The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
BSD-3-CLAUSE License
Published by lepture about 5 years ago
Released on Sep 3, 2019.
Breaking Change: Authlib Grant system has been redesigned. If you
are creating OpenID Connect providers, please read the new documentation
for OpenID Connect.
Important Update: Django OAuth 2.0 server integration is ready now.
You can create OAuth 2.0 provider and OpenID Connect 1.0 with Django
framework.
RFC implementations and updates in this release:
AssertionClient
for the assertion frameworkIntrospectionToken
for introspection token endpointRefactor and bug fixes in this release:
RefreshTokenGrant.revoke_old_credential
methodauthlib.client
, no breaking changesOAuth2Request
, use explicit query and formrequests
to optional dependencyAsyncAssertionClient
for aiohttpDeprecate Changes: find how to solve the deprecate issues via https://git.io/fjPsV
Code Changes: https://github.com/lepture/authlib/compare/v0.11...v0.12
Published by lepture over 5 years ago
BIG NEWS: Authlib has changed its open source license from AGPL to BSD.
Important Changes: Authlib specs module has been split into jose
, oauth1
, oauth2
, and oidc
. Find how to solve the deprecate issues via https://git.io/fjvpt.
RFC implementations and updates in this release:
Small changes and bug fixes in this release:
Experiment Features: There is an experiment aiohttp
client for OAuth1 and OAuth2 in authlib.client.aiohttp
.
Code Changes: https://github.com/lepture/authlib/compare/v0.10...v0.11
Published by lepture about 6 years ago
The most important change in this version is grant extension system. When registering a grant, developers can pass extensions to the grant:
authorization_server.register_grant(GrantClass, [extension])
Find Flask Grant Extensions implementation.
RFC implementations and updates in this release:
Besides that, there are other improvements:
save_authorize_state
method on Flask and Django clientfetch_token
to Django OAuth client@require_oauth
Multiple Scopes
Deprecate Changes: find how to solve the deprecate issues via https://git.io/fAmW1
Code Changes: https://github.com/lepture/authlib/compare/v0.9...v0.10
Published by lepture about 6 years ago
There is no big break changes in this version. The very great improvement is
adding JWE support. But the JWA parts of JWE are not finished yet, use with
caution.
RFC implementations in this release:
Other Changes:
authlib.client.apps
from v0.7 has been dropped.Documentation: https://docs.authlib.org/en/v0.9/
Code Changes: https://github.com/lepture/authlib/compare/v0.8...v0.9
Published by lepture over 6 years ago
Authlib has tried to introduce Django OAuth server implementation in this
version. It turns out that it is not that easy. In this version, only Django
OAuth 1.0 server is provided.
As always, there are also RFC features added in this release, here is what's
in version 0.8:
response_mode=form_post
support for OpenID Connect.Improvement in this release:
AuthlibBaseError
.authlib.flask.oauth2.sqla
via issue#57.require_oauth.acquire
with statement, get example on Flask OAuth 2.0 Server.Deprecate Changes: find how to solve the deprecate issues via https://git.io/vhL75
Code Changes: https://github.com/lepture/authlib/compare/v0.7...v0.8
Published by lepture over 6 years ago
Authlib has changed its license from LGPL to AGPL. This is not a huge release like v0.6, but it still contains some deprecate changes, the good news is they are compatible, they won’t break your project. Authlib can’t go further without these deprecate changes.
As always, Authlib is adding specification implementations. Here is what’s new in version 0.7:
AssertionSession
, only works with RFC7523.JWTBearerGrant
, read the guide in JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants.Besides that, there are more changes:
overwrite
parameter for framework integrations clients.response_mode=query
for OpenID Connect implicit and hybrid flow.Deprecate Changes: find how to solve the deprecate issues via https://git.io/vpCH5
Code Changes: https://github.com/lepture/authlib/compare/v0.6...v0.7
Published by lepture over 6 years ago
From alpha to beta. This is a huge release with lots of deprecating changes and some breaking changes. And finally, OpenID Connect server is supported by now, because Authlib has added these specifications:
The specifications are not completed yet, but they are ready to use. The missing RFC7516 (JWE) is going to be implemented in next version. Open ID Connect 1.0 is added with:
Besides that, there are more changes:
token_endpoint_auth_method
concept defined in RFC7591.Breaking Changes:
authlib.flask.oauth2.sqla
has been changed a lot. If you are using it, you need to upgrade your database.register_token_validator
on ResourceProtector.authlib.client.oauth1.OAuth1
has been renamed to authlib.client.oauth1.OAuth1Auth
.Deprecate Changes: find how to solve the deprecate issues via https://git.io/vAAUK
Code Changes: https://github.com/lepture/authlib/compare/v0.5.1...v0.6
Published by lepture over 6 years ago
Just a quick bug fix release.
OAuth2Session.request
with auth.Published by lepture over 6 years ago
This version breaks a lot of things. There are many redesigns in order to get a better stable API. It is still in Alpha stage, with these breaking changes, I hope Authlib will go into Beta in the next version.
register_error_uri()
and its Flask integration.OAuth2Session
supports more grant types.AuthorizationCodeGrant.create_authorization_code
, last parameter is changed to anOAuth2Request
instance.callback_uri
to redirect_uri
in client.Published by lepture over 6 years ago
This is a quick bug fix version.
Published by lepture over 6 years ago
This version is released when people are enjoying the super blue blood moon. That's why this version is called Tsukino. The full name would be Tsukino Usagi.
This is a feature releasing for OAuth 1 server. Things are not settled yet, there will still be breaking changes in the future. Some of the breaking changes are compatible with deprecated messages, a few are not. I’ll keep the deprecated message for 2 versions. Here is the main features:
In version 0.4, there is also several bug fixes. Thanks for the early contributors.
Published by lepture almost 7 years ago
This is a feature releasing for OAuth 2 server. Since this is the first release of the server implementation, you would expect that there are bugs, security vulnerabilities, and uncertainties. Try it bravely.
Published by lepture almost 7 years ago
This is a bugfix version for Akemi. Sorry for the typo.
fetch_access_token()
which caused issue #5.Published by lepture almost 7 years ago
This is an Alpha version for previewing. You can expect there are many features missing, however the client part works well enough.
Published by lepture almost 7 years ago
This is a Beta version for Clients. You would expect that the clients works well enough for daily use.
OAuthClient
is refactored to be the base class for Flask and Django.authlib.client.django.OAuth
and authlib.client.django.RemoteApp
.authlib.client.flask.OAuth
and authlib.client.flask.RemoteApp
.