./security/py-authlib, Ultimate Python library in building OAuth and OpenID Connect servers

[ Image CVSweb ] [ Image Homepage ] [ Image RSS ] [ Image Required by ] [ Image Add to tracker ]

Branch: CURRENT, Version: 1.6.7, Package name: py313-authlib-1.6.7, Maintainer: pkgsrc-users

OAuth often seems complicated and difficult-to-implement. There are several
prominent libraries for handling OAuth requests, but they all suffer from one
or both of the following:

* They predate the OAuth 1.0 spec, AKA RFC 5849.
* They predate the OAuth 2.0 spec, AKA RFC 6749.
* They assume the usage of a specific HTTP request library.

OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
client support onto your favorite HTTP library, or provider support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.


Required to run:
[devel/py-setuptools] [security/py-cryptography] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 161.084 KB

Version history: (Expand)

CVS history: (Expand)


   2026-02-07 08:58:08 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.7

1.6.7
Set supported algorithms for the default jwt instance.
   2025-12-12 13:08:17 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.6

1.6.6

get_jwt_config takes a client parameter.
Fix incorrect signature when Content-Type is x-www-form-urlencoded for OAuth 1.0 \ 
Client.
Use expires_in in OAuth2Token when expires_at is unparsable.
Always track state in session for OAuth client integrations.
   2025-10-03 07:43:47 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.5

1.6.5
Unknown changes
   2025-09-22 12:47:35 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.4

1.6.4

fix(jose): prevent public/unprotected header overwriting protected header
Fix InsecureTransportError raising
Add conventional-commits pre-commit hook
Fix response_mode=form_post with Starlette client
Specify README.md as project long description
Migrate tests to pytest paradigm
jose/jws: Reject unprotected ‘crit’ and enforce type; add tests
Use explicit *.test urls in unit tests
   2025-08-26 20:56:16 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.3

1.6.3

Add diff-cover check in GHA
Run GHA unit tests with uv
Move from pre-commit to prek
Sign OIDC id_token according to id_token_signed_response_alg client metadata
   2025-08-25 10:20:44 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.2

1.6.2
Allow insecure transport for 127.0.0.1 for debugging
Raise a MissingCodeError when code parameter is missing
Temporarily restore OAuth2Request body parameter
Raise MissingCodeException when code parameter is missing
Fix id_token generation with EdDSA alg
   2025-07-27 12:16:53 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-authlib: updated to 1.6.1

1.6.1
Filter key set with additional "alg" and "use" parameters.
   2025-05-26 11:37:19 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-authlib: updated to 1.6.0

1.6.0

Fix issue when RFC9207 is enabled and the authorization endpoint response is not \ 
a redirection.
Fix missing state parameter in authorization error responses.
Support for acr and amr claims in id_token.
Support for the none JWS algorithm.
Fix response_types strict order during dynamic client registration.
Implement RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured \ 
Authorization Request (JAR).
OIDC UserInfo endpoint support.