertion frameworks and a compliance-correction layer designed to handle ide

    Python
    Ver en GitHub↗5,346
  • doorkeeper-gem/doorkeeperAvatar de doorkeeper-gem

    doorkeeper-gem/doorkeeper

    5,501Ver en GitHub↗

    Doorkeeper is an OAuth 2 authorization server and provider for Ruby on Rails and Grape applications. It provides the necessary framework to build an authorization server that issues and validates security tokens for third-party applications, effectively acting as a security middleware to protect API endpoints. The project integrates an identity layer via OpenID Connect to verify user identities and retrieve profile information. It supports a variety of security patterns, including the implementation of the PKCE flow for public clients and the issuance of stateless JSON Web Tokens. Its broade

    Ruby
    Ver en GitHub↗5,501
  • anomalyco/openauthAvatar de anomalyco

    anomalyco/openauth

    6,971Ver en GitHub↗

    OpenAuth is a standards-based authentication server and identity provider that implements OAuth 2.0 and OpenID Connect protocols. It serves as a centralized system for managing user identities, issuing access tokens, and orchestrating authentication flows across various services. The project functions as a federated identity gateway, aggregating external providers such as Google, GitHub, Microsoft, Apple, and Discord into a unified login flow. It distinguishes itself with a multi-tenant architecture that supports pluggable identity providers and customizable user interface frameworks for bran

    TypeScript
    Ver en GitHub↗6,971
  • thephpleague/oauth2-serverAvatar de thephpleague

    thephpleague/oauth2-server

    6,650Ver en GitHub↗

    This project is a PHP library for implementing a spec-compliant OAuth 2.0 authorization server. It serves as an authentication framework for managing user identities and client authorizations, providing the necessary components to issue and validate access and refresh tokens. The server supports a wide range of standardized authorization flows, including authorization code exchange, device grants, implicit flows, and PKCE enforcement. It handles complex token lifecycles through refresh token rotation, scope management, and the use of asymmetric keys for signing digital tokens. The system pro

    PHPoauthoauth2oauth2-server
    Ver en GitHub↗6,650
Ver las 30 alternativas a Authlib→

Preguntas frecuentes

¿Qué hace authlib/authlib?

Authlib es una librería integral de Python para construir e integrar clientes y servidores de OAuth 1.0, OAuth 2.0 y OpenID Connect. Proporciona un conjunto unificado de herramientas para gestionar flujos de autenticación y autorización, permitiendo que las aplicaciones actúen como cliente conectándose a proveedores de identidad externos o como proveedor emitiendo tokens y gestionando identidades de usuario.

¿Cuáles son las características principales de authlib/authlib?

Las características principales de authlib/authlib son: JOSE Specifications, OAuth 2.0 Authorization Servers, OpenID Connect Support, Access and Refresh Token Issuances, JWT Format Tokens, OpenID Connect Token Validations, Metadata Validations, Token Lifecycle Management.

¿Qué alternativas de código abierto existen para authlib/authlib?

Las alternativas de código abierto para authlib/authlib incluyen: lepture/authlib — Authlib is a comprehensive Python framework for implementing OAuth 1.0, OAuth 2.0, and OpenID Connect clients and… doorkeeper-gem/doorkeeper — Doorkeeper is an OAuth 2 authorization server and provider for Ruby on Rails and Grape applications. It provides the… anomalyco/openauth — OpenAuth is a standards-based authentication server and identity provider that implements OAuth 2.0 and OpenID Connect… thephpleague/oauth2-server — This project is a PHP library for implementing a spec-compliant OAuth 2.0 authorization server. It serves as an… openiddict/openiddict-core — This project is a .NET identity stack and server framework used to build certified OpenID Connect and OAuth 2.0… jwtk/jjwt — This is a Java library and framework for creating, parsing, and validating JSON Web Tokens within Java and Android…