awesome-repositories.com
Blog
awesome-repositories.com

Découvrez les meilleurs dépôts open-source grâce à notre recherche par IA.

ExplorerRecherches sélectionnéesAlternatives open sourceLogiciels auto-hébergésBlogPlan du site
ProjetÀ proposNotre méthodologiePresseServeur MCP
Mentions légalesConfidentialitéConditions d'utilisation
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
authlib avatar

authlib/authlib

0
View on GitHub↗
5,346 stars·541 forks·Python·BSD-3-Clause·4 vuesauthlib.org↗

Authlib

Authlib est une bibliothèque Python complète pour construire et intégrer des clients et serveurs OAuth 1.0, OAuth 2.0 et OpenID Connect. Elle fournit un ensemble unifié d'outils pour gérer les flux d'authentification et d'autorisation, permettant aux applications d'agir soit comme un client se connectant à des fournisseurs d'identité externes, soit comme un fournisseur émettant des jetons et gérant les identités des utilisateurs.

Le projet se distingue par une implémentation complète des standards JOSE, offrant une suite d'outils cryptographiques pour générer, signer, chiffrer et valider les JSON Web Tokens, signatures, chiffrement et clés. Elle supporte un large éventail d'algorithmes, incluant RSA, ECDSA, EdDSA et HMAC, ainsi qu'une fonctionnalité spécialisée pour la gestion des JSON Web Keys et le déchiffrement de contenu.

Au-delà des protocoles d'identité de base, la bibliothèque couvre la logique de serveur d'autorisation, incluant le dispatching des types de grant, la gestion du cycle de vie des jetons et l'enregistrement dynamique de clients. Elle inclut également des capacités pour la protection des serveurs de ressources via la validation de jetons bearer, la sécurité PKCE et l'introspection de jetons.

La bibliothèque est conçue avec une couche de transport compatible asynchrone pour supporter divers frameworks web Python.

Features

  • JOSE Specifications - Provides a comprehensive implementation of JOSE standards, including JWS, JWE, and JWK.
  • OAuth 2.0 Authorization Servers - Provides a full authorization server implementation that manages client registrations and issues access tokens.
  • OpenID Connect Support - Provides a comprehensive implementation of the OpenID Connect protocol for user authentication and profile management.
  • Access and Refresh Token Issuances - Generates and stores access and refresh tokens after successful authorization flows.
  • JWT Format Tokens - Generates signed JSON Web Tokens as access tokens containing identity claims and expiration timestamps.
  • OpenID Connect Token Validations - Parses and validates OpenID Connect identity tokens to establish and verify user identity.
  • Metadata Validations - Validates client configurations including allowed grant types and redirect URIs for authorization requests.
  • Token Lifecycle Management - Tracks token expiration and revocation status to manage the validity of active sessions.
  • JWT Parsing - Implements the process of decoding compact token strings and retrieving payloads through signature validation.
  • JWT Claim Validation - Verifies standard claims within JSON Web Tokens to ensure essential payload data is present and valid.
  • JWT Generation - Implements the process of creating signed or encrypted JSON Web Tokens for secure data transmission.
  • Token Generation - Creates token dictionaries including access and refresh tokens based on grant types and requested scopes.
  • OAuth 2.0 Authorization Flows - Implements standard OAuth 2.0 client flows for exchanging authorization codes and managing tokens.
  • Client Registrations - Provides an API endpoint for dynamic OAuth client registration, including support for JWT software statements.
  • OAuth 2.0 Client Implementations - Integrates with external authorization servers to request access tokens and authenticate users across environments.
  • OAuth 2.0 Resource Servers - Provides a full implementation for building OAuth 2.0 resource servers that protect APIs through token validation.
  • OAuth and OpenID Connect Libraries - Serves as a comprehensive Python library for building OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers.
  • OAuth Grant Type Handlers - Routes authorization requests to specific handler logic based on the OAuth 2.0 grant type parameter.
  • OpenID Connect Providers - Implements OpenID Connect providers to issue identity tokens and enable standardized single sign-on.
  • Grant Handling - Implements OpenID Connect authorization request handling with support for code, implicit, and hybrid flows.
  • JWT Signing and Verification - Provides capabilities for creating and validating JSON Web Tokens using HMAC, RSA, and ECDSA signatures.
  • Token Signing Operations - Implements cryptographic signing of tokens using private keys to ensure client authenticity and integrity.
  • Authorization Code Management - Manages the creation and validation of short-lived authorization codes for confidential clients.
  • OAuth Client Metadata Validations - Validates incoming request parameters against registered client configurations to enforce redirect URIs and grant permissions.
  • Stateless Token Validation - Verifies JWT authenticity and claims locally using cryptographic signatures without database lookups.
  • OAuth Bearer Token Middlewares - Provides middleware to validate bearer tokens and verify permissions for protecting API endpoints.
  • OAuth Client Management - Allows editing and deleting registered OAuth clients via an API using the Dynamic Client Registration Management Protocol.
  • OAuth Client Registrations - Exposes standard endpoints for dynamic client registration and discovery according to RFC specifications.
  • OAuth 1.0 Authenticators - Implements the OAuth 1.0 protocol to authenticate requests to legacy APIs.
  • Token Revocation - Implements a dedicated endpoint for invalidating access and refresh tokens to prevent unauthorized continued use.
  • ECDSA JWT Signers - Uses the Elliptic Curve Digital Signature Algorithm to create compact asymmetric signatures for JSON Web Tokens.
  • RSA Signing Implementations - Implements RSA public-key cryptography with PKCS1v15 or PSS padding for asymmetric token signing.
  • Encrypted JWT Generation - Secures token payloads using symmetric or asymmetric encryption algorithms via the JWE standard.
  • JSON Web Key Pair Management - Provides tools to import and export JSON Web Keys using specific curve specifications like Ed25519 and X25519.
  • ECDH-ES Implementations - Implements the Elliptic Curve Diffie-Hellman Ephemeral Static algorithm for JSON Web Encryption.
  • HMAC JWT Signers - Implements symmetric signing for JSON Web Tokens using shared secrets and HMAC-SHA hashing.
  • Service Account Authorization - Handles automatic token authorization for service-to-service account communication using the Assertion Framework.
  • Service Account Authenticators - Obtains authorization grants using assertion-based service accounts to enable non-interactive logins.
  • OAuth Device Flows - Facilitates the OAuth 2.0 Device Authorization Grant for users on input-constrained devices.
  • JSON Web Key Imports - Converts PEM, JSON, or raw bytes into standardized JSON Web Key (JWK) structures.
  • Key Resolution - Identifies and selects the correct public key from a set to verify a specific token signature.
  • JSON Web Signatures - Implements the JWS standard to create and verify signed payloads using symmetric and asymmetric algorithms.
  • JWT Authentication - Verifies the identity of a client using signed JWT assertions with symmetric or asymmetric keys.
  • JSON Web - Configures and manages cryptographic keys following the JSON Web Key (JWK) standard.
  • JSON Web Encryption Decryptions - Decodes compact JWE strings back into their original header and payload using private keys.
  • OAuth 1.0 Authentication Strategies - Manages authorization requests and user approval flows specifically for the OAuth 1.0 protocol.
  • PKCE Authorization Flows - Secures authorization code flows using code challenges and verifiers to protect public clients from interception.
  • OAuth Client Authentications - Verifies client identities using multiple methods, including HTTP Basic, POST parameters, or custom logic.
  • Token Payload Encryption - Secures token content using key wrapping and encryption algorithms such as RSA, AES, and ECDH-ES.
  • Client Registrations - Provides registration and configuration of third-party services as OIDC clients with support for OIDC-specific metadata.
  • UserInfo Endpoints - Exposes UserInfo endpoints to return authenticated user profile information as JSON payloads or signed JWTs.
  • Pluggable Token Persistence - Allows developers to define custom storage logic for access and refresh tokens via callbacks.
  • Bearer Token Validators - Provides tools to verify that bearer access tokens are active and possess the required scopes.
  • JWT Token Validators - Verifies the authenticity, expiration, and claims of incoming JSON Web Tokens to protect resources.
  • Token Introspection - Checks the current validity and metadata of a token by querying a remote introspection endpoint.
  • Token Introspection and Revocation Endpoints - Exposes standard OAuth 2.0 endpoints for checking token validity and metadata.
  • EdDSA Signatures - Uses the Edwards-curve Digital Signature Algorithm to sign payloads within JSON Web Signatures.
  • JWT Grant Validation - Validates signed tokens as authorization grants to issue access tokens without traditional credentials.
  • Device Grant Implementations - Implements the OAuth 2.0 Device Authorization Grant, coordinating device codes and user verification.
  • Async-Sync Compatibility Layers - Provides an architectural bridge allowing authentication logic to work in both synchronous and asynchronous Python environments.
  • Authentication - Listed in the “Authentication” section of the Awesome Python awesome list.
  • Authentication and Permissions - JavaScript Object Signing and Encryption draft implementation.

Historique des stars

Graphique de l'historique des stars pour authlib/authlibGraphique de l'historique des stars pour authlib/authlib

Recherche par IA

Explorez plus de dépôts awesome

Décrivez vos besoins en langage naturel — l'IA classe des milliers de projets open source sélectionnés par pertinence.

Start searching with AI

Alternatives open source à Authlib

Projets open source similaires, classés selon le nombre de fonctionnalités partagées avec Authlib.
  • lepture/authlibAvatar de lepture

    lepture/authlib

    5,346Voir sur GitHub↗

    Authlib is a comprehensive Python framework for implementing OAuth 1.0, OAuth 2.0, and OpenID Connect clients and servers. It provides a complete toolkit for identity management, spanning the development of authorization servers, resource servers, and client-side integrations. The library distinguishes itself through a full implementation of the JOSE specifications, including JSON Web Tokens, Encryption, Signatures, and Keys. It features specialized capabilities for non-interactive authentication via service account assertion frameworks and a compliance-correction layer designed to handle ide

    Python
    Voir sur GitHub↗5,346
  • doorkeeper-gem/doorkeeperAvatar de doorkeeper-gem

    doorkeeper-gem/doorkeeper

    5,501Voir sur GitHub↗

    Doorkeeper is an OAuth 2 authorization server and provider for Ruby on Rails and Grape applications. It provides the necessary framework to build an authorization server that issues and validates security tokens for third-party applications, effectively acting as a security middleware to protect API endpoints. The project integrates an identity layer via OpenID Connect to verify user identities and retrieve profile information. It supports a variety of security patterns, including the implementation of the PKCE flow for public clients and the issuance of stateless JSON Web Tokens. Its broade

    Ruby
    Voir sur GitHub↗5,501
  • anomalyco/openauthAvatar de anomalyco

    anomalyco/openauth

    6,971Voir sur GitHub↗

    OpenAuth is a standards-based authentication server and identity provider that implements OAuth 2.0 and OpenID Connect protocols. It serves as a centralized system for managing user identities, issuing access tokens, and orchestrating authentication flows across various services. The project functions as a federated identity gateway, aggregating external providers such as Google, GitHub, Microsoft, Apple, and Discord into a unified login flow. It distinguishes itself with a multi-tenant architecture that supports pluggable identity providers and customizable user interface frameworks for bran

    TypeScript
    Voir sur GitHub↗6,971
  • thephpleague/oauth2-serverAvatar de thephpleague

    thephpleague/oauth2-server

    6,650Voir sur GitHub↗

    This project is a PHP library for implementing a spec-compliant OAuth 2.0 authorization server. It serves as an authentication framework for managing user identities and client authorizations, providing the necessary components to issue and validate access and refresh tokens. The server supports a wide range of standardized authorization flows, including authorization code exchange, device grants, implicit flows, and PKCE enforcement. It handles complex token lifecycles through refresh token rotation, scope management, and the use of asymmetric keys for signing digital tokens. The system pro

    PHPoauthoauth2oauth2-server
    Voir sur GitHub↗6,650
Voir les 30 alternatives à Authlib→

Questions fréquentes

Que fait authlib/authlib ?

Authlib est une bibliothèque Python complète pour construire et intégrer des clients et serveurs OAuth 1.0, OAuth 2.0 et OpenID Connect. Elle fournit un ensemble unifié d'outils pour gérer les flux d'authentification et d'autorisation, permettant aux applications d'agir soit comme un client se connectant à des fournisseurs d'identité externes, soit comme un fournisseur émettant des jetons et gérant les identités des utilisateurs.

Quelles sont les fonctionnalités principales de authlib/authlib ?

Les fonctionnalités principales de authlib/authlib sont : JOSE Specifications, OAuth 2.0 Authorization Servers, OpenID Connect Support, Access and Refresh Token Issuances, JWT Format Tokens, OpenID Connect Token Validations, Metadata Validations, Token Lifecycle Management.

Quelles sont les alternatives open-source à authlib/authlib ?

Les alternatives open-source à authlib/authlib incluent : lepture/authlib — Authlib is a comprehensive Python framework for implementing OAuth 1.0, OAuth 2.0, and OpenID Connect clients and… doorkeeper-gem/doorkeeper — Doorkeeper is an OAuth 2 authorization server and provider for Ruby on Rails and Grape applications. It provides the… anomalyco/openauth — OpenAuth is a standards-based authentication server and identity provider that implements OAuth 2.0 and OpenID Connect… thephpleague/oauth2-server — This project is a PHP library for implementing a spec-compliant OAuth 2.0 authorization server. It serves as an… openiddict/openiddict-core — This project is a .NET identity stack and server framework used to build certified OpenID Connect and OAuth 2.0… jwtk/jjwt — This is a Java library and framework for creating, parsing, and validating JSON Web Tokens within Java and Android…